Could WikiLeaks Get Your Secrets?
In the spring of 2010, U.S. Army Pfc. Bradley Manning, serving with the 10th Mountain Division in Iraq, hacked into U.S. Government computers and allegedly downloaded almost 750,000 military and diplomatic documents.
All of them were confidential—and many classified in various categories of “eyes only” and “secret”—that would not only prove embarrassing to American and foreign diplomats, but also could put at risk the lives of American and indigenous operatives in war zones and sensitive posts around the world.
Pfc. Manning allegedly handed over this massive trove of internal state secrets to a shadowy, gaunt 6-foot-2 Australian agitator—Julian Assange, proprietor of the notorious information sieve, WikiLeaks.com.
When Assange and his cohorts at WikiLeaks began releasing this sensational material to the media, they professed indignation and outrage at the theft. Whereupon newspapers and 200 websites published the stuff (in the interests of “transparency”), gleefully dumping a bucket of gore all over the diplomatic and military people and organizations of countries all around the globe.
Julian Assange is now in a desperate struggle with British authorities to avoid extradition to Sweden where he faces rape charges. A Swedish jail is not a pleasant prospect. However, his real fear is that Sweden will turn him over to U.S. authorities.
For the past seven months, Pfc. Manning has been held in a Marine brig in Quantico, Va., where is kept in solitary confinement for 23 hours a day with little exercise, no possessions and very limited contact with the outside world.
With 22 new counts against Pfc. Manning reported last week, the federal government threw down the gauntlet:
ADDITIONAL CHARGE I: VIOLATION OF THE UCMJ. ARTICLE 104.
THE SPECIFICATION: In that Private First Bradley E. Manning, U.S. Army, did, at or near Contingency Operating Station Hammer, Iraq, between on or about 1 November 2009 and on or about 27 May 2010, without proper authority, knowingly give intelligence to the enemy, through indirect means.
Giving intelligence to the enemy is capital offence.
Is a very bruised and angered U.S. government setting the stage for trials that would put Pfc. Bradley Manning and Julian Assange in front of firing squads?
In terms of our lives and careers, this grand theft and leak of sensitive information has huge ramifications for everyone in the private sector—hiring practices, safeguarding of company secrets and who has access to them.
How hack-proof is your confidential data?
Who has access to the most sensitive data in your organization?
Who hired those people and what might be their personal agendas?
Remember, once something is out on the Internet, it’s there for your lifetime and beyond.
The Dissemination of Information 60 Years Ago
I entered the adult workplace in 1951 at age 15 as an apprentice to the publicity director of a summer theater in Connecticut. At the end of the season, an extra play was added to the schedule—Elmer Rice’s Dream Girl starring Judy Holiday, who had won the Academy Award that year for Born Yesterday. This was a big deal.
My boss was burned out after the long hot summer and wanted to do some serious drinking. She assigned me to write the Dream Girl announcement for the local papers.
I wrote a three-page, double-space press release on an old Remington manual office typewriter. My boss made a couple of changes and said to go with it.
I hand-typed it on the waxy film of purple stencils, affixed them to the black inky drum of an old mimeograph machine, loaded paper and cranked out 20 copies by hand.
The next step: collating, stapling and folding the three pages, and inserting them into the envelopes, on which I had earlier typed the addresses. After licking the envelope flaps and licking and affixing the 3¢ first class stamps, I took my handiwork to the post office and shoved it through the mail slot.
Mirabile dictu, The Middletown Press and several others papers ran it verbatim! It was the first time I had seen anything I had written in print. Neither my boss nor my parents nor I could believe it! It resulted in a solid week of sold out attendance. It was then that I decided to be a writer.
In 1951, this was how you got the word out. The business world ran on paper, which was either discarded or stored in endless file drawers until it was time to trash it (or send it to a warehouse) in order to make room for more paper.
In offices all over the world, workers had their own file drawers in their desks for papers. In the executive suites confidential files were kept in locked file cabinets behind locked doors.
Swiping 750,000 documents would have been impossible 60 years ago, where copying was achieved in one of three ways:
1. Carbon Paper: You would take a piece of stationary and behind it place a piece of carbon paper and behind that a piece of thin, onion skin-like copy paper. I think it was possible to make up to five or six copies. You would insert the whole caboodle into a manual typewriter and beat the keys hard, hoping to hell you didn’t make a typing error.
2. Camera: In World War II movies, you can see white-gloved spies sneaking into homes and offices, setting up a camera on a tiny tripod and snapping pictures of letters, reports and documents. The results could be reproduced as individual prints, microfiche/microfilm or reduced down to the size of comma and sent undetected on an innocuous letter.
3. Thermofax: You would lay a piece of thin, brownish, heat-sensitive paper atop the document you wanted to copy and run it s-l-o-w-l-y through a toaster that would produce a readable version. Leave the copy in sunlight for any length of time, and the text would fade to nothing.
Sixty years ago, stealing 750,000 documents would require a major break-in with a crew of grunts and at least one moving van.
In the digital age, to steal the equivalent of 750,000 original documents, carbon copies, cables, Thermofaxes and photographs, Pfc. Bradley Manning needed only a computer, Internet access and some time to download the material at the speed of light. And he did it from Iraq.
