Wikileaks: One More Security Risk

In the spring of 2017 WikiLeaks published CIA internal documentation that seems to indicate that the CIA uses a variety of tools to

"spy" on individuals such as malware, spyware, and viruses that

can be installed on smart TV s, cars, and smartphones. Using these

tools, the CIA could determine what individuals watch on their

TV s, where they drive, and how they use their smartphones.

Founded in 2006 by Julian Assange, WikiLeaks is a selfdescribed media organization with a stated goal of disseminating original documents from anonymous sources. Assange, now

the editor in chief of WikiLeaks, founded it to counter what

he calls secrecy-based, authoritarian conspiracy governments,

one of which, in his view, is the U.S. government. His intent is not to let sunlight into the room as much as to change the

room itself.

Assange was once a computer programmer and hacker in the

late 1980s and '90s. The Australian Federal Police tapped his

modem, discovered his hacking, and charged him with more

than 30 counts of hacking and crimes. After paying restitution,

he worked for Police Child Exploitation units and wrote books

on security. More recently, after WikiLeaks revealed a number

of classified document~ and emails, he was called a terrorist by

former Vice President Joe B iden, and others have considered his

work illegal, while still others support him. In this supportive

camp are a former Russian president, politicians in Europe and

South America, and a number of activists and celebrities. In 2012,

after sexual assault allegations in Sweden, Assange applied for

political asylum at the Ecuadorian embassy in London, where he

has resided since.

The WilciLeaks site began as a typical wilci-public readership and active post~ that were subject to editing, much like Wikipedia. Very few of the early cla~sified documents were redacted

or heavily edited by WilciLeaks. These early documents reported

on corruption in Kenya and military equipment expenditures in

the Afghanistan War. Then, in 2010, WikiLeaks re ea~ed a video

called "Collateral Murder; gunsight footage from a Baghdad airstrike that killed Iraqi journalists. It portrayed a very specific political viewpoint and wa~ not offered to inform like a typical wilci.

Later in 2010, WikiLeaks became front-page news when it

re ea~ed more than 700,000 docume t~ including Iraqi war logs

and diplomatic cables thought to be from a U.S. Army intelligence

soldier named Bradley Manning (now Chelsea Manning). It also

re ea~ed files on the detention of prisoners in the Guantanamo Bay

detention camp.

Most recently, WilciLeaks has adopted the practice of giving

five news organizations-I.e Monde, El Pais, The Guardian, Der

Spiegel, and the New York Times-

these newspapers to redact data in the documents that would be

harrnful to any particular individual.

WikiLeaks ha~ also published a heavily encrypted " insurance"

file that is 1.4 GB in size. Many speculate that these are the original unredacted documents, and Assange ha~ asserted the password to this file will be released in the event of his death or destruction ofWikiLeaks. During the 2016 U.S. presidential election, WikiLeaks re ea~ed emails and other documents from the U.S. Democratic National Committee (DNC) and from Hillary Clinton's campaign manager, causing lasting embarrassment. According to U.S. intelligence, these documents were hacked by Russian sources, but WilciLeaks denies that claim. The impacts of WilciLeaks are significant. It is malcing intelligence gathering by governments more difficult, and much of what is eventually re ea~ed by WikiLeaks violates personal privacy expectations. However, WikiLeaks believes free speech is the highest-order principle for any society and that government power that tends to limit true freedom should be the concern of all people seeking a truly democratic society.

5-9. What is the best aspect of WikiLeaks' work? The worst aspect?

5-10. How would the categorical imperative and utilitarianism viewpoint discussed in Ethical Guides in Chapters I and 2 view the work ofWilciLeaks?

5-11. Will the actions of WilciLeaks result in more encryption? Is that a good outcome?

5-12. If you were a manager in the CIA or DNC, which safeguards in Figure 5-7 would you identify a~ needing to be more widely used?

5-13. Government agencies have a different threat than most business or nongovernmental organizations: employees dissatisfied with government policy. Think about your school, your local government, or a government agency: What sensitive data might a dissatisfied employee release?

5-14. Some have accused WilciLeaks of being biased-that it only releases documents that support its goals. Is this a valid criticism?

5-15. The last question in this chapter describes how organizations should respond to security incidents. Read about how the DNC and the CIA reacted to WikiLeaks' actions. How would you evaluate their reactions? What could they have done better?

T Add text | V Draw Highlight Erase | 6 2 CHAPTER 5 . INFORMATION SYSTEMS SECURITY 113 Hardware Software Data Procedures People FIGURE 5-7 Security Safeguards as They Relate Technical Data Human to the Five Components safeguards safeguards safeguards Identification and Data rights and Employees authorization responsibilities Nonemployees Encryption Passwords Account admin Firewalls Encryption Backup and recovery Malware protection Backup and Security monitoring Hardening, VPN, recovery and secure design Physical security The second security fundamental is to manage risk. Risk as defined earlier is the chance of loss. IT security experts identify and assess risks and work with senior management about how to manage these risks. Risk management, as shown in Figure 5-6, has four options. Risk can be accepted and budgeted for, and some risks can be avoided by not engaging in an activity. Manage- ment can also decide to transfer risk via insurance or outsourcing, and risks can be mitigated or reduced by safeguards. The second half of this chapter emphasizes this fourth response to risk, but it is important to point out that management can use these other options to address risk as well. Before moving on, a note about cloud security: One way to transfer security risks is to use Activate Windows the cloud. The fundamentals of cloud options are discussed in Chapter 3. Increasingly security Go to Settings to activate Windows experts view the cloud as a secure option; most believe the cloud is more secure than in-house options. The cloud has several advantages. Cloud vendors use current technology, they can 5:58 PM 9/15/2022 O OLDE