[ISN] IDF computer system breach allows access to top secret files

From: InfoSec News (alerts@private)
Date: Thu Jul 26 2007 - 00:12:20 PDT


http://www.haaretz.com/hasen/spages/886339.html

By Amos Harel
July 25, 2007 Av 10, 5767

A breach in the Israel Defense Forces' computer security system enables 
ordinary soldiers to access top-secret documents, a reserve officer has 
informed Haaretz.

The army said that it is aware of the problem and is working to solve 
it.

The IDF maintains an internal computer network, Tzahal-Net, and almost 
every IDF office has computers connected to the network. The army's 
communications department has reported in the past that about two-thirds 
of all soldiers use the network at least once a day.

Captain (res.) Amos Kahan, a doctor, discovered the security breach 
while on reserve duty about a year ago, when he searched the words "top 
secret" on Tzahal-Net.

The results gave him access to dozens of documents classified as top 
secret, including information on classified weapons, plans for defending 
various sectors of the country and the army's multiyear plans.

In June 2006, he sent a letter to the heads of both the communications 
department and the information security department to inform them of his 
discovery.

In the letter, he pointed out that the problem was twofold: First, 
top-secret documents should not be on the network at all; second, the 
network includes no filters to deny unauthorized people access to the 
documents.

He did not receive a written response, but says he was told orally that 
the army was aware of the problem, and that the information security 
department routinely punished units that posted top-secret documents on 
the network by closing down their Tzahal-Net sites for specified 
periods.

Last week, however, Kahan completed another stint of reserve duty, 
during which he discovered that nothing had changed: A search for the 
words "top secret" once again brought up top-secret documents, including 
one territorial brigade's emergency deployment plans. Once again, he 
complained to senior General Staff officers - but this time he 
complained to Haaretz as well.


'Raising awareness'

In response, the IDF spokesman said that the army "is not familiar with 
the complaint from last year." However, Kahan's new complaint, submitted 
last week, was immediately passed on to the relevant parties.

"The IDF is investing a great deal, both in technological tools and in 
raising awareness, in order to eliminate this problem," the statement 
continued. "Significant violations are dealt with accordingly. We wish 
to thank Captain Kahan for his vigilance."


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Thu Jul 26 2007 - 00:28:48 PDT