Breach, Data Security, Vulnerability Management

RSA Conference 2011: The future of WikiLeaks-like sites and their impact on organizations

Security professionals fretting a WikiLeaks-style disclosure at their organization should be much less concerned with Julian Assange's whistleblower site and more worried about copycat sites already on the rise, said Kevin Poulsen, senior editor at Wired.com.

Poulsen, speaking on a panel titled "WikiLeaks: The Aftermath" at the RSA Conference in San Francisco, said Wednesday that Assange, the founder of WikiLeaks, made exposing secret documents "sexy."

"[Assange] made leaking itself an end," Poulsen said. "That clearly is what spoke to Bradley Manning [the U.S. Army private who allegedly leaked the secret cables]. Assange's key contribution is the WikiLeaks brand and ..the idea that leaking is a good thing."

WikiLeaks has evolved to a point now where it is "virtually impossible to distinguish between what they do from any press," Poulsen said. "At this point, they are not a radical organization." (In June, Wired published chat logs between former hacker Adrian Lamo and Manning, though which Manning allegedly confessed to being the leaker).

Looking ahead though, and drawing on the recent infiltration of HBGary and HBGary Federal by hacker group Anonymous, which went on to indiscriminately publish tens of thousands of emails belonging to company executives, Poulsen cautioned that WikiLeaks copycat sites may be more likely to post documents hacked from the outside.

And unlike WikiLeaks, these sites likely will not use judgment or have standards, Poulsen said.

"All that is going to go out the window," he said. "Corporate networks are like Swiss cheese."

Sites wishing to mimic WikiLeaks are going to get better at developing technology so data can be securely transferred, said fellow panelist Jeff Bardin, a cyber terror expert and chief security strategist at XA Systems, whose role includes analyzing jihadist websites.

In addition, in many cases, these sites may operate in countries where they are not violating any laws, Bardin said.

"[WikiLeaks has] started a cottage industry of its own," he said.

Panelist Roger Cressey, a counterterrorism analyst for NBC News and a former National Security Council official, disagreed with the motives of WikiLeaks, arguing that the site lacks the responsibility and accountability of traditional media. He said NBC News often sits on certain stories at the request of the federal government, as long as once the story goes public, U.S. officials promise to provide it with exclusive details.

"Where you stand on this issue depends on where you sit," he said. "The essence of diplomacy is persuading a government to do something they don't want to do. You won't get anything accomplished...without confidentiality."

Poulsen responded that WikiLeaks has only published a small fraction of the roughly 250,000 secret cables allegedly provided to it by Manning and partnered with newspapers to release the documents.

As an alternative to sites such as WikiLeaks, Cressey, who recently was hired as senior vice president at consultancy Booz Allen Hamilton, said organizations must ensure they have a process in place for employees to air grievances.

Ultimately, though, a priority within government must now be to strike a balance between access to information and sharing of information, he said. But there should be no tolerance for leakers.

"You join the government, you sign a pledge, you take an oath," Cressey said. "If you don't like it, get out."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.