Army's Lax Security Revealed in Manning Hearing on WikiLeaks Breach
The pre-trial hearing against the Army analyst who leaked classified government documents to WikiLeaks has revealed glaring security flaws in how the military secured its computer networks.
The evidence being heard in the preliminary hearing against Pvt. Bradley Manning centered around documents that were recovered from the Army intelligence analyst's computer. Portions of the hearings were conducted closed-door Dec. 18 and Dec. 19 when the government laid out classified evidence, according to a live blog of the proceedings maintained by the United Kingdom-based publication The Guardian. Manning is accused of illegally leaking hundreds of thousands of classified diplomatic cables to whistleblower Website WikiLeaks last year.
WikiLeaks started posting redacted copies of the embassy cables at the end of November 2010, causing a lot of embarrassment for the U.S. government with its allies abroad. Earlier this year, the site released the remaining cables without redacting them after reports emerged that the full copies were available on some file-sharing sites.
Army investigator Special Agent David Shaver, of the Computer Crime Investigative Unit, testified Dec. 18 that he found electronic references and often full copies of more than 10,000 documents Manning had downloaded, and some classified videos. A forensic analysis of the computer showed Manning had searched for information about WikiLeaks and its founder Julian Assange more than 100 times, as well as searches for information about Guantanamo, Shaver said.
"A lot of the searches seemed out of place," Shaver testified, according to the Associated Press.
Under cross-examination, Shaver admitted he had not compared the actual cables he found with those that had been posted on the Wikileaks Website.
Manning's supervisors said there was no work-related reason for Manning to have been conducting those searches, but one officer admitted to sending Manning and other analysts the link to the database containing the diplomatic cables. He said he thought the database might aid their analysis of threats in Iraq.
Witnesses testified Dec. 19 that no passwords were required to access the cables and there was no prohibition on downloading cables, The Guardian reported.
Security experts have previously questioned why the military did not have automated systems to monitor what kind of data and systems users were accessing, or even logs of user activity, such as downloading data. In fact, the Obama administration issued an executive order Oct. 7 requiring federal agencies to have built-in auditing systems to monitor access to data. New rules also require two people to authorize any kind of data downloads.
Fifteen military staff have been disciplined in the wake of the scandal, according to the Defense Department.
Manning also allegedly wrote a script to automatically download files using the wget program, which is not a "standard" program on military computers, according to Shaver. It's not clear what operating system the military had running on these machines, but wget is a standard part of Unix and Linux systems and readily available online for Windows and Mac OS X.
Previous reports have claimed that Manning downloaded and copied data onto CDs pretending to contain music by Lady Gaga. Intelligence analysts where Manning worked routinely loaded music, movies and games bought in street markets in Iraq on the military's secured computer network SIPRNet, according to court documents. Analysts at the "sensitive compartmented information facility" also downloaded music on the computers and played games on the same machines used for accessing classified information, testified Capt. Casy Fulton, Manning's supervising officer.
"There is only a limited amount of supervisors; we can't supervise everyone every second of the day," Fulton said.
Army investigators described how they found evidence that Manning had directly communicated with WikiLeaks founder Assange on Manning's personal computer. Investigators found two email addresses linked to Assange listed on an instant messaging client's "buddy list," and a copy of an email in which Manning told an acquaintance he'd provided WikiLeaks with a classified video of a 2007 Apache helicopter attack in Baghdad that resulted in civilian casualties.
Investigators also recovered 14 to 16 pages of chat logs that were logged by the Adium instant messaging client. Even though Manning had taken the chats "off the record," which uses a cryptographic protocol to encrypt instant messages. However, Adium logged OTR chats by default.
Investigators also found evidence that Manning had re-installed the operating system and wiped the hard drive in early January 2010.
The prosecution also released a text file that had been on a memory card alongside some 500,000 battlefield reports.
"This is possibly one of the more significant documents of our time, removing the fog of war and revealing the true nature of 21st century asymmetric warfare. Have a good day," the text file reads.
The United States has claimed the data breach imperiled valuable military and diplomatic sources abroad. Manning's lawyers have argued that once exposed, the classified material has proved to be harmless.
After both sides finish presenting at the preliminary hearing, a military officer will recommend to the commander of the Military District of Washington whether Manning should be court-martialed. Manning could also be tried on 22 charges, including aiding the enemy. If convicted, he could face life in prison.