Slashdot Mirror
CIA Chat Room Violates The Company's Policy
code_rage writes: "An article in the Washington Post says that some 160 employees and contractors of the CIA are being investigated for operating an unauthorized chat room. Two of those accused are "innovative, out-of-the-box, unconventional thinkers - these are essentially the hackers of the CIA, in the most positive sense of the word."
The article raises issues of national security, workplace monitoring, and worker's legal rights. Although security was not compromised in this case, the prospect of unauthorized software running on secure computers might be a little troubling. The article says that senior employees have a keystroke monitor installed on their computers. The 5-day timeline demanded by The Company for response to accusations, seems to preclude the employees the ability to consult with legal counsel, given that clearances take months to be approved."
- The CIA network, by its very nature, must be one of the secure LANs in the world. By installing unapproved software on an unapproved server, they may have inadvertently placed the security of the entire network at risk. While the article dosn't specifically mention what software was used, I seriously doubt that a security audit was performed on the source to verify that it wouldn't open up any holes.
- The chat room created the potential for inadvertent security leaks by allowing unmonitored communications between non-authenticated personnell. Think about it this example, two CIA buddies regularly converse via this chat room during their lunch hours. One day, someone else (either internal or external to their network) gains access to the chat room and masquerades as one of the two regular users. When the other guy comes on, he sees the screen name and automatically assumes that it's his buddy, mentally placing him in the trusted category. Now, when this guy asks him what he's doing today, he probably wont think twice about telling him. Voila, he's just breached national security without realizing it.
As I said above, these guys should be disciplined, and they should probably be forced to re-take the security training classes, but they have showed creativity by solving what they saw as a communications "problem", and by keeping it operational on a heavily secured and monitored network for over a year without detection. These sound like the kinds of guys who would make excellent electronic intelligence agents.There is nothing so pathetic as seeing a beautiful young theory roughed up by a tough gang of facts.
"Don't be paranoid, what do you think this is, the NSA?"
Seems like these guys are really good resources to understand and deal with computer crimes and other computer-related operations. Why would CIA want to criminalize them, leaving only meek people behind? Sure, that's gotta make them more savvy and efficient as an organization.
Seems to me that what these people were doing is pretty harmless from a national security point of view. If their management does not trust their intentions and their judgement skills, they should not have hired them in the first place.
Now, instead, they will make CIA an organization only for dead weights.
seineeW erA srekcaH IBF
"I have not failed. I've simply found 10,000 ways that won't work." --Thomas Edison
I found it interesting, that the article said, "...which CIA investigators discovered while performing routine computer security checks..." Then later said, "...'This activity has apparently been taking place for some time...'" If it was a routine check, then shouldn't they have caught it before it got out of hand? The only reason they didn't, that I can think of, is they wanted to catch the guilty parties involved. I don't feel sorry for any of the parties involved because they breached their contract.
"The quality of life is determined by its activites."--Aristotle
Wait a minute? Is Slashdot considered work related?
Gotta go!
-atrowe: Card-carrying Mensa member. I have no toleranse for stupidity.
The article says:
The CIA is investigating 160 employees and contractors for exchanging "inappropriate" e-mail and off-color jokes in a secret chat room created within the agency's classified computer network and hidden from management.
And then it says:
If they were doing this with the KGB's computer system, we'd be giving them medals. Sadly, it was ours.
Umm, if they were sending around dirty e-mails and fart jokes around KGB computer systems, I doubt we'd be giving them a medal. I think it'd be more like "Why were you dicking around on their computer systems and not gathering information?"
And how come everyone who "thinks outside of the box" is automatically a geek and a hacker? Where I work (which is not the CIA), we reward people who think outside of the box, but we'll also fire in a heartbeat those people who abuse our systems, even if it's something minor. Why? The reason is that when someone abuses something for a harmless reason, there's no reason that they might someday cross the line and abuse it in a very damaging way. It's about responsibility and decision making capabilities. If they can't conduct themselves in a responsible manner, they're a potential liability. Whether they think "outside of the box" or not is irrelevant. Conduct and action do not have an effect on the ability to solve problems.
Frankly, I'm glad that the CIA is watching their internal networks and trying to maintain good employee conduct. I wouldn't want some care-free hacker in charge of maintaining information that, if put in the wrong hands, could endanger the welfare of the country, just like I wouldn't want some carefree hacker on my computer network doing things that could possibly make my work day more hectic.