Replies

You’ve just said what I was talking about.

The system has been open to hackers, and there’s been all this brouhaha about McKinnon, and all along the bigger threat was the enemy within - in this case, the disgruntled colleague.

This is why I think this information is either part of a honeytrap, or the people running the security systems must be incompetent.

I should add, my perspective on this comes from working in the IT security industry where time after time, I find a bulletproof network let down by the human element.

Every now and again I’m called in to do security audits. My modus operandi is to arrive half an hour early, walk through the car park, ask where the smoking shelter is, stop out there for a couple, listen and engage in a bit of small talk, tailgate into the building with the smokers, go into the kitchen, get myself a cup of coffee, spin a yarn about the trouble I’ve been having with the IT department, get a bit of “Ah, you want to talk to Dave Smith, he’s always good”, wait for the kitchen to clear, call Dave Smith up, ask him to reset the password for the person I’ve just spoken to, write it down, go back round to the reception, and announce I’ve just arrived for my appointment with the IT Security manager.

I nod politely while he tells me how good the security is, and then I say, “I arrived half an hour early, so let’s see what we’ve got...”

Now bearing in mind, that the customers do actually know I’m coming in to test their IT security... and yet they’re still gobsmacked.

In fairness, most of my customers are 100-200 users, and the guy looking after the IT doesn’t usually have a background in information security.

But you can’t say that the American Military really falls into that bracket. Frankly, it should know better.

That’s why I suspect there’s a lot of disinformation and a few deliberate leaks in that portfolio handed over to Wikileaks. The alternative is too horrible to contemplate.