Israel's population registry leak

[Imri Goldberg <lorgandon () gmail com>]

In Israel, many people know that the population registry is available to
download from various p2p networks. It turns out that new versions are
leaked every now and then.
A few years ago, a website offered to sell the registry, and the police was
tasked to find who leaked the information. It turns out that the police was
unable to determine which of 22 organizations, companies and offices that
had access to the information leaked it. (see
http://www.haaretz.com/hasen/spages/1082775.html )

When I read it, I was reminded of the standard method of uncovering leaks:
add a watermark, and distribute different versions to each organization. A
watermark can even be part of a data: a changed digit in the ID number of
some fake person in this specific case.

I also read this kind of suggestions regarding screener leaks from time to
time, but I don't recall it actually happening. I do recall reading some
fiction (a James Clavell book) about purposefully distributing different
versions of some document to suspect parties in an effort to uncover a leak.
Every time I read about a leak, I think, why didn't they add a watermark?!
It's in the books!

Cheers,
Imri

-- 
Imri Goldberg
--------------------------------------
www.algorithm.co.il/blogs/
--------------------------------------
-- insert signature here ----

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.