http://www.haaretz.com/hasen/spages/886339.html By Amos Harel July 25, 2007 Av 10, 5767 A breach in the Israel Defense Forces' computer security system enables ordinary soldiers to access top-secret documents, a reserve officer has informed Haaretz. The army said that it is aware of the problem and is working to solve it. The IDF maintains an internal computer network, Tzahal-Net, and almost every IDF office has computers connected to the network. The army's communications department has reported in the past that about two-thirds of all soldiers use the network at least once a day. Captain (res.) Amos Kahan, a doctor, discovered the security breach while on reserve duty about a year ago, when he searched the words "top secret" on Tzahal-Net. The results gave him access to dozens of documents classified as top secret, including information on classified weapons, plans for defending various sectors of the country and the army's multiyear plans. In June 2006, he sent a letter to the heads of both the communications department and the information security department to inform them of his discovery. In the letter, he pointed out that the problem was twofold: First, top-secret documents should not be on the network at all; second, the network includes no filters to deny unauthorized people access to the documents. He did not receive a written response, but says he was told orally that the army was aware of the problem, and that the information security department routinely punished units that posted top-secret documents on the network by closing down their Tzahal-Net sites for specified periods. Last week, however, Kahan completed another stint of reserve duty, during which he discovered that nothing had changed: A search for the words "top secret" once again brought up top-secret documents, including one territorial brigade's emergency deployment plans. Once again, he complained to senior General Staff officers - but this time he complained to Haaretz as well. 'Raising awareness' In response, the IDF spokesman said that the army "is not familiar with the complaint from last year." However, Kahan's new complaint, submitted last week, was immediately passed on to the relevant parties. "The IDF is investing a great deal, both in technological tools and in raising awareness, in order to eliminate this problem," the statement continued. "Significant violations are dealt with accordingly. We wish to thank Captain Kahan for his vigilance." _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Thu Jul 26 2007 - 00:28:48 PDT