If you tell enough stories, perhaps the moral will show up.


Himmler Murder Memos in the NRO

This story in today's FT magazine is interesting in its own right, but it makes a good security story as well:

  1. Don't despise paper. Everyone quoted in the fake memos is dead, the empire they served is one with Nineveh and Tyre, and the record-keeping system was obviously not designed to detect this fraud, but the fakes can still be totally discredited. There is no shadow of a doubt that those notes are inauthentic, and the rest of the bundles they came from are real. What's the IT angle? Well, consider what you can prove with a signed page of printed hashes....
  2. The sideband rules. Laser printing on a document that purports to be twenty years older than xerography. Every suspect document having the file hole torn. These circumstances talk directly to the investigator.
  3. Listen to the language. The public school types who ran the war didn't talk like that and they certainly didn't write like that.
  4. Keep access records. One man only, ever, was recorded as accessing all those bundles....
  5. And of course, follow the motive. He wrote a sensational book...

No comments: