An insider stole a laptop containing military secrets from the US Navy before passing on the information to foreign governments. Experts at InfoWatch stress that the breach could easily have been averted by using something such as a public key infrastructure (PKI).
A US naval serviceman has been held on espionage charges. The insider, who had access to a Navy laptop containing classified information, passed on military secrets to foreign governments, the Associated Press reports.
Petty Officer 3rd Class Ariel J. Weinmann gave the classified information, containing national defense data, to an undisclosed foreign government before he destroyed the computer.
The officer is currently being detained. He faces six charges, three of them on counts of espionage, including a suspected March 2005 visit to Bahrain, where the insider tried to pass along classified information to a foreign government. A few months later Weinmann deserted his submarine for more than eight months and traveled to Austria and Mexico to "communicate, deliver or transmit" the information. In March of this year outside Vienna he destroyed the computer’s hard drive with a wooden mallet.
The Navy has not disclosed which state the insider was working for, what he was seeking in exchange for the information, or how he obtained the computer. It is known, however, that Weinmann has been charged with failing to properly safeguard and store classified information, making an electronic copy of classified information, communicating classified information to a person not entitled to receive it, and stealing and destroying a government computer. If his naval commander insists on a court martial, Weinmann could face the death penalty.
“Once again we have a situation where an insider has been entrusted with secret information and given access rights to it. It is obvious in this particular case the military should have taken better care of its electronic data. Nothing prevented the insider from simply taking the laptop and passing on secrets to foreigners. The incident could easily have been averted. If the information is top secret, then its storage on a mobile computer should be prohibited. But even if there is no choice but to keep it on a laptop, it could have been encrypted and the access key could have been provided via a central server using PKI. Then, if the insider runs away with the computer, all that needs to be done is to cancel his access rights,” explains Denis Zenkin, marketing director at InfoWatch.
Source: KCRA
