Those of you who find the Wikileaks story fascinating, as I do, might enjoy zooming through Red’s Query, a fictional piece of work by technology media executive Eric Lundquist. The last quarter of the book is a thriller that reveals some interesting techniques for blowing past computer security measures to gain access to sensitive information.
Of course, sensitive information can be anywhere on the spectrum from embarrassing to potentially harmful — or dangerous, such as inside information from a financial institution, according to Tanya Forsheit, founder of the Information Law Group in Los Angeles. That’s why many states, independent of federal legal requirements, now are requiring companies to put in place such computer security measures as “programs, policies and procedures that are appropriate to the size of the company to mitigate risks,” she said.
Even if a data breach is just embarrassing, “the reputational harm is difficult to quantify, which is yet another reason” to think ahead, Forsheit said.
Some corporations even do their own hacking to test computer security measures, according to Darren Hayes, an expert in the field of computer forensics and security and a professor at Pace University’s Seidenberg School of Computer Science and Information Systems in New York.
“I know of corporations who have brought in the services of hackers, or even employed them full-time,” Hayes said. “But policy within law enforcement does not allow them to work with convicted hackers. It’s a problem, because they can’t bring in all the expertise that they need.”
The U.S. Navy offers scholarships for people with no criminal record who are interested in hacking, according to Hayes, who works closely with the New York Police Department and United Nations, among other organizations, to follow digital clues.
“There are not enough people out there doing this type of work,” Hayes said. “We need a lot more people.”
Hayes has a special sensitivity to security, having begun a 10-year career in the financial services industry in 1990 at Cantor Fitzgerald in the World Trade Center. At Pace, he manages the computer forensics laboratory, conducting research with students and publishing much of it in the Institute of Electrical and Electronics Engineers, or IEEE.
Technology improvements in tracking wanted criminals must be made to capture suspects like WikiLeaks founder Julian Assange, who was able to cover his digital trail before surrendering, according to Hayes.
Not much has been revealed about how the latest U.S. diplomatic cables wound up on the WikiLeaks site, other than to implicate 24-year-old Army Pfc. Bradley Manning, who is rumored to have used music files as a cover to download the cables onto CDs.
“Bradley Manning is not that tech savvy; he probably had help from someone,” Hayes said — which, coincidentally, is a strategy that unfolds in the pages of Red’s Query.
But unlike fiction, WikiLeaks has real consequences, by way of Manning’s imprisonment, before being convicted of the charge against him, in a fashion some are calling torture.
What if someone hacked into your data center and revealed your private emails or strategic data? Or those of an institution that you do business with?
Bank of America and its customers may soon find out, if threats from Assange are true. On the heels of the bank’s decision this week to join MasterCard, Visa and PayPal in refusing to process payments for WikiLeaks, the whistle-blowing organization put a warning up on Twitter:
“Does your business do business with Bank of America? Our advice is to place your funds somewhere safer.”