Data Leakage Going Gaga

Monday, July 12, 2010

Ron Baklarz

Data Leakage, or in this case more like a Data Deluge, occurred when a 22 year old soldier in Iraq, Pfc. Bradley E. Manning, allegedly downloaded more than 150,000 diplomatic cables, as well as secret videos and a PowerPoint presentation onto CD ROM discs disguised as a Lady Gaga CD.

While the use of external memory devices like thumb drives are prohibited in DOD computers, the use of CD-ROM discs are not prohibited.  

To avoid detection, the soldier lip-synched Lady Gaga songs while he was copying thousands of files over a six month period.   Then he would pack up the data CD disc in a Lady Gaga CD jacket and simply walk out the door.

"The charges say he also loaded unauthorized software onto a computer linked to the military's classified computer network, called the SIPR-Net. The charges do not explain the significance of that action, nor how it might have aided his alleged effort to download classified files."

Mmmm.  I'll bet that if he did not have local administrator rights on his classified, SIPR-Net-connected PC, he would not have been able to install "unauthorized" software onto his computer in the first place.  

Could the unauthorized software have been CD burning software that allowed him to copy the files from his computer and burn them onto the CD discs?

"At a Pentagon news conference on Thursday, Defense Secretary Robert M. Gates and Adm. Mike Mullen, the chairman of the Joint Chiefs of Staff, said they would reserve judgment on whether to order a sweeping review of security measures until it was determined whether the actions of which Private Manning is accused represent a broader problem.

Yikes!  I recommend that a sweeping review of security measures be conducted immediately, if not sooner!  This is wrong on so many levels - lax need-to-know access restrictions to information, inappropriate user rights, etc.

Believe me Department of Defense, you have a broader problem.

Possibly Related Articles:
Data Leakage Defense
Post Rating I Like this!
Derrick Buxton You seem to be assuming some important points. The article does not state what the soldier's mos was, so we should logicly assume that he was authorized to access the Intel center. In addition, we can hope, that he was authorized to use the SIPRNet computer. Now there could be issues on how he accessed certain information, however, assuming that he was not logged in under his own account, that comes down to poor user training, whoever was logged in likely kept documents on their desktop. If he was logged in under his own account, then he would have only had access to certain files, but he would have had free reign with those files. So then it becomes a lack of oversight. Changes are needed, in many areas, but to suggest there are massive loopholes where there aren't, is inappropriate.
Ron Baklarz Thanks Derrick - from what I can glean from this and other articles, the soldier appears to have logged in under his own account and had access to classified information that he did not have a need-to-know. I can say with some certainty that if he downloaded unauthorized software and installed it on his PC, he had, at a minimum, local administrator rights on his PC to do so. Remember, this guy leaked a classified video to and is how he ultimately got caught.

The article states that he “intentionally exceed his authorized access on” the SIPR-Net and we do not yet know how he did that (another loophole?).

Whether the loophole(s) was/were small or massive is sort of irrelevant since the resulting damage was as significant as it was.
Derrick Buxton edit: I do see the accusation regarding access of information outside of his duties, but I would reserve judgment until that is confirmed or not.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.