A Narrative Chronology of Bradley Manning’s Alleged Leaks
In January, I did a timeline of the key dates revealed in Manning’s July 6, 2010 charging document. I wanted to put the timeline laid out in yesterday’s charging document side-by-side with the earlier one to identify what new details there are, presumably showing us what the government has learned since July, as well as the chronology of when the government alleges Bradley Manning accessed and leaked particular documents.
Here’s what the government appears to believe happened.
Before January 8, 2010: Garani airstrike video
Based on my assumption that the video called BE22 PAX.wmv is the Garani video (see Specification 11), it appears Manning allegedly leaked that first. The government says that leak occurred by January 8, which happens to be the date when WikiLeaks said they had an encrypted video of an airstrike on civilians (note, in the past I have supposed that that was the Collateral Murder video, which appears to have been wrong). There’s nothing in the charging document that might explain how they think Manning leaked that video.
Before February 9, 2010: Iraq and Afghan warlogs
Interestingly, the government seems confident that Manning accessed both the Iraq and Afghan War logs by January 8. Wednesday’s charging sheet also describes the leak of 20 cables each from these databases possibly as early as New Years Eve in 2009, but definitely by February 9.
After February 11: Unauthorized software on SIPRNET; the Collateral Murder, Rejkjavik-13 cable, and Defense Intelligence documents
Then, remember, Manning came to the US in January to February 2010. Adrian Lamo has long alleged that Manning got help from some folks in Boston. The timeline shows Manning returned to Iraq on February 11, which also happens to be the first date Manning is alleged to have put the first of two unauthorized pieces of software onto SIPRNET.
Shortly thereafter–on February 15–is the earliest day the government thinks Manning could have leaked the Collateral Murder video, the Rejkjavik-13 cable, and the Defense Intelligence report. All of that suggests that the government believes Manning got software while in the US, loaded it onto SIPRNET when he returned to Iraq, then leaked those three documents using that software. Note, though, that the last date for when Manning allegedly added this software was April 3, right before the Collateral Murder video came out, so it may be that video is the first thing they’re sure he used the software with. In any case, the government still seems to have no idea when these documents were leaked, suggesting that the software may have prevented the government from pinpointing when Manning allegedly leaked any given document using forensics.
March 8: Gitmo documents and bypassing information security
The government seems to know precisely what day, March 8, Manning allegedly accessed what I believe are the Gitmo documents, described as 700 SOUTHCOM documents. Though as with the other documents, they don’t seem to know when he leaked them. Note that March 8 is also the first date for which the government alleges Manning “attempt[ed] to bypass network or information system security mechanisms.” Any of you tech folks have a theory about what that might have been about?
Four days in March: WikiLeaks surveillance?
Then came the leak of “more than one classified memo” from a US intelligence agency, sometime between March 22 and 26. As I’ve been suggesting, that happened at precisely the time–Manning said in chat logs–that Manning confirmed he was talking directly with Julian Assange by matching what Assange said about surveillance with the surveillance evidence Manning tracked on DOD networks. On March 23, WL announced that, “We know our possession of the decrypted airstrike video is now being discussed at the highest levels of US command.” And in his discussion with Lamo, Manning also mentioned the government’s discussion of the airstrike video:
(2:14:46 PM) Manning: based on the description he gave me, I assessed it was the Northern Europe Diplomatic Security Team… trying to figure out how he got the Reykjavik cable…
(2:15:57 PM) Manning: they also caught wind that he had a video… of the Gharani airstrike in afghanistan, which he has, but hasn’t decrypted yet… the production team was actually working on the Baghdad strike though, which was never really encrypted
Which seems to suggest these intelligence memos may have related to the government’s surveillance of WikiLeaks itself. (Note, I’m not actually sure that Diplomatic Security qualifies as an intelligence agency; it’s possible the US command reference came from something else, something more clearly an intelligence agency.)
Mid-February, then after March 28: The State Department cables
The State Department cables appear to have come next.
