Swiss IT Guy Goes Rogue With US, UK Intelligence Data
How can a single employee manage to download large amounts of sensitive counterterrorism data shared between three nations and simply trot it out of the office? That's what Swiss, U.S. and UK intelligence officials are trying to figure out. Apparently, it was easy. The employee's warnings about improper data management had been ignored, so perhaps he was demonstrating his point.
Dec 4, 2012 2:48 PM PT
American and British intelligence agencies on Tuesday were warned by the Nachrichtendienst des Bundes, Switzerland's federal intelligence service, that some shared information related to counterterrorism had been stolen.
Last summer, an NDB IT technician who felt his ideas about how data systems should be handled were not being taken seriously reportedly downloaded terabytes of data that had been shared between the NDB, the U.S. Central Intelligence Agency and Britain's MI6.
The man, whose name has not been released, reportedly looked to sell it to foreign officials and commercial buyers. While worthy of a Tom Clancy novel, many questions are still being asked -- including and most notably, what was in the data?
"In this specific incident, we don't know if it is a big deal or not," said Fred H. Cate of the Center for Applied Cybersecurity Research at Indiana University. "What should make us nervous is that this happened at all. It reportedly included a large amount of data, and we should be nervous that it was potentially made public."
The NDB, CIA and MI6 did not respond to our requests for further details.
The Weakest Link
What this also proves is that security is only as good as those who have access to it, and no amount of firewalls, encryption or security measures can overcome the human element.
"It is that thing that security professionals always say, which is that the human user is the weakest link," Cate told TechNewsWorld \u2013 and the more humans, the more potential weak links in the chain.
"That is exactly right," Cate agreed. "We talk about the security issues, but we don't talk about the fact that we need greater sharing, and with it comes greater vulnerability."
The irony in this case is that the weakest link turned out to be someone who had warned about a lack of security for this potentially sensitive data.
"The lead-in to this story suggests an employee at NDB that was warning that the data wasn't being adequately protected decided to make his point in a career-ending fashion," said Rob Enderle, principal analyst at the Enderle Group. "Given the lack of protective controls -- which allowed him to download and exit the building -- it is likely NDB heard of the theft from the employee and then overreacted."
Additionally, the more parties involved, including different government agencies -- and moreover, different countries -- only serves to exacerbate the possibilities for security holes.
"At the end of the day, technologies are only as good and secure as the people who use them," said Charles King, principal analyst Pund-IT. "That's certainly the case in high-profile situations like this, but it also applies to everyday LOB employees and the way they follow security procedures."
Security Measures for Big Data
What is also notable is that the alleged culprit -- or anyone for that matter -- could even download huge amounts of data without setting off alarms or warnings -- but perhaps this is the point the individual had been trying to make all along.
"It is astonishing to me that the volume of data that seems to be involved here was able to be taken," Cate emphasized. "You'd think the security agency would have the same triggers that many companies have in place when someone is downloading a lot of data."
Creating a system that can ensure this couldn't happen isn't something that's just for movies and spy-thriller novels. In fact, it doesn't even sound as if the individual responsible needed to mount any Mission Impossible-type attack on the system, but rather downloaded the information and walked out of the building.
Shouldn't it be easy to protect against such a theft?
"There is a ton of technology available to prevent this kind of activity, [starting with] physical protections which prevent storage media - basically advanced airplane scanners -- from going into or out of areas where they could be used to pull data from hard drives," Enderle told TechNewsWorld.
This should have been easy to catch in a low-tech physical search or via activity monitors that raise flags if someone is downloading information over a short time.
"The managers of this agency are more to blame for this than the employee is," said Enderle.
The File-Sharing Factor
What also isn't known is whether the purported terabytes of information contained anything truly sensitive or even if it was data that had been analyzed.
"This could be raw data where it may not link to specific intelligence, but it is hard to believe it we're sharing raw data with other intelligence agencies," said Cates.
In fact, it is more likely that the data could have contained investigative leads; if compromised, they could be a real concern for security. This raises the question of why such important data would be shared -- but one only has to look back to 9/11 to see that the lack of sharing resulted in security oversights.
"The word 'sharing' is interesting because the biggest issue is getting intelligence out of data," added Cates. "Connecting the dots is hard when it is being done in one agency. It is hard with one person, as you have to take what you know and try to connect it. The challenge is multiplied, however, as there is more data."
There doesn't seem to be any alternative to effective information sharing.
"You can point to numerous events -- such as the 9/11 attacks, which were probably the most damaging -- where the historical tendency to hoard information by local, state and federal law enforcement agencies helped prevent anyone from detecting the terrorists or developing a big-picture view of what was going on," King told TechNewsWorld. "That said, the situation at NDB may inspire some sort of cross-agency review of security procedures that could help prevent similar events from happening in the future."
As 9/11 proved, it wasn't so much about sharing the data as making use of it. In the years that have followed, efforts have been made to better connect the dots; hence, greater sharing -- something that in the Tinker, Tailor days of the Cold War was often done with great reservation. Now, in the era of cooperation, the dots are there.
"Do we have the tools to make use of the data and connect the dots? Because that is the question we should be asking," said Cates. "We should always be sharing, but are we capable of using the data and making it worth the risk? Because as this proves, there is always the risk."