Forgot your password?
typodupeerror
Security IT

How To Stop the Next WikiLeaks 191

Posted by samzenpus
from the plugging-the-holes dept.
Hugh Pickens writes "Eli Lake reports that the U.S.'s 16 intelligence agencies are using a program called SureView that makes it easier to spy on the spies and catch whistleblowers early in the act. SureView is a type of auditing software that specializes in 'behavior-based internal monitoring' that monitors the intelligence officer's computer activity. If the officer acts like a potential leaker, sending an encrypted email or using an unregistered thumb drive, the analyst might push a button and watch a screen video of the officer's last hour of work. Once a case is made that a leak might be imminent, it is checkmate: the agent is thwarted. 'Had SureView been on Bradley Manning's machine, no one would know who Bradley Manning is today,' says Ryan Szedelo, manager for Raytheon's SureView software. The intelligence community has had auditing software for years. SureView came on the market in 2002. But the programs were buggy and often prone to false positives, alerting a network administrator too often to routine behavior. 'The technology has gotten substantially better in the last year,' says Jeffrey Harris, a former head of the National Reconnaissance Office. 'The problem with audit files was it took an army of people to understand them. Now we have rule-driven systems and expert systems that help us reason through the data.'"
This discussion has been archived. No new comments can be posted.

How To Stop the Next WikiLeaks

Comments Filter:
  • Stay classy! (Score:5, Insightful)

    by lisaparratt (752068) on Friday October 21, 2011 @08:10AM (#37789562)

    'Had SureView been on Bradley Manning's machine, no one would know who Bradley Manning is today,'

    They say that like it's a good thing...

    • by tbannist (230135)

      Indeed. They might as well say "If it had been on Bradley Manning's machines, no one would know about some of the crimes we've been covering up."

    • A good thing is relative.

      For example, Harrisburg was just assigned to be in control of an appointed person by the Governor. Powers include being able to sign the city to contracts and sell what he/she chooses.

      The idea of a governor declaring they can pick a person to be a dictator to our state capital seems bad to me. My relatives of his party see it is a good and needed thing to fight the corruption there.

    • by beh (4759) *

      From the article:

      the analyst might push a button and watch a screen video of the officer's last hour of work

      Hmmm, so it would need 'cleverness' like a closed shell window:

      $ sleep 3600 ; cp /path/to/secret.file /mnt/thumbdrive

      Then wait half an hour, insert your thumbdrive to be mounted to the proper location; open a completely harmless (but non-work document) from it, say - an invitation to a garden party, and print it -- all the while leaving the thumbdrive mounted, so that the sleep-job can write the document in the background after in the next hour...

      Then ensure the thumbdrive is only ejected

      • A thought: just because it only logs one hour of screen captures doesn't mean that it only logs one hour of "events".
        • by Yvanhoe (564877)
          But having the ability to authorize a closed-source software to send screencaps of military computers to a remote location is such a gooooood idea. Absolutely nothing can go wrong there.

          Oh, btw, stuxnet 2 has been spotted, gathering intelligence about various networks vulnerabilities, just saying...
      • My first thought was that most government workstations don't run Linux, but the second and more pertinent one is that any software agent like this (I assume it is at least partially client-side) is easily bypassed with a simple Linux live CD/DVD. Boot to that and you're done. Granted that will violate your usage policy, but if you're leaking you probably don't care too much about that.
        • by Bucky24 (1943328)
          "Where were you for the last hour? You weren't at your desk. Oh you were? Then why was your computer off? It wasn't? So then what exactly were you doing that you didn't want us to see?"

          Just saying...
    • Bradley Manning's life (for one) has been destroyed by his naivete in his participation in this activity. You can not think that he really got into all of this with his eyes open.

      Had this security system been in place, Manning would have probably done a couple of years in military prison (for attempt, and for stupidity) and then been booted to civilian life. Because it was not he will spend decades in the worse conditions allowed by military law.

      • Re:Stay classy! (Score:4, Insightful)

        by mjr167 (2477430) on Friday October 21, 2011 @08:54AM (#37789984)
        Manning knew the consequences of leaking classified information. They make it very clear to you when you get access. It's not just a form you sign, but an hour long meeting where they go into explicit details about duties, responsibilities, and consequences. They then repeat this training on an annual basis. He may have believed he wouldn't get caught, but he had no reason to not know the seriousness of what getting caught would mean.
        • No offense, but I wish you and those who also believe this were dead.

          Mindless minions serving evil overlords. Holy shit there must be some really convincing arguments, oh wait they sign away all rights to information.