So how do you avoid wholesale looting of your secrets?
As readers know, I scour the media daily for stories to add to my giant archive. Here are three recent ones:
• Executives at Renault Suspended in Secrecy Breach
PARIS — The French government said on Thursday that it would seek to bolster industrial secrecy rules after the automaker Renault suspended three executives, including a member of its management committee, who are suspected of compromising the electric car technology on which the company is betting its future.
—Matthew Saltmarsh and David Jolly, The New York Times, Jan. 6, 2011
• Rajat Gupta and Wall Street's Biggest Insider Trading Scandal Ever
Rajat Gupta was trusted by some of the world’s top companies. But the SEC says he shared insider secrets so a hedge fund could make millions improperly in the market.
—Allan Dodds Frank, The Daily Beast, Mar. 2, 2011
• Chiesi Pleads Guilty in Galleon Insider Case
In August 2008, Danielle Chiesi, an executive at a New York hedge fund, was swapping confidential information with an associate about a pending reorganization of Advanced Micro Devices, a publicly traded semiconductor company.
“I swear to you in front of God,” she said. “You put me in jail if you talk. … I’m dead if this leaks. I really am … and my career is over.”
Ms. Chiesi’s remarks, which were being recorded by the government, proved prescient.
On Wednesday, standing before a federal judge in Manhattan, Ms. Chiesi pleaded guilty to three counts of participating in an insider-trading conspiracy.
—Peter Lattman, The New York Times “Dealbook,” 19 January 2011
“I would never do anything like this,” you avow.
But what about the people who work for—or with—you?
What if a competitor offered a colleague $50,000 for your marketing plans or specifications of manufacturing details of your hottest new product?
Or maybe a Wall Street shark heard a merger or acquisition rumor about your company and could make a killing in the market if he could confirm it. Who among your colleagues might be willing—for a price—to spill the beans?
These are desperate times. People are overextended and owe money. For example, a person with a chronically ill spouse with a pre-existing condition may be looking at crushing medical bills from a previous job. Or a gambling addiction. Or child support.
What do you know about the people you work with—and their real agendas?
2. Safeguarding Data and Secrets
Many years ago I did a cover story for Target Marketing on the huge data and list company TRW—now Experian. I wasn’t sure what direction the piece was going to take. But once in the Allen, Texas facility, I became fascinated with how data was protected. It started with a room bigger than a football field filled with batteries that instantly activated if ever there were a loss of power. Whenever data entered the system, some employee became the “owner” and was responsible for it from log-in to its ultimate destruction.
It seems to me that these questions that must be asked:
1. Is your sensitive data protected in some kind of impenetrable digital vault including encryption?
2. Who has access to the material in that vault?
3. Have you hired a professional outside expert to try and hack the system?
4. Do you Google your employees and also check out what they are saying on Facebook and Twitter?
5. “According to a 2009 Proofpoint study of 220 leaders at American companies with over 1,000 employees, 38% employ staff to read or otherwise analyze the content of outgoing email, compared to 29% last year. Why the big increase in surveillance? 34% said their businesses had been affected by the exposure of sensitive or embarrassing information, up from 23% in 2008.” —Harvard Business Publishing's The Daily Stat
6. Does any sensitive data repose in employees’ home computers?
7. How about flash drives and laptops? My private archive is replete with horror stories of personal, business and government laptops that have been stolen or left in taxis or on airplanes. For example, here the lede from a Dan Eggen 2007 Washington Post story:
The FBI said that 160 laptop computers were lost or stolen in less than four years, including at least 10 that contained sensitive or classified information—one of which held "personal identifying information on FBI personnel," according to a report released yesterday.
8. Does your organization have any kind of directive regarding how sensitive data is to be handled? If not, why not?
Finally, Are You Safe in the Cloud?
The Mar. 3, 2011 issue of Bloomberg’s Business Week had a cover story touting the benefits of so-called Cloud Computing. According to the story, Amazon, Google and Microsoft are doing battle to win the hearts and minds of computer users to store and make available all their data in the “Cloud”—somewhere out there in dataville—so you don’t have to worry about storing your own stuff, back-up operations, dealing with endless updates, etc.
Here’s a story about a major Google catastrophe last week:
Gmail Reset Erases Messages? Users Report All Emails DELETED
Some Gmail users are reporting a major problem with Google's email service—specifically, that all of their emails, labels, themes, folders, and other personalized settings have all been erased.
Several Gmail help forums were filled with users who had experienced this problem. Users reported that they were able to receive new messages, but that none of their previous email exchanges were appearing. Contacts appear to have been preserved and the issue only seems to be affecting a subset of Gmail users ("less than .29 percent of the Google Mail userbase," according to Google).
—Bianca Bosker, The Huffington Post, Feb. 27, 2011
Having watched the Dot-Com Bust and seen monumental screw-ups on websites and storage, I would not go near the cloud with a pair of 20-foot tongs for two reasons:
1. If a Pfc. in Iraq can hack into the U.S. Government to the tune of 750,000 documents, couldn’t somebody smarter—and with more computing power—hack into the cloud?
2. OK, a company might save some money relying on the cloud. But remember what happened to some Gmail users last week and decide whether or not you trust one of the three behemoths not to inadvertently wipe out your entire business.