Earlier today I had a very interesting chat with veteran information security journalist Kevin Poulsen about his new book Kingpin.
Kingpin is a ripper read and the full interview should be up some time tomorrow with this week's podcast. But it was Kevin's comments around Wikileaks that I found particularly interesting.
It's been my long held belief that Wikileaks is somewhat similar to Napster; both entities are symptoms of a larger issue, they're not the cause. The ease with which Bradley Manning allegedly downloaded all the material leaked to Wikileaks is, in my mind, the real issue at play in the whole Wikileaks saga.
With Napster, the issue was the rising popularity of the Internet and consumers' newfound ability to infinitely and freely replicate digital files like mp3s across a network. Which particular software was used to do this was of little consequence.
Napster was shut down by US courts, but that did little to curb online piracy. In the same way, I very much doubt the closure of Wikileaks will do much to stem the flow of sensitive information on to the Internet.
In addition to other, similar sites like Daniel Domscheit-Berg's OpenLeaks operation, Anonymous has proved you don't need millions in donations and a massive public profile to air an organisation's dirty laundry on the Internet.
Those who stole information security company HBGary Federal's e-mail, under the flag of Anonymous, seem to have had no problem hosting the mail on public websites, for example.
The domains of said sites do get yanked every now and then, but another site soon pops up. It's proof that once the genie is out of the bottle it's impossible to get back in. I thought we all knew this already.
But Poulsen believes the HBGary Federal thing is an interesting development for another reason.
"We could see a whole new crop of insta-Wikileaks sites that are based not on leaked information but on stolen information," he said. "I do wonder if the next big leaking incidents we see... might come from outside hackers who are politically motivated or revenge motivated or inspired by what Wikileaks has done."
"There are a lot of companies and organisations out there that are no more secure than T J Maxx was when it got hacked, but who have been spared because they have nothing of value to the criminal underground. Now if they start being targeted for ideological reasons they're going to find themselves just as vulnerable [as T J Maxx]."
It's a pretty difficult argument to poke holes in, and it should be a wee bit worrying for organisations with dirty laundry to air.
The HBGary Federal leak certainly got a lot of attention, and it's hard to see how the "operation's" success won't encourage further activity of this type. Maybe the best defence against this thing really is running an ethical, transparent operation.
Interesting times in infosec indeed...