As noted above, the government put the window for Manning to have accessed and leaked the Rejkjavik-13 cable–what he called “a test”–between February 15 and 18. (In chat logs, Manning noted that, “the result of that one was that the icelandic ambassador to the US was recalled, and fired,” so it may be by “test” they were trying to assess how the diplomatic community would respond to a leak of one of these cables or possibly even elicit more information about what those cables were.)
The charging document puts the first date he may have accessed the State Department cables on March 28. So they’re claiming that Manning went and got the Rejkjavik cable, leaked it, and then went back and got the entire database.
The dates on these may also tell us something about the cables. The Rejkjavik-13 cable is dated January 13; the government lists February 15 as the first date Manning might have accessed it–so Manning accessed it just over a month after it was written. The last date from which we have State cables is February 28, 2010; the government lists the first date when Manning accessed the entire database as March 28, exactly a month later the last cables that have been leaked were written. Is it possible that the State Department cables only became accessible to Manning a month after they were first written?
If I’m not mistaken, the State Department cables are the only ones for which Manning is accused of exceeding his authorized access:
having knowingly exceeded authorized access on a Secret Internet Protocol Router Network computer, and by means of such conduct having obtained information that has been determined by the United States government pursuant to an Executive Order or statute to require protection against unauthorized disclosure for reasons of national defense or foreign relations
This suggests two things. First, the State cables appear to be the only thing that Manning, as an Army intelligence analyst, didn’t already have authorized access to. This sort of makes sense, since everything else appears to have belonged to DOD. But it also might mean that the government is crafting this charge with the possibility of piling on later–perhaps with an Espionage charge if they can ever tie Manning to Julian Assange?
After April 11: Garani documents
WikiLeaks never released the Garani video Manning purportedly leaked. So we may never learn what WikiLeaks intended to do with it. But in chat logs, here’s how he described the video and related material.
(2:15:57 PM) Manning: they also caught wind that he had a video… of the Gharani airstrike in afghanistan, which he has, but hasn’t decrypted yet… the production team was actually working on the Baghdad strike though, which was never really encrypted
(2:16:22 PM) Manning: he’s got the whole 15-6 for that incident… so it wont just be video with no context
(2:16:55 PM) Manning: but its not nearly as damning… it was an awful incident, but nothing like the baghdad one
(2:17:59 PM) Manning: the investigating officers left the material unprotected, sitting in a directory on a centcom.smil.mil
(2:18:03 PM) Manning: server
(2:18:56 PM) Manning: but they did zip up the files, aes-256, with an excellent password… so afaik it hasn’t been broken yet
(2:19:12 PM) Manning: 14+ chars…
I find this interesting given that the government alleges Manning leaked “more than five classified records” related to the Garani airstrike (we know it was Garani by the date and location) sometime after April 11–that is, 4 months after they believe Manning leaked the video itself (again, assuming the BE22 PAX.wmv is the Garani video). While it’s possible Manning was trying to get something that might help WL decrypt the video, given the reference to “records,” I suspect these documents are the 15-6 investigation documents. It appears Manning was trying to provide context for the Garani strike, which resulted in the killing of up to 140 civilians. Note, too, that April 11 would have been just after WikiLeaks released the Collateral Murder video, so it may be that Manning was trying to find similar context for the events depicted in the video.
Early May: A new computer and the global address list?
Note, for some of the documents Manning is alleged to leak–the Gitmo documents, the Garani documents, and the State Department cables–the government just gives May 27 as the last day he might have leaked them. That is, they claim to know he leaked them before they arrested him, but are not certain precisely when he did leak them. But it appears they think he got everything he was going to leak earlier.
The exception is the Outlook global address list, which Manning is alleged to have gotten after May 11. (See William Ockham’s comment for what the address list may have allowed Manning to do.)
The date the government alleges Manning accessed that list is one week after they allege he added a second piece of unauthorized software to SIPRNET on May 4.
And both of those dates are in the general time frame when Manning assaulted a colleague and was demoted.
Now, I’ve still got a lot of questions about this time frame. But one possibility is that the May 4 date reflects a new computer assignment, possibly tied to his demotion (though he still had access to SIPRNET on May 4; it’d be surprising that he still had access after his demotion). And I wonder whether Manning didn’t access the global address list as he grew increasingly frustrated with his plight?
