X

WikiLeaks has U.S. scrambling to plug holes

The idea that a lowly Army private sent WikiLeaks about 750,000 confidential files has the feds scrambling for fixes--and answers.

Declan McCullagh Former Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
Declan McCullagh
3 min read

The apparent revelations originating from the latest WikiLeaks are both embarrassing and rapid-fire: Afghanistan's vice president was found to be transporting $52 million in cash; Saudi Arabia's king called for the U.S. to attack Iran; a British duke mocked Americans' understanding of geography.

This week's leak--still incomplete--of some 250,000 State Department dispatches follows WikiLeaks' April release of a video showing U.S. troops firing on journalists and its release of hundreds of thousands of classified military dispatches from Afghanistan and Iraq. There was also, earlier this year, an internal Army report that worried about the threat posed by WikiLeaks.

These documents add up to a massive store of sensitive U.S. information totaling around 725,000 files and amounting to what Der Spiegel is calling "nothing short of a political meltdown for U.S. foreign policy." And, according to chat logs made public earlier this year, they all came from one source: Bradley Manning, an Army intelligence specialist whose successful efforts to liberate data went completely undetected by authorities.

The possibility that a lowly Army private could have access to such a dizzying volume of classified files, and manage to spirit it away under the noses of his superiors until turned in by a hacker living in a Sacramento suburb, has left official Washington scrambling for explanations.

"One of the questions I have is, while people can access individual messages related to their specific job, shouldn't this system have caught someone downloading 500,000 messages and asked him, 'What are you doing?'" Senator-Elect Mark Kirk (R-Ill.) said on MSNBC yesterday.

While Obama administration officials have declined requests to confirm that Manning was WikiLeaks' sole source for these files, a State Department official may have been a bit more forthcoming than he intended.

"Someone within the United States government with access to the--this information, downloaded it and provided it, you know, to parties outside of the U.S. government," P.J. Crowley, assistant secretary of state for public affairs, said yesterday. Crowley would not specify whether he was talking about Manning.

The leaked files apparently originated from the U.S. Defense Department's SIPRNET, which is used for exchanging information up to the secret level, and is jointly administered by the NSA, the Defense Intelligence Agency, and the Defense Information Systems Agency. SIPRNET stands for Secret IP Router Network. (In what may have been an effort to protect its source, WikiLeaks editor Julian Assange in July publicly denied receiving the State Department cables.)

"It should not have been physically possible for an individual private to download records at will from a classified network onto transportable media," says Steven Aftergood, who directs the Federation of American Scientists' Project on Government Secrecy. "That was asking for trouble."

These are the questions that, government officials admit, are being asked at the highest levels of the Obama administration right now: why was the computer network designed to allow a 22-year-old analyst to copy megabytes of data? Where were the internal alarms that should have detected abnormal behavior?

In July, Pfc. Manning was charged with obtaining "more than 150,000 diplomatic cables" and sending the Iraq helicopter video to someone not authorized to receive it, both in violation of the Uniform Code of Military Justice. Manning, part of the 10th Mountain Division (light infantry) in Iraq, was detained in May and has been in military custody ever since.

A military checklist for SIPRNET connections requires users to consent to monitoring as well as an acknowledgement that assessments will take place to "determine the security features in place to protect against unauthorized access."

That's the theory. In practice, however, that didn't appear to happen. Manning allegedly recounted his clandestine exploits in a series of conversations that Adrian Lamo, the onetime hacker best known for breaking into networks belonging to the New York Times Co. and Yahoo, recorded in full. Lamo told CNET that he did not alter the logs (No. 1 and No. 2) before releasing them earlier this year.

