Wikileaks, The Responsibility: Part II

“Weak servers, weak logging, weak physical security, weak counter-intelligence, inattentive signal analysis… a perfect storm.”

“Weak servers, weak logging, weak physical security, weak counter-intelligence, inattentive signal analysis… a perfect storm.”

So said Private First Class Bradley Manning in a series of online chats with Adrian Lamo regarding his ability to download massive amounts of classified data and send it to Julian Assange at WikiLeaks. Manning was then an intelligence analyst assigned to a support battalion with the 2nd Brigade Combat Team, 10th Mountain Division at Contingency Operating Station Hammer, Iraq. He is now under arrest. Lamo is the former computer hacker who turned Manning in to the FBI and the U.S. Army. [A whole series of their chats can be read in Wired Magazine]

Clear from the (edited) excerpt below is that Manning had access to classified documents well beyond any “need to know.” Clear, too, is that the Department of Defense “secure” Internet server system was anything but secure. Did Manning have help or direction? That’s less clear. According to The New York Times, among his closest associations was a group of computer hackers in Cambridge, Mass. – the home of MIT, the Route 128 High Tech Corridor and a major center for research on the Internet, high speed computing, encryption and other sensitive subjects. How many of his hacker friends have ties to foreign governments or are anti-war?

Of immediate interest is Manning’s description of how easy it was and how little attention everyone else way paying.

Manning: We transferred so much data on unmarked CDs… everyone did… videos… movies… music all out in the open bringing CDs too and from the networks was/is a common phenomenon… I would come in with music on a CD-RW labeled with something like “Lady Gaga”… erase the music… then write a compressed split file… no one suspected a thing… kind of sad. I didn’t even have to hide anything
Lamo: From a professional perspective, I’m curious how the server they were on was insecure.
Manning: You had people working 14 hours a day… every single day… no weekends… no recreation… people stopped caring after 3 weeks. I mean, technically speaking.
Lamo: Or was it physical?
Manning: >nod< there was no physical security - 5 digit cipher lock... but you could knock and the door...everyone just sat at their workstations... watching music videos/car chases/buildings exploding... and writing more stuff to CD/DVD... the culture fed opportunities.

In another section:

Manning: It was a massive data spillage… facilitated by numerous factors… both physically, technically, and culturally. perfect example of how not to do INFOSEC…listened and lip-synced to Lady Gaga’s Telephone while exfiltratrating possibly the largest data spillage in American history… pretty simple, and unglamorous… weak servers, weak logging, weak physical security, weak counter-intelligence, inattentive signal analysis… a perfect storm. >sigh< Sounds pretty bad huh? Lamo: Kinda I mean, for the .mil
Manning: I mean what if I were someone more malicious – I could’ve sold to Russia or China and made bank.
Lamo: why didn’t you?
Manning: Because it’s public data it belongs in the public domain information should be free it belongs in the public domain because another state would just take advantage of the information… try and get some edge if its out in the open… it should be a public good rather than some slimy Intel collector. I’m crazy like that.

Crazy? Maybe. Self-serving? Definitely. Manning says he is talking to Lamo because he “needs to try and figure out how I could get my side of the story out… before everything was twisted around to make me look like Nidal Hassan.” He doesn’t have to be Nidal Hassan; being Bradley Manning is damning enough.

There is so much more to this story. Who thinks the government will go after all of it – including the hardware, software and, most important, human lapses in the Department of Defense – and who thinks it will just try to hang Manning from the nearest tree?