Single person infiltrates American military network? Surely not?
Gary McKinnon.
From his girlfriend’s bedroom.
Looking for UFOs.
And he was a rank amateur with NO military knowledge.
Phishing for credentials to get into any system is a lot easier than brute-forcing your way in, and in any system the most dangerous point of failure is the disgruntled (or naive) worker.
Logically, for that amount of data to get out through one disgruntled, er, grunt, only a couple of years after some Aspergers-inflicted Brit hunting for UFOs was able to do it from his girlfriend’s bedroom, and twenty five years after Hollywood picked up on the fact that this was even plausible (WarGames), can only mean one of two things:
1. These “hackers” are all hitting a very skilfully crafted honeytrap and the intelligence services are having a field day following the paper trails of misinformation.
2. The people in charge of locking down your defense systems, are so utterly, utterly, UTTERLY incompetent that they are every bit as culpable as the guy who siphoned this data out of the network to begin with, and I wouldn’t trust those dozy berks to lock their front doors on the way to work.
Go after Assange by all means. Prosecute the traitor.
But while you’re at it, round up anyone who’s been in charge of securing the military network for the past five years... court martial, charges related to negligence.
I’m not sure what you’re talking about. There wasn’t any hacking apparent in this case. It was a guy with a Secret clearance accessing archives of files at the Secret clearance level. No hacking required. It’s like being surprised that a librarian “had access” to the books in the library.
Nonetheless... removing them and releasing them was treason. He’ll be tried for that. Now... the problem isn’t him anymore but the guy he gave it all to.
Point taken. That was back in the 2001-2002 time frame. You'd think that we'd have been on heightened alert for this kind of activity back then, but obviously we weren't.
BUT, this kind of outside hacking is an all or nothing proposition. You get and get it all or you don't. You are working with your own computer in your own space without supervision. If you get in, the data is yours for the taking, with no one around to stop you.
There is a big difference in the security you use against a hacker like McKinnon who with some skill got lucky, vs the security you use with someone who you know has access already has access to the data. The security to protect against hackers is all electronic. The security you use with someone who already has access to the data is one that prevents them from being able to copy it and remove it from the premises, and that is is physical security. These two forms of security are complimentary but non-comparable.
The people in charge of locking down your defense systems, are so utterly, utterly, UTTERLY incompetent that they are every bit as culpable as the guy who siphoned this data out of the network to begin with, and I wouldn’t trust those dozy berks to lock their front doors on the way to work.
Yes, that's the physical security of the data, and unless -- as you suggest, it may be a honeytrap -- this level of security was completely incompetent.
Go after Assange by all means. Prosecute the traitor. But while you’re at it, round up anyone who’s been in charge of securing the military network for the past five years... court martial, charges related to negligence.
Yes, unless they actually followed military protocol and it's the protocols themselves that are completely useless.