back to article You're Donald Trump's sysadmin. You've got data leaks coming out the *ss. What to do

Imagine yourself as Donald Trump's sysadmin. Trump's first month as President of the United States of America has been notable for the number of information leaks that have occurred. Trump has called these leaks criminal and seems intent on rooting out whistleblowers. Some poor sysadmin is going to be told to prevent these leaks …

Page:

  1. Velv

    Bernard Woolley: That's one of those irregular verbs, isn't it? I give confidential security briefings. You leak. He has been charged under section 2a of the Official Secrets Act.

    (Yes, Minister)

    1. Doctor Syntax Silver badge

      Also from Yes Minister but I think originating elsewhere:

      The ship of state is the only ship that leaks from the top.

  2. TRT Silver badge

    He needs an IT angel.

    Though angels fear to tread where fools russian.

  3. Dave 126 Silver badge

    Whilst this article was informative, I found this more entertaining:

    Press secretary Sean Spicer is cracking down on leaks coming out of the West Wing, with increased security measures that include random phone checks of White House staffers, overseen by White House attorneys....

    ... Spicer also warned the group of more problems if news of the phone checks and the meeting about leaks was leaked to the media. It's not the first time that warnings about leaks have promptly leaked. The State Department's legal office issued a four-page memo warning of the dangers of leaks, and that memo was immediately posted by The Washington Post.

    http://www.politico.com/story/2017/02/sean-spicer-targets-own-staff-in-leak-crackdown-235413

  4. K
    Holmes

    This is a good article..

    But honestly, I think the first point needs to be training and awareness - specifically for senior managers, who don't understand their corporation is effectively a sieve and you can't plug every hole, or the fact that any tool implemented is at most a hurdle to deter or stop people doing something stupid. But a determined person will eventually get through it...

    1. John Smith 19 Gold badge
      Unhappy

      "But a determined person will eventually get through it..."

      As this training film from 1983 shows , it's the enemy within you have to be most aware of.

      Better user education can help cut down the stupid stuff but active malice (for whatever motivation) is another problem.

      And TBH I suspect the D's natural management style has made an exceptionally high number of people who are quite keen to share as much of his Presidency as possible as widely as possible.

      That's where goodwill helps your security.

  5. Aqua Marina

    Reminds me of the time a CEO of a UK based chain-store wanted a webcam on his desk, but at the same time the webcam wouldn't be able to allow the person on the other end to read any documents the CEO might have within view of the webcam. "If I hold up a sensitive document in front of the webcam during a conference, I don't want him to be able to read it". It was a real head-banging moment, he genuinely thought that there was a technical way to stop the camera from focusing on anything other than his face. This was in 2001.

    1. DavCrav

      "he genuinely thought that there was a technical way to stop the camera from focusing on anything other than his face. This was in 2001."

      I can manage that. It's the 80 x 60 resolution. You might just about be able to tell there are black marks on the paper, that's about it.

      1. Prst. V.Jeltz Silver badge

        not entirely related, but about that same time I had a guy who thought the correct way to save a document was to print it out - hundreds of pages. And if they then wanted to alter it , the newfangled text recognition software would read all the pages back into the computer so that the could be edited.

  6. Paul Crawford Silver badge

    A couple of random thoughts:

    1) If you are planning on using a non-company phone to steal stuff, would you not put it in air-plane mode before brining it in? So cell phone scanning won't do much for anyone that dedicated.

    2) If data security and privacy matters then the only type of cloud storage in use should be the zero-knowledge type like Sync, Boxcryptor, SpidreOak, etc, and certainly not MS/Google/DropBox and similar.

    3) So many data loss incidents seem to be accidental emailing to world+dog, that ought to be a lock-down by default in anyone's system, with special hoops to jump through before you can email more than a few folk (or list) and more so if it has any attachments.

    It might just stop corporate drones emailing a multi-MB word document, PDF or power-point slide to everyone in your organisation to say 3 bullet-points as well...

    1. DavCrav

      "1) If you are planning on using a non-company phone to steal stuff, would you not put it in air-plane mode before brining it in? So cell phone scanning won't do much for anyone that dedicated."

      I did think this. Mobile phone, airplane mode, take a few shots, onto an micro SD card in your underwear, factory reset the phone, nobody's any the wiser. Only way to stop that would be to completely ban mobile phones and security scan everyone. I don't even know if standard metal detectors would pick up a micro SD card, as they don't pick up metal buttons on jeans.

      1. John Brown (no body) Silver badge

        "I did think this. Mobile phone, airplane mode, take a few shots, onto an micro SD card in your underwear, factory reset the phone, nobody's any the wiser."

        Sounds like a lot more effort than needed. There are plenty of small cameras available that don't have any form of radio transmitter that needs to be turned off. No need to over think things when there are simple solutions, especially since they don't do a full body scan/search of staff. Yet.