In other words, it appears that after getting the Garani documents (and after the release of the Collateral Muder video), Manning’s active access and leaking of documents tailed off. In other words, it appears that it was almost two months between the time Manning stopped actively leaking and the time the Army arrested him.
This means they have forensic evidence (probably access logs showing either his account or computer connecting to that database). Which suggests that they don’t have it for the other charges. I really wonder how much evidence they have without those chat logs of actual leaking (vs. improper access, storing, etc. ) Manning’s treatment suggests they are trying to break him and get a confession.
Agree.
This shows they only have one side of the forensics cracked (and note that it took them some part of 7 months to do–there’s some reason this wasn’t in the first charging document). They have no yet cracked the WL/download side of this, and may be losing hope that they’ll be able to do so (you’d think ultimately they’d be able to brute hack Jacob Appelbaum’s computer they confiscated last July, but maybe what they need wasn’t on it).
The most likely scenario is that somebody downloaded the content they have accused Manning of downloading. Once off the SIPRNET system, it was then uploaded to a server, perhaps like the ones that store pictures for websites. Perhaps a few documents zipped together, or one video at a time. Encrypted, with the right extension (.jpg or wmv, etc) they could sit on the server unknown and undetected. Without the key (provided by a different channel such as a posting on a hacker bulletin board, no name or target name attached) the files would be useless to anyone else. After seeing another posting on a different bulletin board, the person who had control of the uploaded files could have deleted them. Without having all the content of the whole internet stored at Fort Mead, it would be impossible to track. DOD doesn’t even know where (or who) did the uploads, so this part of the charges may never be revealed. Unless they can crack Assange….
I am definitely not a techie, but from what you say I keep going back to the one person that says definitely he was working for the government and gives some really bizarre relationship as to coming into contact with Manning. That person is Lamo, and if I am not wrong about his timelime, he was supposedly in treatment or an institution at the time he was contacting Manning in the beginning. I most probably am wrong about the timeline, but I still am having problems with how Manning came into contact with this person.
I’m no technogeek. But I keep running across trade-magazine type articles that lead me to think that DOD has failed to secure it’s cyber-information. I wrote a little about the problem of classified items (such as the entire Pentagon IT backbone, including passwords) through peer-to-peer (P2P) network sharing in the only diary I’ve mananged to write on FDL so far.
In regard to the SIPRNet, I’ve also found several articles that lead me to think that DOD’s failure to establish controls and safeguards could mean that they have no way to tell what may or may not have been accessed or downloaded through any computer. (I feel I’m premature in even writing this comment, but maybe by posting this some other folks will begin looking.)
Here’s one example, from http://www.c4isrjournal.com/story.php?F=5209879 —
To keep this comment from getting huge, I’ll just post a few of the links I’ve found dealing with SIPRnet’s absence of controls.
I don’t know if this will help Bradley or not, but in terms of the Espionage Act there’s been a distinction made between info that is (just) marked ‘classified (at whatever level) and whether or not, classified material is ‘closely held’ (I’ve also seen ‘closely held’ phrased as ‘under custody and control’ or ‘under the control’ of the responsible Govt dept. (many govt regs, also US v Heine 1945 & US v Morison 1988)
So this lead me to wonder — if DOD’s classified info is NOT ‘closely held’ (and I’ve read enough of their regulations to know that their standards are not met), and if the entire world can access classified infor through P2P, and SIPRnet had no controls — no passwords, no way to tell if someone was downloading, etc — Well, does DOD’s failure to control obviate Espionage Act (and similar military regs) because the documents were (or could have been) available to unauthorized people both before and after the alleged Manning leaks?
Sorry to ramble. Wanted to get the question & thoughts out there.
A few more links re SIPRnet openness–
http://cybersecurityreport.nextgov.com/2011/01/keeping_gatekeepers_of_sensitive_data_in_check_how.php
http://www.wired.com/dangerroom/2010/12/military-bans-disks-threatens-courts-martials-to-stop-new-leaks/
http://www.washingtonpost.com/wp-dyn/content/article/2010/12/30/AR2010123004962.html
Awesome work, EW!