          CNN is so biased it's unbelievable, CIA edited CNN must be even worse!
          • by Bucky24 (1943328)
            Um.... Yes I believe that people who get high security clearance have to go to meetings about it. I suspect a lot of other people do too. You seem to be confusing what parent said with "Bradly Manning was bad and shouldn't have leaked". From what I can tell parent said nothing of the sort, just that Manning knew what he was getting into. I too believe he knew what he was getting into. I hold no opinion on if it was right or not.
        • by mosb1000 (710161)

          Exposing military misconduct is obviously moral behavior. A system that punishes moral behavior is immoral. It does't matter whether he knew there would be consequences. It's the consequences that are the problem.

          • Exposing military misconduct is obviously moral behavior. A system that punishes moral behavior is immoral. It does't matter whether he knew there would be consequences. It's the consequences that are the problem.

            Behavior that I disagree with, which makes me uncomfortable, or that I don't like is not necessarily (or even probably) misconduct. But even if it was...

            Doing 'whatever I want' with information that I do not own after agreeing not to do so is not a moral act. Stealing information is not a moral act. Imposing my discomfort or dislikes on you; making you conform to my personal likes; is not a moral act. Trying to avoid responsibility for committing an immoral act... is not a moral act. Committing immor

            • by mosb1000 (710161)

              Killing journalists, then lying to cover it up is misconduct.

              • Killing anyone - probably - is not a moral act. I propose that self righteous journalists may be the exception that proves the rule. I am certain that anyone who actually calls themselves a "journalist" deserves no protection, sympathy, or remorse.

                That said... I am aware of a video that seems to show individuals killed by a helicopter. The one or more of the individuals were probably journalists but may have looked like something else from the air (Press passes are hard to read from 1500 ft in a war z

      • From the chat logs released he seems like a really emotionally unstable guy. Kind of like someone with borderline, or some other serious problem. IANAP, at all, but he doesn't come off as "normal".
  • Detection and rules (Score:2, Interesting)

    by skgrey (1412883)
    The problem is that the system is only as good as the ruleset and detection; it's the same theory behind antivirus. If you have a zero-day exploit that acts differently it's going to get through, and if you have someone that figures out a different way to capture data then the leak will happen. Can the software detect someone taking a picture of a document on the screen with their camera? Can it detect getting booted from an OS CD? Can it stop a person from telling someone what they read? This is just more
    • Yeah, but far from all people who leak data can be assumed to have technical competence. Mounting a forensics dist and just reading the data off a laptops drive is easy, but not for everyone. Also, connecting to stuff on the company intranet (by stealing the vpn key off the drive and logging in via another computer or live cd) would be mighty suspicious? And any attack where you (say) connect to the presumed VPN with a computer placed in front of the monitored one, letting it transparently forward the "legi
  • Recursion (Score:4, Funny)

    by GhigoRenzulli (1687590) on Friday October 21, 2011 @08:12AM (#37789570)

    If a spy spies a spy who spies, who spies the spy who spies the spy?

    In italian is funnier because both "spy" and "spies" translate into "spia".

    Se una spia spia una spia che spia, chi spia la spia che spia la spia?

  • The real purpose (Score:5, Insightful)

    by dkleinsc (563838) on Friday October 21, 2011 @08:13AM (#37789580) Homepage

    'Had SureView been on Bradley Manning's machine, no one would know who Bradley Manning is today,' says Ryan Szedelo, manager for Raytheon's SureView software.

    And nobody would have evidence of the serious crimes he told the world about. That's what they're really worried about.

    • And Gaddafi would be probably just fine right now, in his palace. Thats awesome technology!
    • And nobody would have evidence of the serious crimes he told the world about. That's what they're really worried about.

      Manning just copied everything and Wikileaks spewed it all over. The noise to signal ratio is so high in that mess that it's hard to say he told the world anything...

      • Absolutely not true in the modern age of computers.

        Given a juicy chunk of data, a smart guy with a few software tricks will dig that info out. The power of the internet is it only takes ONE smart guy, (or gal!) and then the results are rebroadcast in sound bite form.

      • It's not hard at all, considering that in the following months there seemed to be a new story every other day saying 'previously unknown detail x revealed in wikileaks cables'.
  • Don't give millions of government employees access to confidential documents. The Manning documents were likely already in the possession of all major powers.

    • by Dcnjoe60 (682885)

      Don't give millions of government employees access to confidential documents. The Manning documents were likely already in the possession of all major powers.

      That may very well be true. However, that isn't what he is really in trouble about. He's in trouble because he was instrumental in the documents being released to the public !

      • by Hentes (2461350)

        True, I get the feeling that leaks are only a problem when they are to the public.

  • Another solution (Score:5, Insightful)

    by Kidbro (80868) on Friday October 21, 2011 @08:18AM (#37789616)

    Or, you could stop committing and covering up crimes and routinely classify any and all information regardless if it's needed or not. Then nobody would feel the need to leak the things that are rightfully secret.

