WikiLeaks Documents Place Firms In Classified Jeopardy

Federal moratorium on reading WikiLeaks docs could cause trouble for network analysis and intrusion detection systems; here are the right, and wrong, ways to prevent insiders from putting your business at risk

Following WikiLeaks massive leak of diplomatic memos from the U.S. State Department, the Office of Management and Budget warned federal agencies earlier this month that access to classified documents, even leaked documents, violates U.S. policy and, likely, federal law.
The warning worried federal contractors, who stand to lose contracts if employees read any classified documents. As a result, security firms that focus on network-event analysis, content inspection, and data analysis saw a spike in requests to block the WikiLeaks documents, says Kurt Bertone, vice president of strategic alliances for Fidelis Security Systems.
We are getting a lot of calls from our existing customers, Bertone says. They are really afraid of consuming information made public by WikiLeaks.
In late November, WikiLeaks released nearly 250,000 confidential American diplomatic cables, exposing U.S. thoughts on the eventual collapse of North Korea, corruption in the Afghan government, and cyberattacks from China, among other topics.
The federal government told companies doing business with the United States -- as well as students hoping to one day work in the government -- that they should keep their eyeballs to themselves. Columbia Universitys School of International and Public Affairs, for example, warned students not to post comments about the documents on social networks.
Federal agencies collectively, and each federal employee and contractor individually, are obligated to protect classified information pursuant to all applicable laws, as well as to protect the integrity of government information technology systems, reads a memo to federal agencies from the Office of Management and Budget.
The same applies for employees of federal contractors. Firms must have systems in place to limit employees access to the documents, says Marc Maiffret, CTO for eEye Digital Security.
It is a good reminder of the need to be able to control content coming in and out of a business, Maiffret says. There are too many businesses which still manage their security in such an open way there is not much difference in what users can do at work versus on their own time at home. That is not good for business or security.
In many cases, however, network analysis and content inspection equipment can be just as big a danger, Fidelis Bertone says.
If you have a forensics system that records all information coming in before analyzing it, you could be polluting the system with classified data, he says. These agencies are really, really concerned about that -- so much so that some of them are turning off their forensics systems because of it.
Companies need to ensure their forensics systems and network monitoring systems are blocking classified documents before caching them, Bertone says. Only the metadata describing the document should be stored.
You can store metadata that describes the cable and not capture the content, Bertone says. We can analyze it and then decide what to store.
Content filtering solutions also can be configured to block out WikiLeaks documents and not be polluted by the content, eEyes Maiffret says.
There are ways to configure content filtering solutions where they can be blocking based on given keywords and types of data while not logging or storing the content that is being blocked, he says. This is a very standard option, and usually default setting, of most content filtering type of devices.
Have a comment on this story? Please click Discuss below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
WikiLeaks Documents Place Firms In Classified Jeopardy