Schneier on Security
A blog covering security and security technology.
« Writing about IEDs |
| Fake 300, 600, and 1,000 Euro Notes Passed as Real »
March 20, 2006
Security Through Begging
Last summer, the surprising news came out that Japanese nuclear secrets leaked out, after a contractor was allowed to connect his personal virus-infested computer to the network at a nuclear power plant. The contractor had a file sharing app on his laptop as well, and suddenly nuclear secrets were available to plenty of kids just trying to download the latest hit single. It's only taken about nine months for the government to come up with its suggestion on how to prevent future leaks of this nature: begging all Japanese citizens not to use file sharing systems -- so that the next time this happens, there won't be anyone on the network to download such documents.
Even if their begging works, it solves the wrong problem. Sad.
EDITED TO ADD (3/22): Another article.
Posted on March 20, 2006 at 2:01 PM
• 15 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Hopefully the moral of the story was not intended to be something like "beggars can't be choosers"...
"The most secure way of preventing information leaks is not to use Winny software."
If it wouldn't be so very, very painful, it'd be funny. Why is it that government ppl either overreact dramatically, calling for a police state, or are, like in this case, just like helpless lil' kids?
Somehow politicians manage to show grave incompetence in all areas - leading to me asking myself in which area they actually do *some* good.
You have got to be kidding me!
I can't read Japanese, so I have no idea what the original intent of the minister was. However, couldn't the story be read as simply a journalist's failure to understand that the minister is asking that people with access to sensitive data (either governmental or commercial) should stop running the damn file-sharing software on their machines?
That might be true, but even -that- is not the proper response. A secure-by-default system would prevent the files from being shared "accidentally". I don't believe that any system can survive a determined attempt at subversion (as in, the nuclear scientist purposefully sends the secrets out to the file sharing network), but certainly we intelligent human beings can design a system that prevents this sort of thing from happening accidentally.
In one of the teleco's here (NZ), we were not allowed to connect any machine that was not "certified" secure. Also we would have random audits on HDD contents to make sure nobody was taking secrets away with em, and there was no extra programs installed.
It should be noted that there really is only comercial secrets here. In the modern day, nuclear tech is really not hard at all and many ppl around the world could implemet a useful nuclear program (power gen or bombs, with or without spent fuel processing).
Its the material thats hard to get.
Couldn't they just publish a notice written in Japanese ordering everybody who can read it to kill themselves?
Still, if it does work, that's one major "success" story the RIAA and friends can wave about the place. Perhaps they should try it in the US?
JMC: A few areas where government does some good: medical research, biological and physics research generally, road systems, vaccination programs, air traffic control, fire fighting. Making it safe for people to walk around without private armies (it is not an accident that there are Somali refugees in New York, not American refugees in Mogadishu).
I know, I know, it's a reflex to call government useless when it does anything wrong--but it's a dangerous reflex, and one that should be challenged. That government does some things imperfectly--and that some governments are better than others--doesn't mean that it's useless, or that all governments are equally bad.
Seems to me that someone needs to think about their data security model, and put in place appropriate levels of access for the differing levels of classification.
This is not a new problem. Its just that these days its almost impossible for something like this to stay under the radar. Id be prepared to bet that half the defence contractors out there still have relatively insecure dialup systems that arent even in a separate hunt-group. I bet half the defence contractors today dont even know what a hunt group is.
Its ironic that in todays commercial world, many businesses are now far more secure than important government installations or national infrastructure.
Simply avoinding windows doesnt solve this problem. If there is no requirement to treat data with appropriate levels of caution, then it will be exposed to risks. non windows systems are just as vulnerable to attack as windows ones. The only real difference is that windows attacks have a longer public history. Does that make them less secure or just the devil you know?
These days im more liekly to trust the likes of microsoft who have a relatively transparent security drive and are security talent where they can find it to say the likes of apple who still hide behind the we dont need to worry type of attitude.
At the end of the day when you are handling data of c3 or c4 in classification you should leave nothing to chance.
Um, what planet are these people from?
P2P was responcible for ONE problem. What are the odds that the next problem will also be P2P related?
Regarless, it's like trying to stop a weak dyke from breaking by drying up the ocean. Even if P2P is responcible for the next 1000 attacks (unlikely), would not basically any solution other than asking people not to use P2P be simpler?
I mean, if I had to choose one thing that I believed the public would not do if asked, it would be P2P.
I did a bit of googling about this to see if I could find out more about what happened. Here are a few of the articles that I found:
This type of leak has happened many times, often when an employee takes sensitive documents home to work on them, usually on a USB stick. I found no references that indicated that any classified information had leaked.
In this case, the contractor was performing inspections at the plant and loaded the information onto his laptop to prepare his report. It's not clear whether the information leaked while he was at the facility or later when he was back at the hotel.
The folks who do these inspections are often on the road for 100+ days per year and use their laptops for entertainment while travelling. I'm sometimes amazed at what software they load on these PCs. I don't think that file sharing software would be particularly unusual, even though it's against company policy. The travellers need administrator rights on their PCs to do their jobs, so it would be difficult to stop them from loading unauthorized software while on the road.
I guess the news was the outstanding stupidity of the Japanese bureaucrat's response -- but we shouldn't think our own bureaucrats and politicians are much smarter. I'm reminded of our government's response to high energy prices: begging consumers to use less, harassing suppliers, and throwing money at even more costly alternatives -- instead of relieving the obstacles the government itself has created to increasing supplies.
gerry ford: "whip inflation now"
We, tech-savvy people in Japan, believe that banning Winny never solves the right problem. I suspect that much of Winny users never know what is the appropriate security measure to be taken while using the software, which is such a simple thing as not hiding file extentions on the explorer, updating antivirus pattern files regularly and NEVER opening suspicious files.
I think that enlightening users -- including letting them know that they should never take out classified documents or use private PCs to handle them -- is the correct way, however, as you know it is also a hard and time-consuming way.
I understand that begging "Do not use Winny" is the easiest way for our government to mitigate the damage with a short message so every citizen can hear. And of course, it is in line with their agenda, that is, to let us know that they are doing "something" to prevent damage, considering that many incidents of information leakage, including JSDF's classifed documents, through "antinny" trojan are reported in the mainstream media.
I expect that they know it is only a temporal solution, and it may be a good sign that there are several government-related sites that tell you how to protect you from such malwares on the file sharing networks, aside from not using Winny.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.