#WikiLeaks "malicious search engine poisoning attacks" ?

with 3 comments

Defence staff warned to steer clear of WikiLeaks docs:

“The department fears accessing the site could expose government computers to “malicious search engine poisoning attacks” and that third parties might “collect and exploit visitor data or deliver malicious software through downloaded files.”

— The Ottawa Citizen.

Yet from a computer security standpoint the WikiLeaks #cablegate downloads all seem to be in standard HTML, making the downloads relatively secure from malware because there is no javascript to execute malicious software code

Because the WikiLeaks downloads aren’t in Adobe PDF format they aren’t susceptible to the security vulnerabilities that come with the popular Adobe Reader and software.

Which makes downloading from WikiLeaks safer than downloading from many websites on the Internet.

But isn’t the Department of Defense at risk for:

“malicious search engine poisoning attacks” ?

Ahem…. what is that exactly?

“SEO Poisoning” or “Search Engine Optimization Poisoning” may sound scary but what it means is tricking search engines into ranking your website more highly than it deserves.

This is done by inserting words or phrases that would get high ranking from a search engine. An example of “SEO Poisoning” might be when a webpage selling grass seed gratuitously using phrases like “Justin Bieber.”

Sometimes this dastardly deed is accomplished by including high ranking words and phrases in the same color as the background, making the text invisible to visitors and fooling Search Engines that do see these words and are fooled. This “poisons” the search results.

When I Googled “malicious search engine poisoning attacks” the were only a few direct hits, which explain it as “SEO Poisoning” used to drive traffic to scam websites.

The thing is, every time you search the Internet, using Google or Scroogle or Bing, any search engine is going to bring you results that are not what you are looking for. That’s why you get more than one answer to a search: it is far from an exact science. Poisoning is a serious problem for Google, say. But for the Department of Defense?

What WikiLeaks has done is to make classified material public. Which means that looking at some of this material will very likely violate Defense Department policy.

see no evil, hear no evil

This memo sounds rather like the equivalent of the “close your eyes” method of security. The only way to ensure Defense Department employees do not see any of this material online would be to disconnect from the Internet.

I would expect the Federal Government computer security staff to be aware of this. Perhaps the Department of Defense needs a little refresher course on computer security.

---

MEANWHILE:

In other words, http://www.everydns.com/ has pulled the plug on http://wikileaks.org/

WikiLeaks may be down but they are not out.
Help keep WikiLeaks going by donating to:
https://donations.datacell.com/
http://collateralmurder.com/en/support.html

and

the Cablegate page is still up.

further reading

Australia provides some insight: Crikey: Missing the point on WikiLeaks

WL Central: an unofficial WikiLeaks Information Resource

boingboing: Amazon: Wikileaks has no right to publish the leaks and Wikileaks.org domain ‘killed’

TechDirt: Wikileaks Says Its Site Has Been ‘Killed’

---

---

“Hear no evil, see no evil” Photo by Charlton Barreto on ipernity Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License

About these ads

Written by Laurel L. Russwurm

December 3, 2010 at 3:21 am

Posted in Canada

Tagged with "malicious search engine poisoning attacks", @techdirt, Adobe Reader, bing, boingboing, Cablegate, Charlton Barreto, Department of Defense, DNS, eavestrough, Google, Internet, ipernity, javascript, Julian Assange, PDF, scroogle, Search Engine Optimization Poisoning, The Ottawa Citizen, WikiLeaks