WikiLeaks and Data Loss Prevention
WikiLeaks, the wiki for whistle blowers in government and industry, has been shut down, sort of, in the US. DNS resolution is blocked but at the time of writing you could still get to WikiLeaks using the IP address. Julius Baer Bank and Trust did care for the fact that some of it documents made their way to WikiLeaks so they got the hosting company to block DNS resolution and to block transfer of the domain name to another hosting service. Besides the obvious over reaction, this story demonstrates two other problems.
First, its obvious to anyone with a basic understanding of networking that blocking DNS names isn't enough to prevent access to to the site. Why bother with half a measure that is easily circumvented. If the plaintiffs really cared about limiting exposure of the documents you would think they would spend more time assessing how to do it.
Second, this is first a data loss prevention story. Julie Turner, an attorney for WikiLeaks, summed it up nicely in a quote to Wired:
"If you're dealing with banking records . . . if your bread and butter is confidentiality in banking, then you’d really better have mechanisms by which you can control documents. The bank itself should have had better security mechanisms rather than allowing employees to take electronic copies of things or make copies of things and remove them. That’s not Wikileaks' fault."
Whether you are a lawyer or a banker, it pays to understand the basics of networking and access controls.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
