WIKILEAKS 101: Q&A WITH AN INTERNET SECURITY EXPERT


INTERNET,
DECEMBER 20, 2010 (HUFFINGTON POST) BY Craig Kanalley - WikiLeaks has gone down, returned, gone down again, returned and other sites have been taken down by supporters of WikiLeaks like Visa.com.

From a technical standpoint, what is happening exactly and what will happen next in this ongoing cyberspace saga? HuffPost Tech asked SafeCentral CTO Ray Dickenson to help us break it all down based on his Internet security expertise.

Q: How can WikiLeaks withstand attacks against their site, and how might they propagate the sensitive information they're leaking?

Dickenson: They already are withstanding the attacks. There are many mirror sites where their content is available now. A list is available here: wikileaks.info.

Furthermore, the cablegate dataset has been released via bittorrent, which means it is being downloaded all over the world and then instantly made available from others to download from an ever-increasing number of computers.

The biggest impact right now is that the flagship site, wikileaks.org is being blocked. This only stops casual readers from browsing the content--casual readers who would not look around in more places. Really dedicated readers can still find the content.

Q: Can commercial websites withstand the attacks by pro-WikiLeaks supporters? What types of the threats are these commercial sites facing, and how do they protect themselves?

Dickenson: Yes, commercial sites can spend money to architect and implement resilient designs. These cost more money, require hosting in many locations on diverse networks, complicate the website management processes (it's harder to update a webpage on 30 different servers in 5 locations than on 4 servers in 2 locations), require network and server hosting contracts with multiple vendors and require more sophisticated monitoring and management infrastructure and the skilled engineers to go with it. Even so, hackers with medium level skills could still have an impact..temporary or limited to a geographic region, but still an impact.

Commercial sites have to consider every visitor a "casual reader" and expect them to be stopped cold if a wikileaks.org-style DNS blocking happened. So walmart.com cannot expect visitors to look for a list of mirror sites like wikileaks has created.

Q: Are government websites at risk of being attacked, and what is the threat level? Are government sites better prepared than these commercial sites?

Dickenson: Same answer as commercial sites. However, governments typically have more resources to throw at the hosting problem and also have law enforcement to back them up directly. Attacks on government websites could be considered a national security issue and thereby open up every channel of response, including FBI, Secret Service, Military and other organizations.

Q: What other kind of threats do consumers, and commercial or government entities face in terms of web-based attacks? What other tactics might be used by attackers?

Dickenson: Really dirty tricks could include putting up a fake wikileaks (or walmart) site and putting up disinformation or, even worse, malware that scares everyone away or infects their computers and make them susceptible to further exploitation. Further exploitation could include surveillance--that is, watching what these website visitors are doing on their computers.

Q: What might happen next?

Dickenson: Here is the thing: billions, maybe trillions, of dollars have been spent building and operating the Internet and its array of services that include content, email, payment processing, remote control. Most of this development is designed to make it easy for average people to connect with one another and get things done online. Bad guys take all that infrastructure, technology, software development tools and other resources and TURN THEM AGAINST US. When the latest Internet start-up like Facebook builds its systems it is primarily concerned with adding users and growing its business. Security is an exception..an additional cost..a headwind that slows growth. Something to take care of later. This means that creative, smart people with time on their hands and a willingness to do harm can get a lot done on the wide open Internet.

For example, large-scale attacks on individual citizens, exploiting their online lives through bank accounts, social networking, and professional networks, not seeking to steal money (which requires humans to receive payments and launder funds) but just to disrupt our connected lives. Anything that causes citizens to re-think how safe they are or how stable society is, could have significant impact on a nation, an economy, a large corporation or other large target.

FROM THE CHRISTIAN SCIENCE MONITOR ONLINE www.csmonitor.com

Julian Assange in the crosshairs: Is he being unfairly vilified? By Peter Grier, Staff writer / December 17, 2010  Washington 

[PHOTO -WikiLeaks founder Julian Assange speaks to the media outside the home of his friend, journalist Vaughan Smith, in Norfolk, England Friday\

WikiLeaks founder Julian Assange seems to be on just about everyone's hit list in Washington. But there are some who call for restraint, saying the legal issues are murky at best.

