14 DAY TRIAL // During the International Crime Science conference that was held in London last week, Professor Walker revealed to the whole world that information contained in the CIA, FBI, US Department of Defense (DoD) databases had been compromised. This occurred earlier this year when a partner agency granted zone transfer access of its DNS (Domain Name Services). John Walker's academic research of DNS environments has led him to this rather interesting discovery.
Professor John Walker, managing director of forensics consultancy with Secure-Bastion comments, "In one case an organization in the US, working with some government agencies, allowed me to get into their systems to see their servers named for their clients. Their servers were called 'CIA', 'FBI' and 'DoD'. The DNS is a logical map of all the assets of a company. If you can take the logical map of the assets out (IP addresses, system names) you've got an awful lot of intelligence to work on."
Just to make it clear, in the statement presented above, the names are not just somebody's idea of a joke, they indeed refer to the actual US law enforcement agencies. The servers were actually named according to the organization they were assigned to.
As reported by Walker, the US authorities were quite glad that it was he who discovered the security issue and not some hacker with malicious intent. Being a person that strongly values his freedom, the Nottingham Trent University - School of Computing & Informatics professor refrained from conducting further investigations into the matter.
"In my work I get the pleasure of seeing other people's systems. I invariably walk away not believing what I've seen. It's not that the criminals are so clever, but that we're so stupid," says Walker as cited by vnunet.
Walker has been with Secure-Bastion, company that works in partnership with Microsoft to provide IT consultancy to Government, corporate, and local authorities, for close to 9 years now. It is a small company, employing up to 10 people, that specializes in SEPo (Secure Extended Perimeter Operability) solutions for fixed or mobile workforces.