The first couple things that come to mind are:
1. As it relates to the “network” component of the charge, trying to connect his military computer (likely laptop) to a commercial, non-military network in Iraq. Perhaps one of the wireless networks that sprang up after the invasion. On how the military might have detected this, perhaps they were/are monitoring the Iraqi wireless networks and/or perhaps an “after-the-fact” forensic analysis of what was on Manning’s computer.
It may be that access to non-military networks such as wireless connections were deliberately disabled or restricted via Army-implemented software policies on Army computers, and that attempts to install and overcome such software restrictions would leave “software fingerprints” that government forensic analysts could locate.
2. Trying to physically access the hard drives of servers in one of the Army’s server farm rooms. Access to computer rooms are usually “controlled access” via physical security mechanisms such as an individual’s card-key, touch-pad coded, or even the vintage ubiquitous “lock and key”.
Then, and few folks realize this, accessing the hard drive of computers/servers can sometimes be accomplished by simply booting the system from a CD/DVD/USB Thumbdrive running something like UBCD4Win or other similar bootable OS implementations (there are a number of Unix-based utilities that do this as well).
It is not uncommon that user or organization “data” directories on server hard drives are left unprotected by stuff like encryption or passwords, so that once you boot off something like a CD/DVD/USB Thumbdrive running UBCD4Win, you’ve totally bypassed whatever security resides at the top level of accessing the system (i.e. Windows Logon for example).
And Manning, if we are to believe the chat logs, states quite clearly that data directories like those of “the investigating officers [had] left the material unprotected, sitting in a directory on a centcom.smil.mil”.
One of the issues with my supposition in #2 is whether Manning had or could get physical access to a Army computer/server room. Most IT organizations strictly limit the “controlled access” to these facilities, hence the card-key or touch-pad coded access. If Manning was “befriended” by someone or managed to “borrow” someone’s card-key, he might be able to “visit” a Army computer/server room.
And that also is an issue because there is no necessity of Manning being physically co-located with any Army computer/server room. The Army computer/server rooms may have been distant from and inaccessible to Manning’s physical location in Iraq.
I’m sure there are other possibilities regarding this particular charge, but I’ll run with these for the moment.
SIPRNET hardsite Imagine this same setup in the back of a U-haul moving truck, with maybe a rack for radios and crypto gear. Or the same setup in a trailer. Manning would have had no more access to a server than you do from where you are sitting right now. Most likely, these are events from security logs where he tried to plug in an external drive (harddrive or jumpdrive – prohibited by policy and software), or burn a CD/DVD (also prohibited by policy/software). This would have also been about the time they first knew he was doing something funky – these reports go up the chain. Just guessing. Wild guesses. Nothing to see here…. move along now.
See my comment at #10 above for an example of how Manning might have gotten physical access to an Army datacenter.
And believe me, there ain’t no fookin’ way the Army left those things unguarded or merely protected by just automated stuff. No fookin’ way! *g*
MadDog, I’m new here so hope I haven’t missed a relevant part of ongoing discussion. But you say that USB access would have been prevented by software. Do you have a source for that? Not a snarky question ,an honest one, because I just posted a link (and quote) from a Dec 2010 article saying that DOD had never installed the McAfee component that would have prevented USB access/downloads. Would genuinely appreciate it if you could point em to a link (or several) demonstrating adequate software/hardware protections against downloads on SIPRnet.
No problemo and welcome to the party. *g*
One of the possibilities to prevent USB access to a system would be to prevent it via Microsoft’s Windows Group Policies. During the Beta Testing of Windows 7, I asked Microsoft about this functionality (I’ve been Beta Testing software for Microsoft since 1992).
The response that Microsoft gave me was they themselves were not implementing it as a default, but that IT folks could do so themselves if they so chose.
However, you should note that my thoughts described in comment #3 above had to do with totally defeating even that idea of USB lockout via Group Policies.
When one boots a system from a CD/DVD/USB Thumbdrive running something like UBCD4Win, the WinPE-based version of Windows that it runs is coming from that CD/DVD/USB, and not from the OS on the system’s hard drive.