        1. DavCrav

          "Sounds like a lot more effort than needed. There are plenty of small cameras available that don't have any form of radio transmitter that needs to be turned off. No need to over think things when there are simple solutions, especially since they don't do a full body scan/search of staff. Yet."

          The small camera is an option, but difficult to explain if caught with. The small mobile phone offers plausible deniability.

        2. barbara.hudson

          Nothing can beat the old Mark 1 Eyeball. The leaks that Trump is worried about don't need actual copies (which can be faked anyway), but reliable sources who have seen the policies in question (perhaps by being there while they were discussed, even if they were never committed to any sort of physical or electronic form).

          All the "checking people's phones and computers" and setting up data protection procedures are useless in such cases.

          1. Sam 15

            "All the "checking people's phones and computers" and setting up data protection procedures are useless in such cases."

            They do serve to p1ss off more people, and thus generate even more leaking and random acts of (un)kindness.

    2. Farnet

      Paul,

      Modern scanning hardware can not only detect a phone in Airplane mode, it can detect phones that are switched off and turn them back on again.

      They use them at our company....

      1. frank ly

        @Farnet

        Take the battery out?

        1. Scroticus Canis
          Happy

          Re: @frank ly - Take the battery out?

          That's not so easy on an iPhone or Samsung; well unless it exits the phone on its own.

          1. PatientOne
            Joke

            Re: @frank ly - Take the battery out?

            Wait... Samsung phones... That's why they burst into flame: They were trying to go for the 'disconnected battery' option but it must have been an early prototype and sparked instead...

            Apple must be doing the same thing considering their battery woes...

            Wow: Mobile Phone manufacturers are secretly helping the People...

            Oh... my pills. Well, yes, I had forgotten them. Freshly dried frogs, too, how nice.

        2. Version 1.0 Silver badge

          Re: @Farnet

          Turn the phone off and pop it into a large bag of crisps.

      2. Paul Crawford Silver badge

        @ Farnet

        Citations required I think...

        There is always the Tempest-style of scanning for any active electronic device's leakage, but that would be hard to do in most working environments with numerous phones and PCs and a general lack of screening causing "electronic fog".

        1. Prst. V.Jeltz Silver badge

          Re: @ Farnet

          @ Farnet

          Citations required I think...

          ditto.

          I'd like to know how switched off phones can be detected , let alone switched on.

          The phones at your work must have been configged to stay half awake listening for a wol signal

      3. Steve Davies 3 Silver badge

        I knew that there was a use for that

        tinfoil Hat.

        Wrap that around the phone. That'll make the detection a lot harder.

        or that biscuit tin left over from Crimble.

      4. Anonymous Coward
        Anonymous Coward

        Re: remote switch on of Phones.

        I think that is possible for Phones on Standby or similar BUT how do you switch a Phone on that is Physically switched off.

        [No Radio/Bluetooth/WiFi/NFC etc]

        Is there a hidden mode that by some sort of induction will switch the phone on ?

        (Possibly, if a certain chip sees a (voltage/voltage change) it performs a soft-switch on. !!!??? )

      5. Chris 239

        Somewhat BS - If the phone is fully powered off then it has no way to receive a signal that could turn it on.

        But if the phone is compromised beforehand (and for all we know it could be designed compromised) to keep the baseband processor powered up even when the phone looks off then it's possible.

        Battery drain while off might give it away but the baseband CPU is very low power - think of the battery life of the old dumb phones.

        Hmm, I could tell when my old dump phone talked to a cell tower by a beedddeebeep sound from the car radio from interferance - don't get tthat any more - suspicious! Where's my tinfoil hat!

    3. Mark 85

      Given the nature of the leaks, what makes the WH think they're happening in the WH? If someone is privy to some juicy info worth leaking, they'll stop on the way home and pick up a burner phone, use it, then toss it.

      So much of this that's happening smacks of security theater or a snow-job to scare people into silence. Which might work, right up until they've decided they've had enough.

  7. Your alien overlord - fear me

    How can you monitor files for sensitive information being uploaded to Dropbox etc. via their webpages when they use https ?

    1. Jim 43

      Government (and most corporate) orgs have their own trusted CA -- these are added to the OS cert chain. Outbound port 80 and 443 connections are routed through a proxy server which serves as a man-in-the-middle. Instead of your browser seeing the webserver SSL cert you get the dynamically generated cert from the proxy server and since it's using a trusted (by your OS/browser) CA, you don't get any errors.

      1. steamrunner

        Not just governments and corporates. Any small business, organisation, group or even household with a half-decent perimeter firewall can do this. It's not some expensive super-rich option.

