Home > Cyber Intelligence & Terrorism Research, Intelligence > Classified information leaks onto the Internet

Classified information leaks onto the Internet

Experts are expecting to see new leaks of classified information online

Tatiana Shadrina

­In many agencies this morning began with “blamestorming” in connection with another scandal involving the leakage of classified information to the Internet. Google’s search engine has revealed classified documents, marked “for official use only.”  

This is not the first time classified information has appeared on the web in recent days and Rossiyskaya Gazeta (RG) experts predict it will not be the last. Some speculate that the active release of data resembles a coordinated hacker attack and, allegedly, this was intentionally done in time for implementation of amendments to the law “On personal information”. However, analysts refute this assumption.

RG’s correspondent has personally verified that with certain search queries Google search results provide links to documents from the Audit Chamber, Federal Communications Agency, Federal Migration Service, Ministry of Economic Development, Federal Service for Defense Orders, and others.

The documents are dated between 2002 and 2011 and can be opened and downloaded. But understanding just how classified the published information is can be difficult. The message that these documents are intended “for official use only” is issued by the search engine. However, the documents themselves do not contain this stamp. Federal agencies are denying that their classified documents have been released.

“Reports claiming that the Ministry of Economic Development’s documents labeled ‘secret’ or ‘for official use only’, have become available to the public are false,” Svetlana Glikman, advisor to the minister of economic development, told RG.

The content that can be found through online search engines is unclassified, and had at various times been published on the ministry’s official website, she says. For example, information about the trade and economic partnership between Russia and Morocco was published on the ministry’s website in 2010.

The Audit Chamber is providing a similar answer: “Search results that show so-called official documents of the Audit Chamber, allegedly labeled ‘for official use only’ are our official ballot materials.” The secret nature of the information is denied by other agencies as well.

But clearly against the background of other scandals, it’s hard to confirm that leakage of information from the federal agencies is impossible.

Meanwhile, director of the Coordination Center for the National Internet Domain, Andrey Kolesnikov, says that these cases should not be linked to hackers. There is no highly intellectual and well-planned conspiracy. Simply, after the first incident with Yandex, many curious Internet users have asked themselves what other secret information may be obtained in an online search, says Kolesnikov. As for this being a reaction to the amendments to the law “On personal information”, they have been long-discussed and there had been some fierce debates over a number of points, but there have not been any “random” mass releases of information, he says.

Leading virus analyst with the Kaspersky Lab, Sergey Golovanov, agrees. Moreover, he told RG, “the more data is on the web, the more search engines index information, and the more information, the higher the probability of a human error when uploading content onto the web.” All the recent leakages are connected to the human factor, argues Golovanov. And systems are simply doing their job without knowing whether the provided information is confidential or not, he says. At the same time, he does not exclude the possibility that data leakage will continue due to the high level of activity of Internet users.

Order is expected to be brought to this sphere with the amendments to the law “On personal information”. All companies working with databases with citizens’ personal information will be required to install necessary technical protection and develop internal rules on dealing with data. Failure to comply with the law will not only be punishable by fines, but also with the revoking of licenses, and citizens whose personal information becomes available to the public, will be able to seek compensation for pain and suffering.

These measures will help prevent data loss in the future. As for the recent cases, the Prosecutor General’s Office has ordered the Office of the Public Prosecutor of Moscow to inquire into the online publication of personal information of chain store buyers, as well as into the media reports about the appearance of restricted official documents of a number of federal agencies on the Internet. RG experts offer their own recipes for emergency measures. Access to search engines should be closed at the level of providers, says Golovanov.

“The overloaded systems, working in major search companies are unable to quickly classify all of their stored information as confidential. Therefore, search engines can only ban the entry of certain search queries,” he says. And Kolesnikov recalls that, in order to avoid data loss from federal agencies, all of their staff members must abide by the appropriate rules. One of the examples showing employees’ lack of discipline could be that they upload information onto free file-sharing sites, he says.

This happens when, after working on a document, a staff member does not save it on flash disk, but instead simply uploads it onto an online hosting site to share it with a colleague. And though it’s not particularly easy to find the document – access usually requires a link – with time, search engines are able to locate it. Another example of negligence, according to the expert, is working with secret documents on a home computer. Often, users fail to see whether their computer has been infected; meanwhile, “worms” and “Trojans” drag their information, making it available to the public. A flash disc could also be infected. From it, the virus travels to the owners’ or his colleagues’ work computer. And by the time computer experts identify them, information could already be copied onto the web.

“Search engines index only the open Internet pages, and if a website owner wants to make sure certain pages, or the website as a whole, do not appear in the search results, then he can easily do so by placing a special file-lock on the pages containing confidential information,” adds Alla Zabrovskaya, public communications director for Google in Russia. This can be done at any moment, and when the web robot browses the web the next time, it will not detect or index these pages in order to subsequently show them in search results.

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: