Stopping the next WikiLeaks

Preventing the transmission of sensitive data is extremely tough, but technologies such as encryption and DRM can help

Page 2 of 3

Another solution is to implement some sort of digital rights management (DRM). Much of the world hates DRM, and it garnered a reputation for causing problems, even when protected documents are being used legitimately. Still, DRM technologies are convenient in making it harder to share unauthorized copies. Strong DRM should be used to protect confidential information.

Among the DRM products out there is Microsoft's Rights Management Service (RMS); other vendors with competing products include Oracle and Check Point. (As a full-time Microsoft employee, I'm most familiar with the company's DRM offering.) RMS allows you to digitally encrypt selected document formats in such a way that it's possible to prevent reading, copying, and printing of content at a future date. The author or distributor of a protected document can cryptographically determine who can view and read (and copy and print) a particular document. Each time an allowed reader opens the document, the RMS client checks with a parent server to see if the user still has the necessary rights to view and read the document.

In the WikiLeaks scenario, it may have been possible to deny the carrier of the documents the ability to view and copy them further, as soon as their unauthorized use was suspected. Even if the traitor was able to give the documents to other unauthorized parties, the documents could have been rendered unreadable.

RMS isn't infallible, but it prevents trivial misuse (once known). Using a solution such as RMS also might make it possible to determine where the unauthorized documents are being opened, as the IP addresses may be able to be learned as the documents are opened and the RMS clients dial home. I'm sure there are many similar products available, and I welcome alternate vendors to reply in the article comments.

Monitor data transfer patterns for signs of leakage

Yet another method to prevent leaks is to detect unusual transfer patterns -- for example, large amounts of data moving to suspicious locations. In many cases, such as that of WikiLeaks, significant amounts of data are copied to a single workstation. If this load of data retrieval is detected, it could notify the incidence response team to visit the user's desktop.

In order for this type of notification mechanism to be useful, it would have to be secretly implemented, legitimate use would have to be well-defined, and lots of false positives accepted. Still, many intentional data leaks could be stopped with such a mechanism in place.

A related method is to place "red herring" data within large data sets. The red herring is fake data that only exists to be used as an early-warning indicator. Data leak tools could look for the transmission of this information and alert upon its transfer or viewing.

Lastly, companies could require that all data stored to removable media be encrypted and readable on only the company's own systems. Several encryption products (such as McAfee's PGP, Microsoft's BitLocker, and more) have this enforcement ability. This particular solution would require that the protected data not be convertible to a non-encrypted form or allow other transfer methods -- email, FTP, and so on -- of the unencrypted data.

| 1 2 3 Page 2
New! Download the State of Cybercrime 2017 report