Many of the recent embarrassing losses of data from US computer systems are due to poor monitoring and computer security and a lack of awareness of the sheer scale of the network, according to experts.
Failings that have allowed the copying of an entire archive in the recent Wikileaks case and forays by groups as sinister and highly motivated as the Chinese and as naïve as Gary McKinnon.
Weaknesses that are potentially disastrous, as recent events have revealed
“One of the things that people really don’t realise about this is the amount of material that whoever was responsible for this was able to gather, is that this a mark of the evolution of the internet,” said Neil Barrett, Visiting Professor, at the Royal Military College of Science’s Centre for Forensic Computing.
“Such data losses are a phenomenon of the last decade or so and Government’s have to get to grips with that. The data espionage now being suffered by Governments and incidents like this prove that understanding of the issue is poor.
“Not only is data now accumulated in particular places, to be of any use it has to be searchable and that means it has to be accessible, tellingly it is also incredibly portable,” said Professor Barrett, author of ‘the State of the Cybernation’.
Much of the weaknesses of the US Government systems are due to poor planning and control.
Sources with a current working familiarity of the US State Department told us of a culture that bought from the cheapest seller and that ran an outdated system on old software that is “wide open to exploitation. The systems are not the best set-up because there is not a lot of money.”
According to Bob Ayers who, when in charge of the US Defense Intelligence Systems Agency in 1995, conducted an exercise on 18,000 US Government computers and managed to penetrate 88% of them because they were badly configured or had not been patched at the time, the US Government did not then employ professional computer security staff.
Hackers and computer security investigators interviewed by Fi stated that US military systems often had their security settings at default – so in some cases the administrator settings for an entire network would therefore be admin and password.
While according to Ayers, though no amount of security can protect you from an internal attacker like Bradley Manning – the US military private and former intelligence analyst, who is accused of leaking the 250,000 cables to Julian Assange’s Wikileaks website – the fact that his activities were not picked up, points to the same basic lack of security that has allowed the Chinese to loot US systems for intellectual property.
Ironically, a fact, confirmed by a Chinese contact in the Wikileaks.
“The intelligence community in the US is vast so it has to have access to databases like this. “Though there is no safeguard to prevent an insider threat, there should have been a system in place to identify someone who was copying large amounts of data and send out an alert,” said Ayers, who dismissed comments from another source who said that such a system had been rejected on the grounds of cost around two and a half years ago.
“To put in place an internal network system would have been a relatively trivial cost in terms of the cost of these databases, there is always money available.”
According to Barrett the warnings have been around for a long time, he pointed to another celebrated scandal involving politics and technology as far back as October 1988, when the then Belgian Prime Minister Wilfried Martens, began legal action against a hacker nick-named Wepuntem who had accessed his computer.
Unlike Manning, the Belgian hacker only managed to obtain a fraction of the information released by the Guardian and other international papers.
Even so, the data was considered explosive enough, including top secret memos on the IRA killing of a British sergeant-major is Ostend in August of that year, the detailed agendas of recent Belgian Cabinet meetings and messages sent to Martens when he was on holiday in the South of France.
In an incident with some parallels with the Wikileaks affair, the Belgian hacker showed how easy it was to penetrate the Belgian Bistel computer system which had cost £15m in 1988 and then turned over the information he had obtained to a Belgian newspaper.
In what is now being simply called, ‘the US Embassy Cables’, the incident is demonstrating just how easy it is in the modern era to leave a building with the equivalent of a library full of paper in your pocket – a gigabyte represents a pile of A4 sized documents that if all placed on top of each other would be roughly as tall as the landmark London Docklands skyscraper Canary Wharf.
Still not as much information as Manning is accused of copying as the Guardian relates:
“An innocuous-looking memory stick, no longer than a couple of fingernails, came into the hands of a Guardian reporter earlier this year. The device is so small it will hang easily on a keyring. But its contents will send shockwaves through the world’s chancelleries and deliver what one official described as “an epic blow” to US diplomacy.
“The 1.6 gigabytes of text files on the memory stick ran to millions of words: the contents of more than 250,000 leaked state department cables, sent from, or to, US embassies around the world.”
Cables that are available to some 3m US personnel via the Siprnet system, which means that state department memos normally written by ambassadors can be read by people as lowly as Manning and as high up as a Secretary of State, such as Hilary Clinton.
According to the published chatlog of a conversation Manning had with a fellow-hacker, copying the data that ended up on the thumb drive was child’s play.
“I would come in with music on a CD-RW labelled with something like ‘Lady Gaga’ … erase the music … then write a compressed split file. No one suspected a thing … [I] listened and lip-synched to Lady Gaga’s Telephone while exfiltrating possibly the largest data spillage in American history,” adding that he “had unprecedented access to classified networks 14 hours a day 7 days a week for 8+ months”.
Security weaknesses that are now commonplace in computer systems, according to Richard Hollis, managing director of the computer security company Orthus, which specialises in investigations in the City of London.
“This is now a significant issue because of the range of devices that are available to people from thumb drives, CDs and mobile phones. The attack now takes seconds though and the storage capability of these sticks has increased significantly. The most common attack is “copy:C/”, it’s that simple.”
Attacks that have been going on for years. The US is not alone in suffering data breaches of the Manning kind.
Well over a decade ago a temporary bank IT employee with intelligence knowledge confided to Future Intelligence how they had copied a list of UK intelligence agents.
Knowing that a particular branch of UK intelligence used the bank he was working in for its financial services the temporary employee searched for a specific term through the bank’s computer system and then cut and pasted the results onto a removable storage device.
An action that captured the names of an entire UK intelligence section, these were then shown to Fi, including as proof where some – of the individuals, who ranged from academics to civil servants – were now working.
Manning’s confidante, was a hacker called Adrian Lamo, who subsequently denounced him to the authorities: “Hillary Clinton and several thousand diplomats around the world are going to have a heart attack when they wake up one morning and find an entire repository of classified foreign policy is available, in searchable format, to the public … Everywhere there’s a US post, there’s a diplomatic scandal that will be revealed. Worldwide anarchy in CSV format … It’s beautiful, and horrifying,” said Manning, who believed: “information should be free. It belongs in the public domain.”
Wepuntem, claimed similar high minded motives for his activities claiming that he hoped his revelations would result in better security from the Belgian Government.
An outcome that will certainly now occur in the US as a result of Manning’s activities.