The fact that there have been so few surprises in the latest Wikileaks data dump is the best evidence that State Department cable-drafters, consciously or not, knew that these cables would have a very large audience. And the wider the audience becomes, the greater the incentive to be careful with secrets in the drafting. With so few differences between the content of these cables (admittedly classified no higher than Secret) and the content in the news media, we should conclude that U.S. diplomacy is already remarkably open and transparent.
The Wikileaks scandal reinforces what should be an instinct to be circumspect with anything transmitted in digital form. No doubt a battalion or more of counterintelligence specialists warned Defense Department network administrators about the security risks presented by the post 9/11 data-sharing arrangements. To apparently no avail – it seemed ridiculously simple for PFC Manning to extract (allegedly) hundreds of thousands of classified files. With the horse out of the barn and galloping into the next county, the Pentagon is only now tightening its computer security procedures. But there are still those million who have Secret access; the new security procedures are not likely to ward off a few trained and determined infiltrators.
The problems with the digital “cloud” do not stop there. In its recently released annual report, the U.S.-China Economic and Security Review Commission described a Chinese “hijacking” of global internet traffic. The report explains what happened better than I could:
For about 18 minutes on April 8, 2010, China Telecom advertised erroneous network traffic routes that instructed U.S. and other foreign Internet traffic to travel through Chinese servers. Other servers around the world quickly adopted these paths, routing all traffic to about 15 percent of the Internet’s destinations through servers located in China. This incident affected traffic to and from U.S. government (‘‘.gov’’) and military (‘‘.mil’’) sites, including those for the Senate, the army, the navy, the marine corps, the air force, the office of secretary of Defense, the National Aeronautics and Space Administration, the Department of Commerce, the National Oceanic and Atmospheric Administration, and many others. Certain commercial websites were also affected, such as those for Dell, Yahoo!, Microsoft, and IBM.
Although the Commission has no way to determine what, if anything, Chinese telecommunications firms did to the hijacked data, incidents of this nature could have a number of serious implications. This level of access could enable surveillance of specific users or sites. It could disrupt a data transaction and prevent a user from establishing a connection with a site. It could even allow a diversion of data to somewhere that the user did not intend (for example, to a ‘‘spoofed’’ site). Arbor Networks Chief Security Officer Danny McPherson has explained that the volume of affected data here could have been intended to conceal one targeted attack. Perhaps most disconcertingly, as a result of the diffusion of Internet security certification authorities, control over diverted data could possibly allow a telecommunications firm to compromise the integrity of supposedly secure encrypted sessions.