The WikiLeaks Breach: A Wake-Up Call About Disgruntled Employees

From the HR blog at TLNT.
Michael Greco is a Partner in the Philadelphia office of Fisher & Phillips. (From the HR blog at TLNT.)

By Michael R. Greco

If the recent WikiLeaks release of more than a quarter-million sensitive files is not a wake-up call to companies about the need to proactively protect confidential information, nothing is.

The lesson is clear. When it comes to protecting trade secrets, preventative measures are as important, if not more important, than remedial measures.

If you have not followed the details of the Wikileaks breach, the basic facts are these: Bradley Manning, a young Army private first class, is accused of stealing hundreds of thousands of classified diplomatic files and memos and feeding them to WikiLeaks, a website known for publishing anonymous submissions of sensitive data while attempting to preserve the anonymity of its contributors.

How (easily) the documents were stolen

According to Manning, his theft of documents was simple: “I would come in with music on a CD-RW labelled with something like Lady Gaga… erase the music… then write a compressed split file.” Hiding his conduct was not difficult either. “No one suspected a thing. [I] listened and lip-synched to Lady Gaga’s Telephone while ‘exfiltrating’ possibly the largest data spillage in America history.”

With U.S. diplomats scrambling to mend fences worldwide as a result of the countless disclosures, the Pentagon announced that it has enacted new security measures to prevent others from inflicting similar damage with little more than a portable computer memory stick.

According to the Pentagon, it has ordered the deactivation of the “write” capability on all computers on the Defense Department’s classified network and limited the number of computers that can be used to transfer data from the secret domain into the open. The new protocol requires that two people be involved in any such transfer to ensure it is properly authorized.

The Pentagon has also required the development of “procedures to monitor and detect suspicious, unusual or anomalous user behavior.” This includes an accelerated installation of monitoring software on all secure computers, many of which do not currently have such software.

Article Continues Below

Company trade secrets can be lost forever

While these measures are a good start, it is surprising that the United States government was not a little further along the curve when it came to preventing the misappropriation of classified information.

Companies should take heed. A trade secret lost is forever lost. For a review of measures a company can take to protect its trade secrets, click here and here.

Pfc. Manning summed up the flaws that enabled him to carry out his theft: “Weak servers, weak logging, weak physical security, weak counterintelligence, inattentive signal analysis…. A perfect storm.”

The bottom line – don’t leave yourself vulnerable to the whim of a disgruntled employee.

This was originally published on Fisher & Phillips Non-Compete and Trade Secrets blog.

Mike Greco is a partner in the Philadelphia office of the law firm Fisher & Phillips. He litigates and provides counseling nationwide to employers concerning legal claims and issues arising from the movement of employees between competitor firms. Mike has prosecuted and defended more than 300 employee defection and recruitment matters, obtaining and defeating injunctive relief in at least 27 different state and federal courts. Contact him at mgreco@laborlawyers.com.

Topics

1 Comment on “The WikiLeaks Breach: A Wake-Up Call About Disgruntled Employees

  1. How he copied and transfered all those files is not so important, but how could a private possibly have access to so many classified documents?

    I don’t have unlimited access to our internal CRM system – there are things i cannot see or do – and the army cannot do that?

Leave a Comment

Your email address will not be published. Required fields are marked *