Ross Anderson discusses the technical and policy details.
EDITED TO ADD (7/18): Yet again, my preoccupation with my book is making it harder for me to write timely and lengthy blog posts. So I thank Ross for writing about this issue, so I don’t have to.
GreenSquirrel • July 18, 2011 11:16 AM
It is an interesting situation and it reminds me of an argument I had IRL about four years ago at a Government conference trying to pump up support for the national ID card.
At the time, I said one of the risks would be criminals simply bribing people to get the data they wanted and the response was “that could never happen, the people with access will be a trustworthy as the police.”
Fast forward a few years and we discover that, just like every other organisation in the world, there are people in the police who will sell data if the price is right.
It is, I think, one of the greatest hurdles in any security / DLP situation – how do you stop your staff being bad?
nobodyspecial • July 18, 2011 11:44 AM
how do you stop your staff being bad?
Same way you stop everyone else being bad, fear of being caught and punishment.
Bank staff also have access to real folding money, you don’t just let it walk out of the door by saying. ‘Oh well what can you do’ -and give them an internal verbal warning when caught.
I can’t see what’s so hard about an access system that logs queries by user id and an automatic suspicious use algorithm.
Even the current state of AI should be able to detect a suspicious query when a social worker in Auchtermuchty looks up a London footballers medical history.
Clive Robinson • July 18, 2011 12:34 PM
The political fall out on the “phone hacking” scandal is spreading and looks like it is going to claim a lot of scalps in the Met Police, Politics and the higher echelons of the Murdoch empire.
Some are saying it will spread into the US and Australia and that “the King Maker will fall” and his empire will be “rent asunder”, perhaps a little bit to Shakespearian for my tast but I get the message.
One useful component: “Uncorruptable” (guaranteed, write-only) audit logs, and the right of a record’s subject to review all access to said record.
People would be a lot more hesitant to “snoop” records. Or to share their credentials for such access with a colleague or someone else.
Just like “real world” security, today. It doesn’t just rely on locks. There are also security cameras (as a simplistic example), and forensic investigations when break ins / thefts occur.
Of course, these records would need to be combined with real, inescapable punishments / disincentives, to make an effective deterrent. (These latter applied with due process requiring proof of guilt; that is, in a court of law.)
Somebody Anon • July 18, 2011 2:03 PM
Why is this such a big deal? Does this not happen in other countries as well? So many governments have used “Phone Hacking” in the past and they will do so in the future too. If there is potential for something to be misused, there will always be someone to misuse.
Liam • July 18, 2011 2:52 PM
The whistleblower that served as the catalyst to this whole thing was just found dead. Natural causes or no, the narrative has just been taken to a new level.
davidshayer • July 18, 2011 3:08 PM
how do you stop your staff being bad?
One way is to include an audit system, code that records every access to the database: what was looked up, and who looked it up.
You cross reference that against which cases your staff are actually working on. For each case where people looked up data totally unrelated to their job, ask them to explain. If no good explanation is offered, you fire them, and perhaps prosecute them.
If you make this policy very public, most staff will know they’ll get caught, and won’t look up things they shouldn’t.
Of course this requires good password hygiene, people must use secure passwords, not written on post-it notes on their monitors, and be changed regularly.
Another option is to have the database know who is working on which cases, and simply not allow people to look up unrelated data.
Chuck Vose • July 18, 2011 3:43 PM
If you don’t have time to write we still appreciate links to timely articles too. Do what you need to do.
David • July 18, 2011 3:56 PM
@davidshayer
“Another option is to have the database know who is working on which cases, and simply not allow people to look up unrelated data.”
One problem with that approach is that it may limit or outright destroy the usability of a system. For example, if such a system were in place across law enforcement systems, then investigators would find themselves blocked out of following leads. Let’s say they are are trying to “follow the money” in an embezzlement case. If a name comes up in the investigation, having to battle through an interior bureaucracy to simply check on “normal” data may cause investigations to either stall (letting the perpetrator get away) or take the least path of resistance (focusing on the wrong guy/gal).
(That’s leaving aside the entire question of what law enforcement should have normal access to in the first place. For simplicity in this discussion, data is just data–it’s the use of and access to that we are discussing.)
It’s analogous to the DoD classification system that I link to in my first post–you don’t have access unless you are “read in”, in which case you have access to probably more than you need.
David • July 18, 2011 3:58 PM
@davidshayer
On the other hand, having a good, solid, and visible audit trail as you describe is another thing entirely. It won’t stop all bad actors (what would?), but users will have to at least superficially justify why they are looking at (and using) particular data.
