Welcome!

Bill Roth, Ulitzer Editor-at-Large

Bill Roth

Subscribe to Bill Roth: eMailAlertsEmail Alerts
Get Bill Roth via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Blog Feed Post

WikiLeaks, Stuxnet, and LogLogic

Bill Roth

I love information security stories in the mainstream press. They are often a generous amalgam of fear-mongering, misinformation, and technical ignorance. The truth is always buried somewhere under the headline, if it is even in the story at all. Consider two recent mainstream stories on computer security, WikiLeaks and the Stuxnet worm. While wildly different in effect and intent, these breaches share one thing: they were both propagated by an insider.

WikiLeaks

The WikiLeaks story is a breach of truly breath-taking magnitude, and one whose effects will be felt in the international diplomacy arena for years. At the core, it represents the most prolific kind of threat, the insider. It has been reported that a US Army enlisted man, PFC Bradley Manning, who was against the wars in Iraq and Afghanistan, copied the files on to a CD, all the while pretending as if he was listening to Lady Gaga’s Telephone.

How would a solution like Loglogic’s have helped in this case? The fact remains that 19th century technology is still being used for our diplomatic correspondence. Some countries are already announcing they’ll change the way they send diplomatic information. There are several ways in which this situation could have been avoided, or the impact could have been greatly lessened. The first is better physical security. Having a CD writer on the PCI or an open USB port or two are clearly ways data could leak. There is a rumor going around that in the DOD all sensitive computers are having their USB ports sealed with Lucite. Good first step, but you need to know your employees as well.

The second way this could have been avoided is to use modern cryptographic technology. Anyone who has used GPG knows that public key cryptography could have foiled this - all Manning would have been able to release was megabytes of digital hash.

The third way this situation could have been ameliorated is by logging. If data transfers were being logged, all a LogLogic administrator would have to do is set up an adaptive baseline alert. Then when HUGE data transfers happen of, say, 391,832 government reports, someone would be alerted. Problem solved.

Am I being to simplistic? Yes, but not by much.

Stuxnet

The Stuxnet worm was brought to mind by an email from my father down in Florida, asking me if something like this could actually happen, or if it was science fiction. The story goes like this. Somehow, a specific Windows virus, was targeted to infect a specific piece of Windows software, that ran a specific set of Siemens Plc's, which worked a centrifuge. It did so by taking advantage of default passwords (DOH!) It turns out that this high-volume centrifuge was used in things like refining nuclear fuel for power plants or worse, and were owned by people like Iran. The infected piece of code would cause the centrifuge to change speed rapidly and the centrifuge would shake itself apart.

Interestingly, the best piece of reportage on this did not come from eWeek, Gizmodo, or TechCrunch, but the venerable Economist.

How could LogLogic have helped in this situation? I am not sure we’d want to, given it is Iran’s Nuclear Facilities we’re talking about, but it does appear that the virus was received over the internet, or the infection was received from an infected USB key, and those things we log and report on.

I wonder if Iran is ordering more Lucite?

The Moral of the Story

The Moral of the Stories is this: ‘know your people’, and if you have to, ‘log your people’. Scott McNealy used to say “You have no privacy; get over it”. This, sad to say, is true. To paraphrase Guy Churchward, every time you surf the web, or use a key-card, you are logged. It is becoming harder and harder to be truly anonymous. The real discussion to have is what limitations should free societies place on the usage of data. But that discussion is for another time and place.

Read the original blog entry...

More Stories By Bill Roth

Bill Roth is a Silicon Valley veteran with over 20 years in the industry. He has played numerous product marketing, product management and engineering roles at companies like BEA, Sun, Morgan Stanley, and EBay Enterprise. He was recently named one of the World's 30 Most Influential Cloud Bloggers.