[ISN] Loophole May Have Aided Theft of Classified Data

From: InfoSec News <alerts_at_private>
Date: Mon, 12 Jul 2010 00:29:08 -0500 (CDT)
http://www.nytimes.com/2010/07/09/world/09breach.html

By Thom Shanker
The New York Times
July 8, 2010

WASHINGTON -- The soldier accused of downloading a huge trove of secret 
data from military computers in Iraq appears to have exploited a 
loophole in Defense Department security to copy thousands of files onto 
compact discs over a six-month period. In at least one instance, 
according to those familiar with the inquiry, the soldier smuggled 
highly classified data out of his intelligence unit on a disc disguised 
as a music CD by Lady Gaga.

Criminal charges were filed this week against the soldier, Pfc. Bradley 
E. Manning, 22, who was accused of downloading more than 150,000 
diplomatic cables, as well as secret videos and a PowerPoint 
presentation. Since his arrest in May, with initial accounts blaming him 
for leaking video of a deadly American helicopter attack in Baghdad in 
2007, officials have sought to determine how he could have removed 
voluminous amounts of secret data without being caught.

A Defense Department directive from November 2008 prohibits the use of 
small thumb drives or larger external memory devices on any of the 
estimated seven million computers operated by the Pentagon and armed 
services. The order was issued to forestall the accidental infection of 
national security computer networks by viruses -- and the intentional 
removal of classified information.

Defense Department computers have their portals disabled to prevent the 
use of external memory devices that are ubiquitous in homes, offices and 
schools, officials said. A recent amendment to the order allows the rare 
use of thumb drives, but only with official approval as required by a 
current mission.

[...]


_________________________________________________________________
Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada
July 24-29th, offering over 60 training sessions and 11 tracks of Briefings
from security industry elite. To sign up visit http://www.blackhat.com
Received on Sun Jul 11 2010 - 22:29:08 PDT

This archive was generated by hypermail 2.2.0 : Sun Jul 11 2010 - 22:42:07 PDT