Good point ... but there has to be an original uncoded version 'somewhere' ... it'll always be open to abuse.

trouble with the modern codes is if the machine with the key in it dies, then you are stuffed...

IMO, if it can be coded, it can be uncoded ... the only factor is time.

Imagine the furore when a coded document suddenly appears on WikiLeaks, albeit slightly later than the uncoded version would have been.

I'm amazed that staff with access to such sensitive security related information are allowed to download any data onto CDs/pendrives. In my experience many organisations such as banks who hold customer data have deactivated all pendrive ports and CD drives in order to reduce the risk of viruses and more importantly to make it more difficult to extract confidential data.

Nothing ever changes apart from the fact that the methods become more sophisticated. Years ago, I government laboratory I was involved with had a backup drive "borrowed" overnight by a bent technician. The R&D data on the drive was worth millions, yet the technician gained around £2K from selling a copy of the drive to the highest bidder and a few years behind bars.

More recently, a high security government research facility I'm involved with had it's backup servers interrogated by a former employee now residing in a foreign country. Fortunately, the intrusion was detected within 40 seconds and the connection was terminated.

This week, Leeds University has reported intrusion attempts to a confidential drug research database used by authorised users throughout the world. These intrusion attempts have occurred around every 20 minutes for weeks and all originate from servers on the Chinese mainland.

I'm afraid that preventing access to USB ports and drives is no longer the answer. Determined hackers are far more sophisticated than that. A government security expert told me years ago that the best IT experts are not employed in the industry - they are out there earning their living by hacking.

True prof, but disabling CD/USB drives may deter the opportunist. I don't think the bloke who copied the files onto a CD was a leading hacker

Part of the problem isn't over whether information is encrypted or not. It relates to the number of people with the highest-level of security clearance in the USA.

It would be easy to think that only the President, his Chiefs of Staff, other very senior military personnel, some very senior diplomats & civil servants and a few others might have such clearance. However there are actually around 854,000 Americans who've got top-level security clearance. So, if only 1 person in every eighty five thousand would be prepared to leak information, that still provides 10 sources of leaks.

Chris

A relevant link:
http://projects.washi...owing-beyond-control/

factor30, you're right of course. I agree that disabling the USB ports and CD Drives might well deter the opportunist and at face value it doesn't sound as if the the culprit was a leading hacker.

I haven't heard anything surprising so far from these leaks.

Are they really secrets?

The technology is there but getting people to see the need for it and coughing up is tough.

I work for a big computer security organisation. Our laptops are encrypted and we run what is called Data Loss Protection which is a system that prevents certain types of information from being e-mailed out, copied onto insecure usb devices etc.

Demonstrating the technology is one thing, persuading customers that they need it enough to put their hands in their pockets is another.

Still you never know Wikileaks may concentrate a few minds.