Crosswords5 mins ago
Coded information
The current Wikileaks farrago makes me wonder why so much sensitive information is written in plain text which could be read even by a ten year old. Why isn't more of this stuff kept by goverments in coded form? I understand that modern coded information is now almost impossible to break.
Answers
Best Answer
No best answer has yet been selected by Khandro. Once a best answer has been selected, it will be shown here.
For more on marking an answer as the "Best Answer", please visit our FAQ.I'm amazed that staff with access to such sensitive security related information are allowed to download any data onto CDs/pendrives. In my experience many organisations such as banks who hold customer data have deactivated all pendrive ports and CD drives in order to reduce the risk of viruses and more importantly to make it more difficult to extract confidential data.
Nothing ever changes apart from the fact that the methods become more sophisticated. Years ago, I government laboratory I was involved with had a backup drive "borrowed" overnight by a bent technician. The R&D data on the drive was worth millions, yet the technician gained around £2K from selling a copy of the drive to the highest bidder and a few years behind bars.
More recently, a high security government research facility I'm involved with had it's backup servers interrogated by a former employee now residing in a foreign country. Fortunately, the intrusion was detected within 40 seconds and the connection was terminated.
This week, Leeds University has reported intrusion attempts to a confidential drug research database used by authorised users throughout the world. These intrusion attempts have occurred around every 20 minutes for weeks and all originate from servers on the Chinese mainland.
I'm afraid that preventing access to USB ports and drives is no longer the answer. Determined hackers are far more sophisticated than that. A government security expert told me years ago that the best IT experts are not employed in the industry - they are out there earning their living by hacking.
More recently, a high security government research facility I'm involved with had it's backup servers interrogated by a former employee now residing in a foreign country. Fortunately, the intrusion was detected within 40 seconds and the connection was terminated.
This week, Leeds University has reported intrusion attempts to a confidential drug research database used by authorised users throughout the world. These intrusion attempts have occurred around every 20 minutes for weeks and all originate from servers on the Chinese mainland.
I'm afraid that preventing access to USB ports and drives is no longer the answer. Determined hackers are far more sophisticated than that. A government security expert told me years ago that the best IT experts are not employed in the industry - they are out there earning their living by hacking.
Part of the problem isn't over whether information is encrypted or not. It relates to the number of people with the highest-level of security clearance in the USA.
It would be easy to think that only the President, his Chiefs of Staff, other very senior military personnel, some very senior diplomats & civil servants and a few others might have such clearance. However there are actually around 854,000 Americans who've got top-level security clearance. So, if only 1 person in every eighty five thousand would be prepared to leak information, that still provides 10 sources of leaks.
Chris
It would be easy to think that only the President, his Chiefs of Staff, other very senior military personnel, some very senior diplomats & civil servants and a few others might have such clearance. However there are actually around 854,000 Americans who've got top-level security clearance. So, if only 1 person in every eighty five thousand would be prepared to leak information, that still provides 10 sources of leaks.
Chris
-- answer removed --
A relevant link:
http://projects.washi...owing-beyond-control/
http://projects.washi...owing-beyond-control/
-- answer removed --
The technology is there but getting people to see the need for it and coughing up is tough.
I work for a big computer security organisation. Our laptops are encrypted and we run what is called Data Loss Protection which is a system that prevents certain types of information from being e-mailed out, copied onto insecure usb devices etc.
Demonstrating the technology is one thing, persuading customers that they need it enough to put their hands in their pockets is another.
Still you never know Wikileaks may concentrate a few minds.
I work for a big computer security organisation. Our laptops are encrypted and we run what is called Data Loss Protection which is a system that prevents certain types of information from being e-mailed out, copied onto insecure usb devices etc.
Demonstrating the technology is one thing, persuading customers that they need it enough to put their hands in their pockets is another.
Still you never know Wikileaks may concentrate a few minds.