The security week that was: 12/03/10 (Examining


Theft of classified information is part of your risk environment. Traditionally, you may have seen this from a corporate espionage perspective -- your documents ending up in the hands of competitors who use them to compete against your business strategy or perhaps steal designs of an upcoming product launch. Today, however, there is the added danger that your internal documents, especially ones that could be perceived as dirty laundry, could end up on the Internet and go viral. I'm talking about, of course.

With the recent release of thousands of State Department cables on WikiLeaks, and the promise to release documents that supposedly implicate a major U.S. bank in some manner of unethical behavior, WikiLeaks is THE security spotlight holder of the moment. It's not a comfortable spotlight. Founder Julian Assange is wanted for arrest on unrelated charges in Sweden (Slate Magazine has the inside story on what those charges actually are, and the charges are odd, to say the odd and NSFW that I'm not even reprinting them here). The company's web hosting company in the U.S.,, dropped WikiLeaks earlier this week, and a "hacktivist" took the site down briefly, but it's back up and running at "bunker-like" server host in Sweden. Some are even calling for Assange -- who is Australian -- to be tried in the U.S. for treason.

The story smacks of all the theatrics and twists of a Stieg Larsson novel, and it shows no signs of dying down anytime soon. In fact, it's been going on for years, and SIW even warned readers in 2008 about the security implications that WikiLeaks would have in the future. Once an idea like this is out in the world, it's just impossible to turn back the clock; we can't un-invent the atomic bomb. If the site is shut down, expect the data to appear on another site, and another, and another.

Let's try for a moment to assume the best about Julian Assange -- i.e., that he is genuinely interested in exposing only unethical, illegal and sordid facts. As an American citizen, I have respect for that. After all, I think every good citizen values the pursuit of truth and honest. We wouldn't fault the exposure of Nixon and Watergate, which was THE leak of the 1970s.

But the question I have to ask is whether it is safe to assume the best about Julian Assange. These cables from the U.S. State Department don't all identify illegal government operations. They certainly indicate that the inner workings of diplomacy and national security are about as pretty as watching sausages made, but that doesn't make these processes illegal.

And that is where I draw the line in my acceptance of Assange and If the site's only goal was to expose the illegal, the incriminating, and the underhanded, we as a nation would likely perceive Assange as a world hero. But by simply leaking private, confidential data that is not illegal, incriminating or underhanded, he avoids the hero status and rises to a status not far beyond gossip columnist.

Now back to the security issue at hand. I don't think I can sum up the security status of WikiLeaks better than did John Perry Barlow, a stimulating and provocative character who co-founded the Electronic Frontier Foundation and wrote songs for the Grateful Dead. Barlow wrote, or tweeted as the case may be: "The first serious infowar is now engaged. The field of battle is WikiLeaks. You are the troops."

Some of your employees will be your defending soldiers; some will be troops for WikiLeaks. Pay attention to who is which.

In other news
Guns on Amtrak, Houston installing CCTV system, Mexico's violence, NICE wants Verint?

Following a push by gun rights advocates and an order from Congress, Amtrak will begin allowing firearms in checked baggage later this month. ... In an effort to combat terrorism and crime, the city of Houston, Texas, has begun installing a 250 to 300 camera surveillance system at its downtown intersections. ... As Mexican authorities continue to crackdown on drug traffickers, SIW Assistant Editor Joel Griffin spoke with security experts to see what issues the drug violence has created for corporate security directors. ... According to a report, NICE systems may have interest in acquiring Verint.