    2. This post has been deleted by its author

    3. Andrew Barr
      Black Helicopters

      Good article on whether you are being watch, even via HTTPS.

      https://www.grc.com/fingerprints.htm - website is a bit old school but good information.

      1. BebopWeBop

        Yes a good site, and if you mean by 'old school' coherent and readable without fancy crap, I agree with that as well

  8. Anonymous Coward
    Anonymous Coward

    How about:

    If you want to be a credible president of a major nation, just stop behaving like a dick

    1. AndyS

      Re: How about:

      This whole article reads a bit like an attempt to make a pig farm kosher.

      If the man at the top uses an outdated and unsecured Samsung Andorid phone to tweet insults about whatever bollocks is stopping him sleeping at 3am, what chance does any IT department have?

      1. TRT Silver badge

        Re: what chance does any IT department have?

        Assign the task to BOFH.

      2. Ken Moorhouse Silver badge

        Re: what chance does any IT department have?

        Here's the solution:-

        http://dilbert.com/strip/1995-04-03

        Give him an Etch-a-Sketch

      3. Tom 64
        Windows

        Re: How about:

        Especially since all his minions seem to have no problem to follow his lead on the non-NSA authroised kit. The Big Donnie should just impeach himself right now since he's acting like a 'criminal'.

    2. Steve Davies 3 Silver badge

      Perhaps the press should all boycott the briefings

      Then the Dear Leader can shout and rant for all he is worth but there will be no one there to hear him or to report on his Fake News releases and rants about massacres that didn't happen.

      A few weeks of that and they might come to their senses.

      Hmmm. on second thoughts pehaps they won't. He just loves to hear the sound of his own voice.

      1. Anonymous Coward
        Anonymous Coward

        Re: Perhaps the press should all boycott the briefings

        Steve Davies 3@

        You have just described Trump's Nirvana !!! :)

        BTW: You do realise that 'Mr. Trump' does not have any senses to 'come to'. !!!!!

        P.S.

        More and more I am thinking that the film 'Idiocracy (2006)' [www.imdb.com/title/tt0387808/] is coming true. !!! :(

        I didn't know it was a documentary sent from the future to warn us before it is too late. !!!! :)

        1. Anonymous Coward
          Anonymous Coward

          Re: Perhaps the press should all boycott the briefings

          Lots of people seem to think "1984" was a guide book as well, not a warning.

  9. Rich 11

    Simple answer

    Imagine yourself as Donald Trump's sysadmin.

    OK. First, I'd resign out of principle, effective immediately. Second, I'd take a dump in the fireproof safe before resigning.

    1. Blank Reg

      Re: Simple answer

      First, downgrade all software to the least secure version that still contains the necessary functionality. Then make sure Anonymous and other suitable groups know about it. Then you can quit.

  10. SotarrTheWizard

    Of course, when a major newspaper. . . .

    . . . prints a request for leaks and provides a how-to for the uninitiated user to download, install, and use a TOR browser, and an anonymous file-transfer utility. . .

    https://www.washingtonpost.com/news/politics/wp/2017/01/25/heres-how-to-leak-government-documents-to-the-post/?utm_term=.302a4d44c560

    1. this

      Blighty too

      Note: our beloved Grauniad website has a permanent front page link with similar information.

  11. Philip Storry

    If I were Donald Trump's sysadmin - I'd find a new job.

    He employs people who tweet their passwords. His ego won't allow him to admit that he, and his employees, are incompetent. As the sysadmin, I will always get the blame for his and his employee's incompetence and inadequacies.

    So you find a new job.

  12. Doctor Syntax Silver badge

    "anyone with a personal mobile phone can take pictures of documents and sync, stream or simply walk out of the building with them. Cellbusters can help identify rogue cellphones "

    That deals with cellphones as cameras. What about cameras as cameras? Have they ceased to exist? Even if you have to go to eBay for it there's always http://www.ebay.co.uk/itm/Minox-B-Vintage-Subminiature-Spy-Camera-No-Reserve-/162409310216?hash=item25d0596808%3Ag%3AFZgAAOSwhlZYsbIW

  13. Doctor Syntax Silver badge

    "You've got data leaks coming out the *ss. What to do"

    Tell the ass to stop tweeting.

  14. Blake St. Claire

    Imagination

    > Imagine yourself as Donald Trump's sysadmin.

    There are some things that defy imagination. And I've got a pretty good imagination.

  15. Chronos

    Simple

    Replace Trump with a very small shell script. As long as it still posts to Twitter, nobody would notice.

  16. Redstone

    This is what always kills those conspiracy theories...

    When the yarn is spun, the question (for me, at least) is: does this story require large volumes of government employees not to leak any information? If the answer is 'yes', then the likelyhood of the story being fiction tends toward unity.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon