Simply Security - News, Views, and Opinions from Trend Micro

Posted on February 8th, 2012 in Current News, Privacy & Policy by Simply Security | Be the first to comment | Tags: Current News

Bradley Manning's lawyers assert that lax data security practices led to their client being able to access secret government documents.

Lawyers for Pfc. Bradley Manning, the U.S. Army analyst allegedly responsible for leaking classified government documents to WikiLeaks, say the military's lax data security protocol is largely to blame for the biggest leak of U.S. secrets in the country's history.

Manning has been accused of leaking hundreds of thousands of secret government documents to the whistleblower website run by activist Julian Assange. The controversy dominated headlines in November 2010, when WikiLeaks published the documents, which included highly sensitive – and often embarrassing – details about the U.S. government's relationships with several foreign entities as well as other classified information.

If convicted, Manning could face life in prison.

In a preliminary trial this week, Army investigator Special Agent David Shaver testified that Manning had downloaded portions and full copies of more than 10,000 documents and videos. Though Shaver admitted that he had not compared those documents to the ones actually posted on the WikiLeaks website, he did add that "a lot of the searches seemed out of place," according to reports.

Technology news website eWeek reported that Manning's supervisors testified that there was no "work-related reason" that Manning should have performed those searches. However, the report indicated that one officer sent Manning a link to one of the databases on which cables were stored.

This information could play in Manning's favor. According to the Associated Press, Manning's lawyers are taking a "three-pronged" approach to their client's defense. First, the lawyers are arguing, Manning should never had access to the classified material. Next, the defense contends that the data security practices at his workplace are too lax. And finally, the potential damage from the incident never really materialized anyway.

Whether these arguments are enough to convince the court remains to be seen, but to those in the data security industry, Manning's lawyers do have a point. Though Manning allegedly wrote the script for a program that allowed him to automatically download the cables, security experts have questioned why the military did not have systems in place to monitor activity in the databases, according to eWeek.

Given the extent that organizations – both in the public sector and private – rely on data and the systems on which is it stored these days, it is crucial that network monitoring solutions are deployed to minimize the possibility of a data breach.

For its part, the Obama administration in October issued an executive order that defines the measures federal agencies must take to protect against insider breaches. Included in the new order are provisions regarding removable media, access control and online identity management, among other measures.

Security News from SimplySecurity.com by Trend Micro