Chasmosaur • July 18, 2011 4:36 PM
Somebody Anon wrote at 2:03 pm:
Why is this such a big deal? Does this not happen in other countries as well? So many governments have used “Phone Hacking” in the past and they will do so in the future too. If there is potential for something to be misused, there will always be someone to misuse.
The problem here isn’t that the government hacked into people’s e-mails – a private news conglomerate did so. It wasn’t just a few “rogue” or “bad” reporters – it was an encouraged practice. And they weren’t just targeting public figures – such as celebrities, the Royal family and politicians – it was average citizens. Family of killed British soliders were targeted, as were family of 7/7 victims.
This story is actually several years old – it was initially most famous in 2006 for hacking into the voice mail of the Princes and their aides. Arrests were made at that time.
But the biggest outrage currently seems to be around the 2002 case of Milly Dowler, a 13-year-old girl who was kidnapped on her way home from school and killed, but her body was not discovered until six months after the fact. It was recently revealed that during that time, News of the World staff didn’t just hack in to her mobile phone and listen to voice mail – they DELETED messages in the full mailbox so they could hopefully hear something new. This was deletion of potential evidence, and it led the police and the Dowler family to lead that she might still be alive. (The Dowler family received a personal, face-to-face apology from Rupert Murdoch in early July.)
There is also the issue that Scotland Yard truly and fully screwed up the initial investigation, and there may also have been some bribery involved so that they would look the other way.
Repercussions are spreading across the pond to the US, with allegations News Corporation also tried to hack 9/11 victim family phones, and there are reports out today that Fox has a whole “black ops” part of their news organization so they can routinely monitor mobile phones conversations.
All of this was pretty much done in the name of getting a good tabloid story. Not even in the name of security theater. So if you’re okay with the National Enquirer or Fox News hacking into your voice mail because your child or spouse died in Afghanistan, then hey, no harm done.
The Guardian has exhaustive coverage on this:
Chasmosaur • July 18, 2011 4:47 PM
And for the black-humor tinged overview of what I just covered above:
http://www.thedailyshow.com/watch/mon-july-11-2011/have-no-fear–england-s-here
bruce • July 18, 2011 4:58 PM
Chasmosaur omits the latest repercussion: that an alleged participant then worked inside Downing Street for our PM, David Cameron. Allegedly this was despite three notable individuals, two senior politicians and a newspaper editor, attempting to get a warning to DC. Who seems to have had a cosy relationship with Ms Brooks of News International.
It just keeps on growing.
Dirk Praet • July 18, 2011 5:30 PM
@ Somebody Anon
“Why is this such a big deal?”
No offense, but either you haven’t been following this very closely or you are in some way on the payroll of Fox News Channel. Let me sum up some highlights:
And yes, none of the techniques used are particularly new or original, quite to the contrary. But what is kinda shocking is that providers have known about certain vulnerabilities for a long time but just haven’t done jack about it. Same thing in the US: T-Mobile, AT&T and Sprint are still vulnerable to spoofed caller ID voicemail hacking. If you’re a Verizon user, you are (probably) safe. And if that hasn’t got you thinking just yet, look up a company called TruePosition. Chances are that you’ll want to get rid of your mobile phone faster than a cheetah leaving a salad bar.
Chasmosaur • July 18, 2011 5:35 PM
Bruce:
Yes, I did miss that. Too much to cover on this mind-blowing story, I forgot to put it down…
Dirk Praet • July 18, 2011 7:21 PM
Status update:
Controlled panic button pressed at News International following the Anonymous/Lulzsec breach. All DNS servers and web addresses down. Got root, anyone ?
Richard Steven Hack • July 18, 2011 8:15 PM
This is “news” because it’s a “news” organization getting caught screwing around as much as any criminal organization.
The reaction reminds me of the response from the New York Times when Adrian Lamo swept into their system. Previous organizations he had busted accepted his advice and plugged the holes. The NYT decided to prosecute him.
So now all these mainstream news organizations which have placed fast and loose with their “sources” are scrambling to CYA.
Meanwhile, the latest chat log dump of the chats between Lamo and Bradley Manning show that Julian Assange made great efforts NOT to know who Manning was. So while Wikileaks and Assange are vilified, at least we know they protect and not exploit their sources like the mainstream media does. Read the latest Glenn Greenwald on that over at Salon. It’s clear Wired had its own agenda on the Manning issue.
It’s bad enough that the MSM are basically mouthpieces for the government, but now it’s clear they couldn’t care less about anyone in their quest to protect their own power and influence.
This comes as no surprise to me. Both Aleister Crowley and Hitler excoriated the news business as being crooked and malicious scores of years ago. Both of them were right.
