[ISN] Data-security failures enabled theft of documents from Naveh's office

From: InfoSec News <alerts_at_private>
Date: Mon, 12 Apr 2010 00:25:38 -0500 (CDT)
http://www.haaretz.com/hasen/spages/1162065.html

By Anshel Pfeffer 
Haaretz.com
April 11, 2010

A series of failures in the protection of classified documents in the 
office of then-GOC Central Command Yair Naveh allowed Anat Kam to take 
more than 1,000 documents while working there.

Eight months after being conscripted into the Israel Defense Forces, in 
2005, Kam was appointed assistant manager of the office. She passed a 
basic security screening before she began working in Naveh's office.

Every day, thousands of documents are sent from the office of the IDF 
chief of staff by e-mail. The most highly classified documents, however, 
are not distributed by e-mail, but in keeping with strict security 
procedures are delivered in numbered envelopes, signed for on receipt 
and destroyed after reading.

Nonetheless, the vast majority of documents, even classified ones, are 
relayed through the army's internal e-mail system. In each office there 
is at least one computer to which the most highly classified documents 
are addressed, and from which, according to protocol, files cannot be 
either copied or printed.

According to sources who worked in the office at the time, because Naveh 
disliked reading documents on a computer screen they were habitually 
sent to another computer in the office. Kam, acting on the orders of the 
office manager, would print them out and deliver them to Naveh so that 
he could read them.

[...]


___________________________________________________________
Register now for HITBSecConf2010 - Dubai, the premier 
deep-knowledge network security event in the GCC, 
featuring keynote speakers John Viega and Matt Watchinski! 
http://conference.hitb.org/hitbsecconf2010dxb/
Received on Sun Apr 11 2010 - 22:25:38 PDT

This archive was generated by hypermail 2.2.0 : Sun Apr 11 2010 - 22:42:30 PDT