After 9/11, the government made an effort to link up separate archives of government information. In theory, anyone in the State Department or the U.S. military can access these archives if he has: (1) a computer connected to Siprnet, and (2) a “secret” security clearance. As Manning told a fellow hacker: “I would come in with music on a CD-RW labeled with something like ‘Lady Gaga’ … erase the music … then write a compressed split file. No one suspected a thing… [I] listened and lip-synched to Lady Gaga’s ‘Telephone’ while exfiltrating possibly the largest data spillage in American history.” Manning said he “had unprecedented access to classified networks 14 hours a day 7 days a week for 8+ months.”
So the guy was able to access a CD-RW in a PC that was connected to the Siprnet? Why wasn't that machine locked down well enough so you cannot access both USB and the CD-RW on it? It is as simple as erasing the drivers on the machine or buying security software that blocks hardware access. Even uninstalling the Burner Software he used or just blocking the one in Windows Media Player would have been secured that machine. Even having Admin password access to the CD-RW would have been sufficient.
Why do these machines have any software other than a browser in the first place? It should have just been a dumb terminal or a net-top connected to the Siprnet. I mean if this stuff needs to be read and reports made from them there are web-facing apps that can be accessed to bypass installing something like a burner program in the first place.
Those web-facing apps can be behind secured servers as well that logs all of the files that are accessed coming in and out. They would have showed that PFC Manning accessed Secret State Department cables on such-and-such date and then automatically emailed his commanding officer. That guy could have taken him aside and found out that Manning had no business accessing that data. This traitor would have been in the stockade in 20 minutes. Instead he had free reign for 8 months and could take the secrets home with him?
Also weren't there checks when the person leaves the secured area? I mean you would probably confiscate any CDs or thumb drives this grab-ass took into the place. I mean the TSA is checking our junk when we get on an airplane why doesn't someone check the PFC when he leaves the secured room that had Siprnet access? And if the room wasn't secured then why wasn't it?
In any case a court martial is in order and they need to hang this Manning and then find guilty of negligence anyone who was involved in securing this data. I hope General level people end their careers over this mess. If this is the IT that we expect from the US government then we are powerless to the Red Chinese.
No comments:
Post a Comment