Nick P • July 18, 2011 8:32 PM
@ Dirk Praet
There’s so much stuff in pieces that I didn’t feel like putting in all the time to figure out exactly what the fuss is about. So, I appreciate your summary. 🙂
Godel Fishbreath • July 18, 2011 8:59 PM
In one of the sites referenced by this article was this quote from Sun Tsu:
““If a secret piece of news is divulged by a spy before the time is
ripe, he must be put to death together with the man to whom the
secret was told.”
Emphasis added. In this report we want to suggest a more nuanced, though
not necessarily more effective, approach to the problem of maintaining infor-
mation security in a warfighting environment.
”
Nuanced. LOL!
JD Bertron • July 19, 2011 8:31 AM
These companies treat personal data as a natural resource open for exploitation, just as oil fields, mines and forests provide a source of revenue for others.
Property laws and protection laws apply to natural resources, with dire consequences for taking someone else’s property. Apparently this doesn’t apply to personal data, or these mega corporations.
Clive Robinson • July 19, 2011 9:37 AM
For those pointing out the UK Newspaper “The Guardian” as being the people who outed this story you need to know they very probably lifted it without accreditation from UK satirical periodical “Private Eye”.
If you know somebody with back copies of “The Eye” you can see they have repeatedly raised the issue and tried to use whatever (legal) methods possible to find out more. Some of which happened via such things as Freedom of Information Requests.
This is of course not the first time newspapers have lifted stories from other places, but the main offenders in the past have been the likes of The Sun, The Daily Mirror, The Daily Mail, oh and just about all the rest of them…
Whilst there might be little honour amongst thieves, there is with little doubt “no honour amongst journalists”. The sad thing with the modern journalistic clique is they lift direct from the Internet without applying any kind of check even the basic “sanity check” before publishing and there are many examples of obviously wrong spoof stories making it into the UK press as “important news items”.
Anonymous Teacher • July 19, 2011 10:09 AM
I was a school teacher in an environment where cheating was the cultural norm. After a number of attempts to stop my students from trying to cheat I hit upon a method – familiar to Sun Tzu, apparently. If I caught someone cheating, they failed and the person they were cheating from also failed.
Very, very quickly the level of cheating in my classes went from rampant and the norm to almost non-existent. Peer pressure ruled the day.
BF Skinner • July 19, 2011 10:12 AM
@Dirk Praet
“Police officials implicated in selling information”
Should read
Massive routine bribery of police officials by News Corp employees.
Add to your list
Potential investigation from FBI into an AMERICAN company that may be in violation of the Foreign Corrupt Practices Act.
Resignation of the Publisher of Wall Street Journal. (a cohort of Murdochs for 50 years)
Fox News limited quick-change-the-subject coverage that only began weeks after the scandal broke.
The potential collapse of faith by News Corp investors and Board in the Murdoch family.
Clive Robinson • July 19, 2011 10:16 AM
@ Bruce,
Whilst I appreciate that you are busy on your book, have you considered how this might actually relate to it?
I’m assuming you have knowledge of Conrad Black and what got him put in jail, well the same or similar appears to be true of Rupert Murdoch.
Both believed themselves to be above the law, and their respective shareholders, and used/using the organisations they were/are in charge of for personal benifit. I can easily see the shareholders of News Corp filing action to rid themselves of the whole Murdoch clan and even having some of them jailed.
It is one of the failings of the “cult of image” that the party only lasts as long as the good times last. However as with Enron, the only way the good times can keep rolling is by questionable methods of inflating the image. When somebody has the temerity to point out “the emperor’s got no clothes” the image collapses and a reckoning shortly follows.
@ Clive: yeah, the Eye has been on this from the beginning, for sure. It’s a bit much to accuse the Grauniad of lifting it all though, Nick Davies (one of the few remaining real investigative journalists) in particular has been doing sterling work.
I’ve been watching the various scumbags testifying in front of the select committees all afternoon; the filth’s buck passing attempts would have been comical if the situation wasn’t so damned serious. The perils of having a country run entirely by PR men, I suppose. Be interested to see whether the Tory high command force Cameron’s resignation, as he certainly doesn’t seem to give a fuck what the electorate thinks.
In other joyous news, Sir Hugh Ord(ur)e has been giving interviews hinting he’s throwing his hat in the ring for the commissioner’s job. That’s all we need….
Clive Robinson • July 19, 2011 11:07 AM
@ s,
The top of the Met has turned into a game of “last man standing” and unfortunatly one of them is a woman by the name of Cresider Dick, she who was incharge of the shooting of an inoccent Brazilian electrician.
BF Skinner • July 19, 2011 11:26 AM
@GreenSquirrel “people with access will be a trustworthy as the police.”
Almost verbaitm conversation I had with a very experienced GS-15 in a military
service. “We have higher standards.” I held my tounge regarding the fact that
the same organization gave it’s enlisted people a medal for not getting in trouble
for 3 years or that judges often give offenders a choice between jail and service.