WikiLeaks founder Julian Assange is pretty unpopular in the United States at the moment. The Justice Department likely has a secret grand jury considering whether to indict him. Some members of Congress have called for the US to neutralize Mr. Assange – implying that the CIA should snatch him off the street, or worse.

On Friday he darkly implied that all his legal troubles are the result of an international conspiracy and said that the US investigation of his actions is “illegal.”

But even paranoids have real enemies. Is Assange in fact being unduly vilified in Washington?

House Judiciary Committee chairman John Conyers of Michigan, for one, thinks he is. Representative Conyers used that phrase – “unduly vilified” – in regards to Assange on Thursday when he called to order a hearing on the constitutional and legal ramifications of WikiLeaks’ recent actions.

WikiLeaks 101: Five questions about who did what and when

“When everyone in this town is joined together calling for someone’s head, it’s a pretty sure sign that we might want to slow down and take a closer look,” said Conyers.

Conyers, a liberal Democrat who will lose his chairmanship when Republicans assume control of the House in January, said it remains unclear exactly what laws Assange and WikiLeaks may have violated, for one thing.

All the discussions over whether the 1917 Espionage Act applies to this case, or whether Assange can be charged with conspiracy for helping alleged leaker Pfc. Bradley Manning, shows that the legal context here is in fact very confusing, said the Judiciary panel chairman.

For another thing, it’s unclear what the distinction is between WikiLeaks and traditional media, said Conyers. And Assange’s actions take place in the context of a system of US government secrecy that’s out of control.

“We’ve got low fences around a vast prairie [of secrets] because the government classifies just about everything. What we really need are high fences around a small graveyard of what’s really sensitive,” said Conyers.

Number of 'Wikimyths' Thomas Blanton, director of the National Security Archive and a witness at the House hearing, agreed with Conyers that the US has so much classified material that it’s hard to protect it all.

Furthermore, the WikiLeaks case has been dogged by a number of “Wikimyths,” according to Mr. Blanton.

For instance, WikiLeaks’ recent release of US diplomatic cables is routinely described in the press as a “document dump,” but it’s been nothing of the sort, said Blanton. Only about 2,000 cables have been made public – and those were published by mainstream news organizations that attempted to judge their newsworthiness.

Nor has there been an epidemic of leaks, said Blanton. All of WikiLeaks’ most important source material appears to have come from one person, alleged to be Manning. He’s already been arrested by the Defense Department, so that leak is plugged, as far as the government is concerned.

“They’re not terrorists,” said Blanton of WikiLeaks.

Of course, not being a terrorist is a pretty low bar to clear. Other experts take a dimmer view of WikiLeaks and Assange.

Assange appears to have no compunction about releasing such things as the names of Iraqis who work with the US military, pointed out the Judiciary panel’s ranking Republican, Rep. Louie Gohmert of Texas.

Safety of US personnel

“This isn’t simply about keeping government secrets secret. This is about the safety of American personnel overseas at all levels, from the foot soldier to the commander-in-chief,” said Representative Gohmert.

In fact, WikiLeaks has displayed so little regard for its actions, and has employed such sophisticated Internet technology to acquire and disseminate its information, that it might be said to have created “Leaks of Mass Destruction,” or LMDs, said Gabriel Schoenfeld, a senior fellow at the Hudson Institute, at the House hearing.

These are “leaks so massive in volume and so indiscriminate in what they convey, that it becomes very difficult to assess the overall harm, precisely because there are so many different ways in which that harm is occurring,” said Mr. Schoenfeld.


Chief News Editor: Sol Jose Vanzi

© Copyright, 2010 by PHILIPPINE HEADLINE NEWS ONLINE
All rights reserved


PHILIPPINE HEADLINE NEWS ONLINE [PHNO] WEBSITE