    Just a thought.

    • Or, you could stop committing and covering up crimes and routinely classify any and all information regardless if it's needed or not.

      What he said x 1000. Why on earth do we need to redact 80% of what gets 'declassified' in 50 year old documents and re-classify the rest? Whomevers dirty laundry this is is long since gone, but clearly your tax dollars are hard at work... [gwu.edu]

      "Washington, D.C., February 21, 2006 - The CIA and other federal agencies have secretly reclassified over 55,000 pages of records taken

  • by Zouden (232738)

    "Had SureView been on Bradley Manning's machine, no one would know who Bradley Manning is today,"
    This quote sends shivers down my spine.

    Imagine if King George III had had this kind of technology. Then no one would know who George Washington is today. Why would anybody think this is a bad thing?

    • George Washington and the other Founders were not employees of the British government at the time of the Revolution, so this particular technology would have had no impact on them whatsoever if it was in the hands of George III.
    • Which secret documents did George Washington steal and / or publish?

      • None but he helped "rebel" against the king.
        In those days that was treason.

        But thanks to SureView, all his plans and "accomplices" were "dealt with"...

  • Another fly-by-night software developer conned some tech-ignorant government institute into buying their shit-software under the guise that it would stop their latest .

    Go America! I'm sure this will work out just fine for everyone.

  • by Rogerborg (306625) on Friday October 21, 2011 @08:26AM (#37789700) Homepage
    Oh, the jobs people work at!
    Out west, near Hawtch-Hawtch,
    there's a Hawtch-Hawtcher Bee-Watcher.
    His job is to watch...
    is to keep both his eyes on the lazy town bee.
    A bee that is watched will work harder, you see.

    Well... he watched and he watched.
    But, in spite of his watch,
    that bee didn't work any harder. Not Mawtch.

    So somebody said,
    "Our old-bee-watching man
    just isn't bee-watching as hard as he can.
    He ought to be watched by another Hawtch-Hawtcher!
    The thing that we need
    is a Bee-Watcher-Watcher!"

    WELL...

    The Bee-Watcher-Watcher watched the Bee-Watcher.
    He didn't watch well. So another Hawtch-Hawtcher
    had to come in as a Watch-Watcher-Watcher!
    And today all the Hawtchers who live in Hawtch-Hawtch
    are watching on Watch-Watcher-Watchering-Watch,
    Watch-Watching the Watcher who's watching the bee.
    You're not a Hawtch-Watcher. You're lucky, you see!
  • Coming soon to a corporate network near you : SureView Enterprise.

    If a worker acts like a potential human, sending a personal email, visiting an unregistered website or trying to conduct union activities on site, the analyst might push a button and watch a screen video of the officer's last hour of work. Once a case is made that something might be imminent, it is checkmate: the worker is thwarted.
    • by thesh0ck (1983948)
      Most of corporate america has had this for about 10 years. I found out my old boss was using similar software like this to spy on us one day when he called me into his office with screen shots from my computer showing me looking at a tech news site and asking why I wasny working for those 5 minutes. I said, "well I am entitled 1 hour of break time per day. I never use this break time, eat lunch while working and answeing phone to be more efficient so I figured 5 minutes of looking at a job related news webs
    • by LurkerXXX (667952)

      I work at a major hospital. Remote software commonly used for remote troubleshooting fires off quite regularly. I expect every workstation in the place has screen-shots taken. It's not an hour of video, but probably because that would be too expensive.

  • ...that you are a murderer, stop murdering.

  • Minimize access to sensitive docs, keep those with access happy, and most importantly, always be ethical.

  • Big Brother is watching you!

    I wonder when they make this compulsory for civilians as well?

  • You know, all that war, killing and hiding the truth could just end. Nah.
    • by inviolet (797804)

      You know, all that war, killing and hiding the truth could just end. Nah.

      I think the problem here is that other countries intend to continue with the dirty deeds. If we intend to fight back (i.e. the CIA), our activities must remain secret, simply because most American's cannot handle the cognitive dissonance of "there are no good guys, not even us".

    • Yeah, no, sorry, too profitable.
  • A new counter-counter-counter intelligence method is devised
    set your wallpaper to goatse people

  • Just act like a decent moral human being. If you do "because" someone is going to blow the whistle on you.

    • by couchslug (175151)

      "Just act like a decent moral human being."

      History suggests doing that isn't globally competitive, however much idealists wish it were.

  • If the officer acts like a potential leaker, sending an encrypted email or using an unregistered thumb drive, the analyst might push a button and watch a screen video of the officer's last hour of work.

