The security week that was: 07/30/10 (Wikileaks)

Wikileaks more of a security threat than ever

More than two years ago, I stumbled across a website that was like a shot of espresso. It was called, and in March 2008, I wrote a column titled "One place CSOs won't want to see their company's name". As I noted in my original column, this site seemed to be serious business. At the time, it featured information on intrusion detection systems used by the U.S. Army, details on the Marine Corps anti-terror program, internal files from ConcoPhillips and JPMorgan, and even a diagram of the first atomic bomb.

Almost 2-1/2 years later, you can't watch the news or read a newspaper without hearing about Wikileaks and the military documents from Afghanistan that appeared there. The story, in case you've been under a rock or in meetings all week, is that an Army intelligence officer leaked tens of thousands of documents about the war in Afghanistan to Wikileaks, an online document hosting service specializing in confidential and secret information. According to the website, there are another 15,000 or so pages of the documents that they haven't published yet, and White House Press Secretary Robert Gibbs is begging them not to publish those additional documents.

I said it then in my 2008 column, and I'll say it again: If you are security director, and you haven't gone to, go there now. I'd recommend you coordinate a visit to the site with your CIO/CISO to talk about what can be done to 1) keep company info from appearing there, and 2) do damage control for any information that might already be there.

Don't count on Wikileaks just going away. They moved overseas to stay out of U.S. jurisdiction, and an internal U.S. intelligence memo on how to "destroy" Wikileaks actually appeared in the leaks (PDF download of memo), giving the website an early heads up about a U.S. plan to crush the site!

In other news
Walk-around detectors, Lockpicking gets competitive, Hacked ATMs

One businessman is trying to profiteer on the TSA's focus on full-body scanners, and he's not trying to do so by selling high-tech imaging equipment. Instead, he's preying on the public's fear and embarrassment of being seen naked by selling rubber "pasties". … If you're going to install metal detectors at your courthouse, make sure the public can't just sneak around the side of them to gain access (true story!). … It's Black Hat conference time and that means all sort of juicy security stories, and one of the juiciest was a man who demonstrated how to hack ATMs. … As if we needed more bad news and more threat vectors, consider that competitive lockpicking is gaining momentum as a recreational activity. Let's hope these skilled men and women use their skills only for competition or for legitimate locksmithing businesses, and not to open the doors you've just secured.