Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security IT

How To Stop the Next WikiLeaks 191

Posted by samzenpus from the plugging-the-holes dept.
Hugh Pickens writes "Eli Lake reports that the U.S.'s 16 intelligence agencies are using a program called SureView that makes it easier to spy on the spies and catch whistleblowers early in the act. SureView is a type of auditing software that specializes in 'behavior-based internal monitoring' that monitors the intelligence officer's computer activity. If the officer acts like a potential leaker, sending an encrypted email or using an unregistered thumb drive, the analyst might push a button and watch a screen video of the officer's last hour of work. Once a case is made that a leak might be imminent, it is checkmate: the agent is thwarted. 'Had SureView been on Bradley Manning's machine, no one would know who Bradley Manning is today,' says Ryan Szedelo, manager for Raytheon's SureView software. The intelligence community has had auditing software for years. SureView came on the market in 2002. But the programs were buggy and often prone to false positives, alerting a network administrator too often to routine behavior. 'The technology has gotten substantially better in the last year,' says Jeffrey Harris, a former head of the National Reconnaissance Office. 'The problem with audit files was it took an army of people to understand them. Now we have rule-driven systems and expert systems that help us reason through the data.'"
This discussion has been archived. No new comments can be posted.

How To Stop the Next WikiLeaks More

How To Stop the Next WikiLeaks

Comments Filter:

  • Detection and rules (Score:2, Interesting)

    by skgrey ( 1412883 ) on Friday October 21, 2011 @08:12AM (#37789568)
    The problem is that the system is only as good as the ruleset and detection; it's the same theory behind antivirus. If you have a zero-day exploit that acts differently it's going to get through, and if you have someone that figures out a different way to capture data then the leak will happen. Can the software detect someone taking a picture of a document on the screen with their camera? Can it detect getting booted from an OS CD? Can it stop a person from telling someone what they read? This is just more window-dressing to make the people in charge feel a little safer.

  • Re:Stay classy! (Score:4, Interesting)

    by kilfarsnar ( 561956 ) on Friday October 21, 2011 @09:59AM (#37791058)

    From a security perspective, yes it is a good thing. But at the same time the level of secrecy and classification has become absurd. It is undermining our democracy because the citizenry cannot find out some basic stuff that their government is doing. It is (or should be) common knowledge that the three letter agencies (and a bunch you've never heard of) spy on Americans on an ongoing basis. We can't find out just what they are doing because it is classified, and if we try to sue we have no standing because we can't prove we were spied upon because it's classified. That is absurd and Kafkaesque. These days leakers are the only way we find out about the shenanigans our agencies pull.

    On a side note "senior white house officials speaking on the condition of anonymity" leak classified material all the time. But they are never prosecuted. I wonder why.

  • Re:What if... (Score:4, Interesting)

    by ElectricTurtle ( 1171201 ) on Friday October 21, 2011 @10:33AM (#37791796)
    I am a federal contractor and we're required to encrypt attachments that contain 'sensitive' information. (Which isn't to say 'classified' since that's not supposed to get tossed around in the first place.) If this were rolled out in the agency I work with, everybody and their dog would be setting off this 'alarm' every hour of every day.

    Sounds like bullshit to me.

Slashdot Top Deals

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (5) All right, who's the wiseguy who stuck this trigraph stuff in here?

Close