Instead I started routing the service’s own Good Order and Discipline reports
every quarter with all the IT infractions. Went from 0 to about 30 a year and
stayed there. The 15 never got the point but others did.
Dave Berry • July 19, 2011 11:29 AM
@ Richard Steven Hack
“It’s bad enough that the MSM are basically mouthpieces for the government.”
The problem here is that the government have been basically a mouthpiece for the owners of the mainstream media.
Richard Steven Hack • July 19, 2011 12:10 PM
Dave: That, too. 🙂 I believe it’s called “collaborating”.
Or in my circles, “conspiracy”, or in the MSM, “conspiracy theory”. 🙂
Glenn Greenwald has a piece in Salon about Yemen and how the LA Times is covering that (up) which illustrates the point. It’s not hard to find illustrations. Just about anything certain “journalists” (like David Sanger on Iran) write is pretty much straight from some government source.
BF Skinner • July 19, 2011 1:41 PM
Someone just planted a custard pie on Rupert’s kisser. The Mrs went straight on the attack See video here http://www.theregister.co.uk/2011/07/19/rupert_murdoch_custard_pie/
Parliment called it a day but could someone please tell me WHO was in tux and tails? I know the UK is often more formal then the rest of the world but really.
bruce • July 19, 2011 3:58 PM
The person in the formal tails was presumably one of the parliament staff, an usher or somesuch. I think it’s likely that she serves under Black Rod.
Please don’t laugh, we’ve had to put up with this stuff for about five hundred years.
AlanS • July 19, 2011 6:30 PM
Carl Bernstein has a nice comparison with Watergate.
Finds the “we didn’t know” defense not even remotely credible:
“Could Murdoch eventually be criminally charged? He has always surrounded himself with trusted subordinates and family members, so perhaps it is unlikely. Though Murdoch has strenuously denied any knowledge at all of the hacking and bribery, it’s hard to believe that his top deputies at the paper didn’t think they had a green light from him to use such untraditional reportorial methods.”
Also thinks the fun is just beginning:
“News International, the British arm of Murdoch’s media empire, “has always worked on the principle of omertà: ‘Do not say anything to anybody outside the family, and we will look after you,’ ” notes a former Murdoch editor who knows the system well. “Now they are hanging people out to dry. The moment you do that, the omertà is gone, and people are going to talk. It looks like a circular firing squad.”
http://www.newsweek.com/2011/07/10/murdoch-s-watergate.print.html
AlanS • July 19, 2011 7:45 PM
So much for today’s Rupert and James dog and pony show. On Wednesday 20 July 2011 at 00.01 am the official home affairs committee report on phone hacking will be released. According to the Guardian it finds that NI “deliberately” tried to block a Scotland Yard criminal investigation into phone hacking at the News of the World. The moved the time presumably to get into tomorrow’s papers. Say goodbye to the pie nonsense.
A blog reader • July 19, 2011 8:57 PM
In other news:
A US federal appeals court upholds the TSA’s usage of full-body scanners in airports. (Though the court did allow the use of the scanners to continue, they did say that the TSA violated the law by not having a 90-day public comment period.)
http://www.wired.com/threatlevel/2011/07/court-approves-body-scanners/
Omri • July 20, 2011 11:55 AM
It’s amazing how much of this vile misbehavior could be prevented entirely by setting up the legal and technical means by which the subject of any database query is notified with the name, date, and contents of the query.
Roger • July 20, 2011 2:38 PM
GreenSquirrel wrote:
“how do you stop your staff being bad?”
nobody special replied:
“Same way you stop everyone else being bad, fear of being caught and punishment.”
I’m afraid that isn’t nearly enough. By far the most important thing is for management to treat staff with respect and encourage the development of a culture of mutual respect and pride in the group and what it stands for.
This takes years to build, and can be ruined overnight by bad managers. But if it is achieved, then staff misdemeanours will be rare enough that it will be economically feasible to employ the technical security measures you suggest. If it is not achieved, then your internal culture will become a war of employees against the organisation, and you will never be able to afford enough technical measures to ensure security.
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
David • July 18, 2011 10:07 AM
Not too much that is surprising. As a former private investigator, I’ve encountered “blagging” and other methods of accessing one’s personal data enough to know that it is a common practice if you are willing to go to any lengths to get to your target.
What was more interesting was the link to the DoD report about changing the structure of the classified information system altogether. FTA:
http://www.fas.org/irp/agency/dod/jason/classpol.pdf
It makes some very good points about how the efforts to secure data (according to the old system) are a hindrance to the use of that data.
My favorite example was about the STU-III, in that the program would never have been allowed to go into effect in today’s climate, no matter how useful it has been.