One place CSOs won't want to see their company's name

    March 27, 2008
    Website seeks to aid citizens in leaking information on unethical corporate behaviors
    Wikileaks.org seeks to give whistleblowers a chance to air the 'dirty laundry' of corporations and governments. It's a site that should be on the radar for any companys CSO or risk manager.
    Wikileaks.org seeks to give whistleblowers a chance to air the "dirty laundry" of corporations and governments. It's a site that should be on the radar for any companys CSO or risk manager.

    March 27, 2008 -- Mark this as one place you probably don't want to see your company appear: Wikileaks.org.

    The site, in true wiki fashion (Wiki typically refers to user-generated and user-editable content pages running on an open-source platform, and used at common sites like Wikipedia.com), allows web users from around the world to upload leak information that exposes "unethical behavior in their governments and corporations." According to some reports, there are more than 1.2 million documents posted to Wikileaks, sent in by users from all parts of the world.

    The site was taken down in February after a California judge ordered the website's DNS records removed (DNS records are what points a site's numerical web address to the "name" version of the site). However, the site reappeared shortly after, hosted this time in Sweden where it was outside of the California judge's order.

    The initial request came from a Swiss Bank which had found customer account information posted on the site (the site claimed that the documents exposed money laundering by the bank's Cayman Islands location). Another judge later deemed that the site's actions were protected by free speech, and as of about two weeks ago, the bank which filed the initial motion, Julius Baer & Company LTD, had dropped its suit.

    Perhaps emboldened by its recent First Amendment protection, the site has continued to be the repository for newly leaked information. Among some of the supposedly legitimate documents that SecurityInfoWatch.com found on the Wikileaks website were details on intrusion detection systems and anti-terror programs. Listed are a number of the shocking documents related to corporate and national security that could be found easily from the site's main navigation pages:

    - A PDF document specifying how physical alarm intrusion detection systems would be used at the U.S. Army's Secure Compartmented Information Facilities
    - Description of the U.S. Marine Corps Anti-Terrorism/Force Protection (AT/FP) program
    - A shareholder proposal from a 2008 meeting for ConocoPhillips
    - Standard operating procedure documents for some U.S. military camps
    - Confidential document spelling out JPMorgan's policy on "Hedging and Monetization" for insiders selling stocks
    - A document diagramming the world's first atomic bomb

    While most of the information on the site isn't particularly damning or even juicy, the site does appear to have information flowing in from a number of confidential locations. However, the main problem with a site like Wikileaks is whether anyone believes that if the anonymously loaded documents and leaks are even remotely accurate. Notably, though, in most news reports following leaks on Wikileaks, the media often has not raised the basic question of whether the information on Wikileaks is accurate.

    Of course, the doubts of accuracy for a site like Wikileaks will not be great comfort for those in security positions trying to minimize their organization's risk. Just because there may be little provable credibility to so-called "leaks" posted on the site doesn't mean people won't believe what they read there.