How Secret are these Secrets on WikiLeaks ?

The WikiLeaks release of 250,000 documents is, of course, big news -  it’s the largest number of published leaked secret documents ever.

There is much excitement about the content, understandably so. The US Administration is less excisted and is apparently concerned about the leaks with the following statements being made:

  • “Such disclosures puts at risk our diplomats, intelligence professionals, and people around the world who come to the United States for assistance in promoting democracy and open government”
  • “President Obama supports responsible, accountable, and open government at home and around the world, but this reckless and dangerous action runs counter to that goal.”
  • “place at risk the lives of countless innocent individuals
  • “place at risk on-going military operations,”
  • “place at risk on-going cooperation between countries.”

So, the US administration and  US Intelligence seem to be pretty concerned about the “risk”.

Clearly, such damaging material would be kept under incredibly tight security? They would probably take the following actions to minimize risk:

  • Partition the information – so only certain people could access certain information
    • For example, there is no need for all the Brazil analysts to access information on Italy.
  • Remove any network connections
    • For obvious reasons
  • Limit physical access
    • High security rooms, CCTV, armed guards, those fancy double key entry rooms you see in movies, etc, etc
  • ZERO ability to copy data.
    • Systems to prevent photography, printing, etc (obviously USB devices would be blocked

Errr, will no.

Those statements are probably true for critical intelligence, but these cables are NOT even Top Secret. They were just “Secret”, which is pretty low in the world of intelligence, in fact Top Secret is when intelligence circles really start to operate and there several levels above Top Secret.

The data that was stolen was copied from a centralized system, which around 3 million US military and US government workers had access to; from very junior levels upwards.

Much of the data was, according to the Guardian who are involved in leaking the material with WikiLeaks, copied to a CD! I.e – it was nothing more than a drag and drop exercise.

Hardly, high-tech and hardly highly protected data.

There is a staggering lack of security around these secret files. Probably because they contain opinions rather than hard intelligence, source names or signal frequencies.

Given the numerous cases of spying and espionage (see a small sample below, more available here)  its  likely  these cables would already have been seen by other intelligence agencies.

Examples of Spying

It highly unlikely that all cases of spying are discovered and made public.

Given the alleged “risks” this data poses, with “countless lives at risk”  there was little security around the actual data. In fact it sounds like its harder to get onto a plane with a 500 ml bottle of water than get hold of the “secret” cables.

The 250,000 leaked cables maybe the biggest leak ever published, but it’s probably not the biggest leak ever.

Data Theft – T-Mobile 1st Conviction

A former T-Mobile employee has admitted his role in the illegal sale of massive volumes of customer data to marketers.

David Turley, of Birmingham, 39, pleaded guilty to 18 charges under section 55 of the Data Protection Act at Chester Crown Court Un July 2010. A second former T-Mobile employee, Darren Hames, of Staffordshire, 38, will enter his pleas in relation to his alleged role in the theft on 23 November 2010

The illegal sale of millions of subscriber records was revealed by the Information Commissioner Christopher Graham last November, as part of a campaign for tougher sentences for data thieves.

The T-Mobile data was used to cold call and poach subscribers who were coming to the end of their contracts.

The Register

Data Theft – T Mobile (Nov 2009)

Personal details of thousands of mobile phone customers have been stolen and sold to rival firms in the biggest data breach of its kind, the government’s privacy watchdog said today.

An employee of phone operator T-Mobile sold the customer records, including details of when contracts expired. The millions of items of information were sold on for “substantial sums”, the Information Commissioner’s Office (ICO) said. Rival networks and mobile phone retailers then tried to lure away T-Mobile customers by “cold calling”.

Guardian

BBC

Data Theft – T-Mobile 2nd Conviction

Darren Hames aged 38, from Staffordshire, who used to work for T-Mobile UK pleaded guilty at Warrington Crown Court to having sold confidential customer information from the telecom operator to third parties.

Darren Hames was found guilty under Section 55 of the Data Protection Act. Sentancing will not occur until the New Year (2011). The first man convicted in relation to this incident was David Turley, of Birmingham, 39,

The ICO statement on Hames


Data Theft: Payout

Following the theft of credit card details in 2008 from TJ Maxx, TJ Maxx has been forced to payout a $9.75 million fine in a settlement with dozens of states in the US.  The scale of this fine is huge, especialyl consdiering the data was not lost, but stolen, and people have been convicted for it.

“The decision to enter into this settlement reflects TJX’s desire to concentrate on its core business without distraction and to promote cybersecurity measures that will benefit all consumers,” the company said in a statement.

TJX said the settlement’s costs are accounted for in a 2007 reserve it created.

Follow

Get every new post delivered to your Inbox.

Join 29 other followers