[unisog] Suspicious Files
sil at infiltrated.net
Wed Dec 10 03:56:28 GMT 2008
On Mon, 08 Dec 2008, Bob Henry wrote:
> What are our responsibilities for handling this information? Can we
> present it to law enforcement or would we be violating the 4th
Your responsibilities are detailed in your policies. If you're the
Information Security Officer, surely you would - or at least should
know the policies in place. That's for starters.
Secondly, what's illegal about possessing images. Do you have any
kind of other proof tying this student into any illegal activities?
How do you know he's not working on say terrorism research? Do you
know anything outside of "he has images of mass destruction!"
You could potentially ruin this persons life with your reaction.
I'm a constant visitor to Crytome.org, FAS.org and other mailing
lists that deal with military intelligence, historical intel,
HUMINT, SIGINT, IMINT, you name it. If I gave you my machine,
you could infer the same thing: "Oh my lord he has declassified
documents!... Oh my lord, he visits Cartome.org!" Without knowing
me, your inference would be dead wrong. I enjoy history in the
realm of government and intelligence. Far from a spy or a
Your job duties describe - or at least SHOULD describe what your
role is. Your policies should describe what is and what is a
mandate/control/guideline. Not some mailing list. Everyone has
a different view of things so while I view you as an alarmist,
I'm sure others keeping quiet would say the same. At the same
time, I understand what you're eluding to, but without any
kind of backing to your inference - "oh my god potential
terrorist!" - this should have gone to your legal department
and NOT a mailing list.
How do you know the student by chance doesn't follow this
list? How can you be sure you didn't violate his privacy
rights by digging into his machine. Were you asked to take
a look at his machine in that context or were you asked to
wipe it. Last I recall, unless I performed forensics and
implicitly SEARCHED for something, there was no way you would
have been able to find "those horrible images" without
Go talk to your legal staff and you may want to read up on
some of the laws associated with information security and
or privacy. Especially 1) being a CISSP 2) being an
Information Security Officer 3) Read and review your policies
you may find your answer there. Is there anything in writing
stating "thou shall not have pictures that are not suitable
to my taste?"
Side note/question - does having copies of the actual
video of planes crashing into the World Trade constitute
a crime? If so let me know, I will send you the links to
millions of sites online. We can make a business out of
tracking people who post those images, videos, etc.
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP
"Each player must accept the cards life deals him
or her: but once they are in hand, he or she alone
must decide how to play the cards in order to win
the game." Voltaire
227C 5D35 7DCB 0893 95AA 4771 1DCE 1FD1 5CCD 6B5E
More information about the unisog