Risk
3/16/2010
12:33 PM
50%
50%

Army: Wikileaks A National Security Threat

An Army counterintelligence document claims the site is a security threat because it posts classified government materials.

Wikileaks.org is considered a threat to national security because it posts classified intelligence information, according to a 2008 U.S. Army document Wikileaks posted Monday.

The document, attributed to the Army Counterintelligence Center and titled "Wikileaks.org -- An Online Reference to Foreign Intelligence Services, Insurgents, or Terrorist Groups?", cited the leaking of classified Army materials as the chief reason Wikileaks is harmful to national security.

"Such information could be of value to foreign intelligence and security services (FISS), foreign military forces, foreign insurgents, and foreign terrorist groups for collecting information or for planning attacks against U.S. force, both within the United States and abroad," the document says.

The Army has tried to sniff out a possible mole within its own ranks who might be leaking materials to Wikileaks, doubting the site's assertion that it receives classified materials from former government agency employees, according to the document.

"These claims are highly suspect, however, since Wikileaks.org states that the anonymity and protection of the leakers or whistleblowers is one of its primary goals," according to the document.

Because anyone can post to the site and there is no editorial oversight, the public may use Wikileaks as a source of misinformation, or to create lies or propaganda to promote a positive or negative image of a targeted audience, according to the document.

The Army has sought not only to identify anyone within its own ranks leaking documents to the site, but also to encourage other organizations to do the same to try to take the site down.

"Web sites such as Wikileaks.org have trust as their most important center of gravity by protecting the anonymity and identity of the insider, leaker, or whistleblower," the document stated. "Successful identification, prosecution, termination of employment, and exposure of persons leaking the information by the governments and businesses affected by information posted to Wikileaks.org would damage and potentially destroy this center of gravity and deter others from taking similar actions."

Neither the Army nor Wikileaks could be reached immediately for comment Tuesday.

The goal of Wikileaks, according to the site, is to be an uncensorable and untraceable repository for the public to leak public and private-sector documents in an expression of freedom of speech.

Plagued by controversy since its inception, the site often runs afoul of institutions whose confidential documents have been posted to it, and has been embroiled in numerous legal battles. Wikileaks depends on financial donations and a list of organizations that back it.

In fact, the site is currently in the middle of a fundraising drive; it needs to raise $600,000 a year to remain online. Wikileaks is online now only in an abbreviated version until it raises enough money to relaunch.

Media publishers such as The Associated Press, The Hearst Corp., Gannett Co. Inc. and The E.W. Scripps Company, as well as advocacy groups such as The Electronic Frontier Foundation and The American Civil Liberties Union are among Wikileaks' supporters.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3971
Published: 2014-12-25
The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service (daemon crash) by attempting authentication with an invalid X.509 client certificate.

CVE-2014-7193
Published: 2014-12-25
The Crumb plugin before 3.0.0 for Node.js does not properly restrict token access in situations where a hapi route handler has CORS enabled, which allows remote attackers to obtain sensitive information, and potentially obtain the ability to spoof requests to non-CORS routes, via a crafted web site ...

CVE-2004-2771
Published: 2014-12-24
The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.

CVE-2014-3569
Published: 2014-12-24
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshak...

CVE-2014-4322
Published: 2014-12-24
drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to gain privileges or c...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.