    So, then, the analyst becomes the leaker. (Or the spy that a 3rd party hires)

    A more likely senario, is that the "officer" (who is an analyst himself), plays it safe, and doesn't gather enough intel together to actually figure out what the real bad guys are doing.

    • by Bucky24 (1943328)
      You're right! A human can't be trusted. We need more software to look over the results of this software. (sarcasm, for those of you who have trouble getting sarcasm)
  • Summary is actually about stopping leaks and the latter existed long before Assange's website. Inasmuch I am glad Manning's load became public, but for a security agency any leak-preventing policy seems a reasonable and logical step.

    The risk an insider takes to publicize the data that is prohibited from publicizing by law should be compensated for the society in case the activity he is publicizing is criminal (that is breaking other laws).

    Now, there are probably internal rules on how to fight crime inside t

  • At the age when US president openly murders US citizens on a hunch and starts whatever war he wants, like a Boss (like a King) and the rest of the government doesn't stop him in his tracks.

    At the age when US Supreme Court doesn't see anything wrong with the federal government going way beyond its authority on pretty much every issue, every law, every regulation, every tax.

    At the age when Congress and Senate bail out banks and companies and vote to increase debt limit without ever considering the consequences.

    At the age when Federal Reserve is counterfeiting currency left right and center.

    At the age of fascism/corporatism on the top and Marxism/communism on the bottom.

    What do you need wikileaks for? Are you blind?

    --

    Of-course they want the specifics of their secrets to remain secrets, they are now your rulers, not your servants.

    • by Bucky24 (1943328)
      We need wikileaks because the things that you see are only the tip of what is going on behind closed doors.
  • You know you've hopelessly fucked up, when the one guy who sends an encrypted email is suspected of being the leak.

  • Finding your leak isn't the fun part! It's arranging the "accident" afterwards! And then telling his parents, "We regret to inform you that your son has been killed in a FREAK AUTOEROTIC ASPHYXIATION accident, involving an inflatable goat, a tub of lube and an electric toaster! Here are what we could find of his remains..." (Delivers right nipple).

    Does SureView have a plug-in for that?

    • by Genda (560240)

      Yes they do, his name is Waldo, and if I say any more, they will find me with SureView and all anyone will ever find of me is my right nipple.

  • by dbIII (701233) on Friday October 21, 2011 @10:31AM (#37791746)
    Three Swedish girls next time.
    And two guys willing to throw everything away from the Bank of America leak.
  • Here is a simpler way to trap people who leak documents with one modified bit of data. Produce a 32 bit unique hash of the user's id and a 32 bit hash of the document. Based on the document's hash (e.g. the first char mod 32) choose and test one bit of the user's hash and if its set change just one character in the document, e.g. put an extra space in, or perhaps change a comma to a semi-colon.

    If a leak occurs do the same test for every employee with access to the document, and discard the half for whom t

    • by Bucky24 (1943328)
      But you would have to let leaks slip through while you tried to track down the leaker. Yes, it is guaranteed to work, but I imagine any higher up in the government would freak if you said "well see you have to just let x number of leaks go so that you can find the person leaking".
  • This is sad to hear. The government reserves the right to spy on literally everybody, but will not permit itself to be observed. Who does watch the watchers, anyway?

    Like all institutions, the government is concerned mainly with perpetuating its own existence. And since the general public equates the government's existence with their security and their own existence, they tolerate all kinds of wrong deeds and imbalances of power like this.

  • ...stop doing terrible things that are worth leaking?
  • I can only imagine the bushel-baskets of false positives this cash-grab fiasco will generate. But they'll just make even more lucre trying to fix it.

    There are some chillingly anti-human corporations out there; ADM is one; Raytheon is another.
  • Eli Lake is an anagram for "leak lie". Is it his real name? Too funny.

  • Yeah, I know, its an oxymoron. Sadly never more than today. Our government has too many secrets. Too many bodies buried. Too many skeletons in the closet. The secrets its keeping are not in your best interest, or they'd share them with you. No, the only way to keep government in check is with transparency. When an employee of the government see's gross negligence, naked aggression, illegal activities, or profound betrayals of the Constitution or the American People, they are honor bound to make that informa

  • Hi America... SureView... its like DEPENDS for the government. It prevents embarrassing leaks!

  • 'The technology has gotten substantially better in the last year,' says Jeffrey Harris, a former head of the National Reconnaissance Office.

    This is what J. L. Austin [wikipedia.org] analyzed as a performative: the truth lies in the fact that you said it, such as stating "I christen thee the Titanic" then smashing a bottle.

    If people fear this technology, the outcome it exists to promote automatically improves. Interesting.

    In the service of this handy performative, it's not necessary to divulge any correct information about

Forty two.

Working...