Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cybersecurity
    • Cybersecurity
    • IT Management
    • Networking

    WikiLeaks, Anonymous Force Change to Federal Government’s Security Approach

    Written by

    Fahmida Y. Rashid
    Published December 12, 2010
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      As cables continue to trickle out of WikiLeaks in the second week since the site began posting, it appears that WikiLeaks and the United States government have learned some hard lessons.

      “Previously with security breaches, the focus has been on the outside threat,” said Darren Hayes, Computer Information Services Program Chair at New York’s Pace University. Companies have been worried about other organizations trying to steal corporate secrets and the government has been protecting against foreign countries trying to breach U.S. security and defenses, Hayes said. There hasn’t been “enough mention of internal threats, in the past,” he said.

      The “WikiLeaks debacle” essentially boils down to an insider data breach, according to Hayes, as it involves a user with access leaking the data to someone else. Organizations – business and the federal government – are reviewing their policies to prevent similar breaches in the future.

      As for U.S. military analyst Army Private Bradley Manning, the one suspected of leaking the cables to WikiLeaks, “he simply had too much access to sensitive government information,” said Thom VanHorn, vice president of global marketing at Application Security. If employees “only have access to the information necessary to do their jobs” and access privileges are properly assigned, “sensitive information doesn’t get into the wrong hands,” VanHorn said.

      The U.S. Office of Management and Budget ordered each agency that handles classified information to perform a security review of its procedures.

      The U.S. Department of Defense will “rethink computer security procedures and change their policies in a revolutionary way,” said Hayes. At the moment, the changes are fairly straightforward: banning all removable devices on classified systems. The Defense Department said there will be other changes as well, such as a network monitoring solution that will identify anomalous network activity and changes in how data is transferred between classified and unclassified computers.

      For WikiLeaks, the question is no longer about whether it will get shut down soon, but about money. Instead of a single DNS provider, the site now has a round-robin setup of at least 14 DNS providers directing traffic to its domain name, of which it now has several.

      Despite losing the wikileaks.org domain name, Web hosting, ongoing denial-of-service attacks and getting blacklisted by some countries in the first week, the site remains up, bolstered by nearly a thousand mirror sites around the world keeping the content online.

      “The harder you hit them, the bigger they get,” said James Cowie, a security researcher with Renesys.

      But PayPal, MasterCard and Visa have all suspended accounts, and Switzerland’s PostFinance suspended one of the bank accounts set up for founder Julian Assange’s legal bills. Even if donations don’t come in, the bills are going to mount, and the site needs a legal fund for when the United States lawyers come knocking. U.S. Attorney General Eric Holder has made no secret of his desire to prosecute Assange.

      “To the extent that we can find anybody who was involved in the breaking of American law, who put at risk the assets and the people I have described, they will be held responsible; they will be held accountable,” Holder said at a news conference.

      The controversy around Assange appears to be too much for some WikiLeaks staffers, as they resigned to launch a rival whistle-blower site OpenLeaks.

      Even though PayPal released all the funds to the foundation that was raising funds for the site, PayPal said the accounts will remain inaccessible. The donations are right now limited to going through Flattr, a Web-based donation system run by a British-Swedish firm. “We will never stop this as long as WikiLeaks’ operations are legal,” said Leif Hogberg, a system developer and co-owner of the small firm, to AFP. He noted that WikiLeaks is not yet illegal in Great Britain or Sweden.

      Censorship Charges Denied

      As the lawyers work out how to prosecute Assange, some government officials are denying charges of censorship or pressuring companies to sever ties with Assange’s operation.

      “We have not pressured anybody to do anything,” Holder said at a news conference in San Francisco when asked if the government had tried to influence companies.

      Shortly after a statement by PayPal’s vice president of platform, Osama Bedier, that the “State Department told us these were illegal activities,” at Paris’ LeWeb conference, both PayPal’s general counsel and the State Department denied the conversation ever took place. Bedier was referencing a letter sent by the State Department to WikiLeaks, not PayPal, according to TechCrunch.

      As for WikiLeaks supporters, there are some lessons learned there as well. An Internet gathering, commonly referred to as “Anonymous,” has launched a series of distributed denial-of-service attacks against WikiLeaks enemies, such as PayPal, PostFinance, Visa, MasterCard and the Swedish Prosecution Authority. Called Operation Payback, Anonymous posted target sites and instructions on how to participate in the DDOS (distributed denial of service) attacks on Twitter. Unlike usual botnets controlling computers belonging to innocent users, there are “no victimized machines” in Operation Payback as “the participants knowingly engage” in the DDOS attack, said Noa Bar Yossef, a senior security strategist at Imperva.

      While the group trumpeted victories about knocking PayPal, Visa and MasterCard offline, the fact remains that they were “brochure sites,” said Jason Hoffman, co-founder and chief scientist at public cloud provider Joyent. The DDOS attacks didn’t disrupt actual payment services but the corporate sites, he said. A “vigilante DDOS attack” of several hundreds of machines can’t do a lot of damage to core services – a “botnet of millions of machines” would be needed, he said.

      Even Anonymous appeared to understand its limitations, posting, “We can not attack Amazon, currently. The previous schedule was to do so, but we don’t have enough forces,” on Twitter.

      Within the Anonymous IRC chat rooms, there was a lot of discussion about whom to target next, but also about halting DOS attacks and focusing on publicizing the contents of the leaked cables. Some participants in the chat rooms seemed aware they were losing the propaganda war and were being painted as criminals out to steal credit card information.

      In a press release, Anonymous said, “Our current goal is to raise awareness about WikiLeaks,” and called itself “Internet Citizens” who are “fed up with minor and major injustices.”

      Fahmida Y. Rashid
      Fahmida Y. Rashid

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.