Where it came from
Laughable security really -- from the
BBC:
Siprnet: Where the leaked cables came from
Most of the diplomatic messages released by Wikileaks have been traced to a US defense department network, known as Siprnet, used for the exchange of classified information, media reports say.
Ironically, Siprnet (Secret Internet Protocol Router Network), which was set up in the 1990s, was expanded as part of moves after 9/11 to allow classified information to be shared more easily and prevent failures of communication between different intelligence agencies.
It is designed for exchange of information up to "secret" level - the level for information that would cause "serious damage" to national security.
It is thought about 2.5 million US military and civilian personnel have access to the network.
However, Siprnet is not recommended for distribution of top-secret information.
Only 6% (more than 15,000) of the documents have been classified as secret. Another 40% were "confidential", while the rest were unclassified.
Their security protocols were a joke:
The system is protected by a series of security measures, the guide adds:- All users must be approved and registered
- Passwords are complex, and must be changed every 150 days
- Only accessible from specially enabled computers in secure location
- Computers must not be left unattended
- No linking to civilian internet without prior approval
- Media storage devices become classified at secret level once connected to Siprnet-enabled computers
- Audit trail of all users, including identity of all persons accessing Siprnet
However, the guide says that technological advances in storage devices have made it easier to remove classified information from secure areas.
This is more lax than some of the lab security I implemented while working at MSFT. Any time someone has physical access to data and has a means to write to a storage device, that data will be compromised.
The simple expediency of having a dumb terminal with no input or output devices would have eliminated this from the outset. The fact that the security officers saw Manning with recordable CD disks ("with his own music") should have raised a big red flag and placed the little bugger under observation.
The other thing to watch for is general traffic. If someone is downloading huge swathes of data from various locations, that might warrant a closer look.
Posted by DaveH at December 10, 2010 3:02 PM