Report: WikiLeaks source exploited security flaw

A State Department program lacked a feature that might have alerted officials to the unauthorized download of diplomatic cables.

Poor information security in an obscure State Department computer system made it possible for an inside source to turn over a massive cache of secret and sensitive diplomatic cables to WikiLeaks.

The Net-Centric Diplomacy initiative, which had become a storehouse of diplomatic cables, lacked the ability to detect that someone was downloading data without authorization, according to a report by the Washington Post.

“U.S. officials and security analysts describe the leak as a cautionary tale, one that underscores flaws in security for secret government data while also exposing a downside to the U.S. government's enthusiastic embrace of information-sharing in the months after the Sept. 11, 2001, terrorist attacks,” writes Joby Warrick at the Post.

About the Author

John S. Monroe is the editor-in-chief of Federal Computer Week.

Reader comments

Thu, Apr 28, 2011 Demosthenes

A more transparent government would definately work... but only in the same universe that Marxism would work in. Nations have enemies, and extremely stupid citizens. Add government transparency to that list and you end up with a conquered nation. Sure, nations can join the UN, donate money to Africa, become more transparent, and sing Kumbaya, but none of it will change the fact that nations are and always will have to be cut-throat. Nations have to be focused on self-preservation first and fore-most. Can you count on every single citizen in any nation to be patriotic enough to shut their mouths when asked by a KGB agent where the nukes are? All sovereign nations have to suspect everyone, especially their own citizens, of hostlie intent. You might say that Julian Assange means well, but then, so did Karl Marx.

Fri, Jan 7, 2011

but if that would not happen in the first place wiki-leek would not have to disclose anything and we would have a mor transparent democracy

Thu, Jan 6, 2011 SEAL-IT Baltimore

The root cause of the security failure is the abundance of inexperienced "certified IT Security professionals" with background to get security clearance for defense related jobs but not the skills to do an effective job of securing networks and systems. There is no passive or active policy restraints that can be a substitute for the know how to finely implement access control schemes based on organizational missions. Mindless push/enforcement of "security policies" without regard to work unit mission and objectives only stifles organizational productivity. STIGs that are poorly implemented are just as damaging. Right now the hierarchy of protecting sensitive networks and systems is standing on shaky foundation due to the fact outlined above. The Govt/DoD needs better mechanism to ensure that the people it is hiring can do more than reading manuals and writing ineffective security policies and guidelines that grinds productivity to a halt without accomplishing much else. DoD 5700 is soon circumvented by "any means necessary" for those determined enough to land a good paycheck but not concerned about doing a good job. Sad to say that Wikileaks is the tip of an avalanche in embarassing disclosures that could force drastic changes that is long overdue. The IG/GAO need to conduct a serious audit of security professionals in Government and the open IT support contracts with "big" connected corporations. No telling the depth of waste and layered bureaucracy that will be uncovered. For example Company A holds IT Services contract for Enterprise A who hires several marginal IT exeprienced staffers to boost/keep budget allocations, however all the "heavy lifting" is done by contractors in Company A. Everybody is paid by Uncle Sam but the work is never "well done" as it should until events like Wikileaks expose the gaping holes.

Thu, Jan 6, 2011

Well, are we all ready to start flushing sensitive federal information into the "cloud"? Right now, even basic IT Security controls are being swept away so as not to obstruct the move to cloud computing and data sharing or "online collaboration".

Thu, Jan 6, 2011

Jack and Michael D. Long are hitting the nail on the head...you are so Warm...getting "Hot" in here...the CISO has been a snake doctor for so long that he forgot to close the door while out selling his junk processes... he and his cronies that supported him in this taxpayers fleecing should be released for deceitful and fraudulent use of government funds and information...maybe congress will wake up from this snake doctors' rant...

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above