Some excerpts from the logs, which describe slipshod or easily circumvented security measures:

(12:54:47 PM) Adrian Lamo: What sort of content?
(12:56:36 PM) Adrian Lamo: brb cigarette
(12:56:43 PM) Adrian Lamo: keep typing <3 ="">(12:59:41 PM) Bradley Manning: uhm... crazy, almost criminal political backdealings... the non-PR-versions of world events and crises... uhm... all kinds of stuff like everything from the buildup to the Iraq War during Powell, to what the actual content of "aid packages" is: for instance, PR that the US is sending aid to pakistan includes funding for water/food/clothing... that much is true, it includes that, but the other 85% of it is for F-16 fighters and munitions to aid in the Afghanistan effort, so the US can call in Pakistanis to do aerial bombing instead of americans potentially killing civilians and creating a PR crisis
(1:00:57 PM) Bradley Manning: theres so much... it affects everybody on earth... everywhere there's a US post... there's a diplomatic scandal that will be revealed... Iceland, the Vatican, Spain, Brazil, Madascar, if its a country, and its recognized by the US as a country, its got dirt on it
(1:01:27 PM) Bradley Manning: i need one myself
(1:10:38 PM) Bradley Manning: its open diplomacy... world-wide anarchy in CSV format... its Climategate with a global scope, and breathtaking depth... its beautiful, and horrifying...

(02:18:09 AM) Bradley Manning: they were stored on a centralized server...
(02:18:34 AM) Adrian Lamo: what's your endgame plan, then?
(02:18:36 AM) Bradley Manning: it was vulnerable as fuck
(02:20:57 AM) Bradley Manning: well, it was forwarded to WL
(02:21:18 AM) Bradley Manning: and god knows what happens now
(02:22:27 AM) Bradley Manning: hopefully worldwide discussion, debates, and reforms

(01:54:42 PM) Bradley Manning: i would come in with music on a CD-RW
(01:55:21 PM) Bradley Manning: labelled with something like "Lady Gaga"... erase the music... then write a compressed split file
(01:55:46 PM) Bradley Manning: no-one suspected a thing
(01:55:48 PM) Bradley Manning: =L kind of sad
(01:56:04 PM) Adrian Lamo: and odds are, they never will
(01:56:07 PM) Bradley Manning: i didnt even have to hide anything
(02:15:03 PM) Bradley Manning: pretty simple, and unglamorous
(02:17:56 PM) Bradley Manning: weak servers, weak logging, weak physical security, weak counter-intelligence, inattentive signal analysis... a perfect storm

(02:44:47 PM) Bradley Manning: the network was upgraded, and patched up so many times... and systems would go down, logs would be lost... and when moved or upgraded... hard drives were zeroed
(02:45:12 PM) Bradley Manning: its impossible to trace much on these field networks...
(02:46:10 PM) Bradley Manning: and who would honestly expect so much information to be exfiltrated from a field network?
(02:46:25 PM) Adrian Lamo: I'd be one paranoid boy in your shoes.

Lamo eventually decided, he says, to turn on his late-night correspondent. "I turned him in to protect lives and to protect information that's essential for the U.S. to be able to effectively carry out foreign policy abroad," Lamo said at the time.

For its part, the Obama administration is responding by tightening computer security. A one-page memo (PDF) from the White House's Office of Management and Budget this week orders federal agencies to "ensure that users do not have broader access than is necessary to do their jobs effectively."

In addition, OMB said, there must be limits on "removable media" such as USB sticks and CD-ROMs when used on "classified government computer networks."

An executive order that President Obama signed in 2009 says that the secret classification level is reserved for material that, if disclosed publicly, "reasonably could be expected to cause serious damage to the national security." Top Secret is reserved for material that could cause "exceptionally grave damage to the national security."

A Defense Department official told the Associated Press that he was unaware of any firings or other discipline over the security conditions at Manning's post in Iraq. The Israeli military is also reportedly adopting new security measures to prevent WikiLeaks-style disclosures.

Rep. Peter King (R-N.Y.), the incoming chairman of the House Homeland Security committee who has called for WikiLeaks to be listed as a terrorist organization, has pledged to probe what went wrong inside the U.S. military.

"Oh, we will, definitely," King said yesterday. "I intend to have full hearings on this. But the answer is going to have to come from the people who were in charge. And that is the head of the intelligence--the heads of the intelligence community. This cannot be allowed to go on."