Posts Tagged ‘David Dafinoiu’

Classified information leaks onto the Internet

Experts are expecting to see new leaks of classified information online

Tatiana Shadrina

­In many agencies this morning began with “blamestorming” in connection with another scandal involving the leakage of classified information to the Internet. Google’s search engine has revealed classified documents, marked “for official use only.”  

This is not the first time classified information has appeared on the web in recent days and Rossiyskaya Gazeta (RG) experts predict it will not be the last. Some speculate that the active release of data resembles a coordinated hacker attack and, allegedly, this was intentionally done in time for implementation of amendments to the law “On personal information”. However, analysts refute this assumption.

RG’s correspondent has personally verified that with certain search queries Google search results provide links to documents from the Audit Chamber, Federal Communications Agency, Federal Migration Service, Ministry of Economic Development, Federal Service for Defense Orders, and others.

The documents are dated between 2002 and 2011 and can be opened and downloaded. But understanding just how classified the published information is can be difficult. The message that these documents are intended “for official use only” is issued by the search engine. However, the documents themselves do not contain this stamp. Federal agencies are denying that their classified documents have been released.

“Reports claiming that the Ministry of Economic Development’s documents labeled ‘secret’ or ‘for official use only’, have become available to the public are false,” Svetlana Glikman, advisor to the minister of economic development, told RG.

The content that can be found through online search engines is unclassified, and had at various times been published on the ministry’s official website, she says. For example, information about the trade and economic partnership between Russia and Morocco was published on the ministry’s website in 2010.

The Audit Chamber is providing a similar answer: “Search results that show so-called official documents of the Audit Chamber, allegedly labeled ‘for official use only’ are our official ballot materials.” The secret nature of the information is denied by other agencies as well.

But clearly against the background of other scandals, it’s hard to confirm that leakage of information from the federal agencies is impossible.

Meanwhile, director of the Coordination Center for the National Internet Domain, Andrey Kolesnikov, says that these cases should not be linked to hackers. There is no highly intellectual and well-planned conspiracy. Simply, after the first incident with Yandex, many curious Internet users have asked themselves what other secret information may be obtained in an online search, says Kolesnikov. As for this being a reaction to the amendments to the law “On personal information”, they have been long-discussed and there had been some fierce debates over a number of points, but there have not been any “random” mass releases of information, he says.

Leading virus analyst with the Kaspersky Lab, Sergey Golovanov, agrees. Moreover, he told RG, “the more data is on the web, the more search engines index information, and the more information, the higher the probability of a human error when uploading content onto the web.” All the recent leakages are connected to the human factor, argues Golovanov. And systems are simply doing their job without knowing whether the provided information is confidential or not, he says. At the same time, he does not exclude the possibility that data leakage will continue due to the high level of activity of Internet users.

Order is expected to be brought to this sphere with the amendments to the law “On personal information”. All companies working with databases with citizens’ personal information will be required to install necessary technical protection and develop internal rules on dealing with data. Failure to comply with the law will not only be punishable by fines, but also with the revoking of licenses, and citizens whose personal information becomes available to the public, will be able to seek compensation for pain and suffering.

These measures will help prevent data loss in the future. As for the recent cases, the Prosecutor General’s Office has ordered the Office of the Public Prosecutor of Moscow to inquire into the online publication of personal information of chain store buyers, as well as into the media reports about the appearance of restricted official documents of a number of federal agencies on the Internet. RG experts offer their own recipes for emergency measures. Access to search engines should be closed at the level of providers, says Golovanov.

“The overloaded systems, working in major search companies are unable to quickly classify all of their stored information as confidential. Therefore, search engines can only ban the entry of certain search queries,” he says. And Kolesnikov recalls that, in order to avoid data loss from federal agencies, all of their staff members must abide by the appropriate rules. One of the examples showing employees’ lack of discipline could be that they upload information onto free file-sharing sites, he says.

This happens when, after working on a document, a staff member does not save it on flash disk, but instead simply uploads it onto an online hosting site to share it with a colleague. And though it’s not particularly easy to find the document – access usually requires a link – with time, search engines are able to locate it. Another example of negligence, according to the expert, is working with secret documents on a home computer. Often, users fail to see whether their computer has been infected; meanwhile, “worms” and “Trojans” drag their information, making it available to the public. A flash disc could also be infected. From it, the virus travels to the owners’ or his colleagues’ work computer. And by the time computer experts identify them, information could already be copied onto the web.

“Search engines index only the open Internet pages, and if a website owner wants to make sure certain pages, or the website as a whole, do not appear in the search results, then he can easily do so by placing a special file-lock on the pages containing confidential information,” adds Alla Zabrovskaya, public communications director for Google in Russia. This can be done at any moment, and when the web robot browses the web the next time, it will not detect or index these pages in order to subsequently show them in search results.


Anonymous forces Cyber Tsar to resign

If your position at Homeland Security requires you to keep cyber attacks at a minimum, you might not have been doing your job justice as of late.

It’s no surprise then that Randy Vickers, director of the US computer emergency readiness team (CERT), resigned on Friday.

Vickers unexpected stepping-down comes after a slew of cyber crimes targeted some of the biggest — and presumably impenetrable — computer networks of the US government. In only the last few months, hacktivists collectives Anonymous and LulzSec have taken credit for attacking the websites for the CIA, Senate and FBI, among others.

The resignation was announced on Friday by way of a brief email, which noted that Vickers would forfeit his title immediately.  In the interim, US-CERT Deputy Director Lee Rock will be stepping in while a replacement is sought out.


“Lee has been the Deputy Director for US-CERT for over a year and we are confident that our organization will continue its strong performance under his leadership,” assistant secretary Roberta Stempfley writes. “We wish Randy success in his future endeavors.”

Vickers had been overseeing all aspects of CERT as director, a position he has held since 2009.

The DC-based CERT office says that the team tries to tackle the cybersecurity of the nation and coordinates cyber information sharing and proactively manage cyber risks to the nation, all the while protecting the constitutional rights of Americans.

In the wake of the hack attacks, several persons affiliated with Anonymous and Lulzsec, worldwide, have been arrested in recent weeks. The US government has reportedly been working with other international agencies to team up in an effort to thwart global cybercrime.

Earlier this month, hactivists trying to further the “AntiSec” movement released around 90,000 usernames, passwords and other private data relating to military personnel that they claim was lifted from consulting firm Booz Allen Hamilton.S

Source: RT