In this way, the Windows Group Policies are totally bypassed because the UBCD4Win OS version of Windows is not part of that Group and Domain. There are similar CD/DVD/USB based Unix utilities that can do the very same thing as UBCD4Win.
As to your question about SIPRnet protection, I’m afraid that I don’t have any background in SIPRnet and therefore can only go with what is found out on the Internet about it like your links do.
For more on Windows Group Policies, Wiki has some basic info here.
I don’t know how it’s being done where I work, but the USB ports on my computer are invisible to the system.
I’d hate to think that our corporate computer security is better than DoD’s, but it looks like it just might be. (That reminds me, I’m going to need a new password Monday morning…)
A little additional info for folks who don’t have any military experience.
One of the functions that every military person performs (the most senior officers are exceptions) is that of “standing watches” or if you will, guard duty.
And make no doubt about it, the military has more things/places to guard than they’ve got people.
And it doesn’t matter what your MOS is (Military Occupation Specialty). In my case, since I was in the Navy, we used the similar term of NEC (Naval Enlisted Classification) to describe the job function you performed.
You may be a Cook and have to “stand watch” or guard duty at a Communications Center, a Datacenter, a Command Headquarters, a Supply Depot, or perhaps an Ammo Dump.
In my case, I typically had to “stand watch” every 4-5 days in addition to doing my daily job. For example, this meant that I stood armed at a podium midships at the Quarterdeck. where the gangplank was for boarding and leaving the ship.
My watch would be for 4 hours at a time (noon to 4 PM and then again from midnite to 4 AM). As part of that watch duty, I’d have responsibility for delivering hard copies of radio traffic to the Watch Officer of the Day and thus, I had access to the ship’s Top Secret, “access-controlled” radio room.
I knew nothing really about how all the Top Secret/Crypto radio gear functioned since that was not my job speciality, but the same could be said for the Bosun’s Mate who like me also had to stand watch on the Quarterdeck.
The reason I bring this all up is that it wouldn’t be unlikely that someone like Bradley Manning stood watch/had guard duty for an Army datacenter where there were racks of servers. And also not unlikely that someone standing watch/having guard duty would then have access to that facility.
Make no bones about it, but the military leaves nothing, absolutely nothing unguarded!
And understand also that the multitude of military things that need guarding 24×7 are so numerous that unless the military’s entire population was composed of MPs/SPs, there is no way to guard all of this stuff without using each and every person regardless of job function to perform the guard duty.
So my question to myself is whether Manning, as part of his additional duties to that of an Intelligence Analyst, stood watch at an Army datacenter and whether that might have played a role in his alleged access to material that later showed up in WikiLeaks?
And again, my compliments to the FDL backroom technoweenies from another retired longstanding technoweenie, on the superb choice of DocumentCloud technology for displaying these PDFs. Just an excellent choice!
Thanks for all the great work.
I asked this in the “Bringing Discredit” thread but didn’t get a response. In that post, you stated that Wikileaks’ claim to have decrypted Collateral Murder “was a ruse–-it was not encrypted.” Can you please source? Pardon me for having missed that development, but it’s an important one to me and my feeble searches apparently aren’t up to snuff. Thank you.
Both Manning, in the chat logs, and Daniel Domscheit-Berg, in his book, say so.
Just an extra loose detail for your timeline: David Leigh claims that Assange showed him the CM video on his laptop at the SKUP conference for investigative journalism, which was held in Tønsberg, Norway, on/around the weekend of 20 March 2010.
I don’t credit any of these sources very much, although I think there are limits to what Leigh would say. I do think that Lamo and DDB are untrustworthy.
From EW’s January, 10th post:
“Adrian Lamo, the California computer hacker who turned in Pte Manning to military authorities in May, claimed in a telephone interview he had firsthand knowledge that someone helped the soldier set up encryption software to send classified information to Wikileaks.
Mr Lamo, who is cooperating with investigators, wouldn’t name the person but said the man was among a group of people in the Boston area who work with Wikileaks. He said the man told him “he actually helped Private Manning set up the encryption software he used”.
Mr Lamo said the software enabled Pte Manning to send classified data in small bits so that it would seem innocuous.
“It wouldn’t look too much different from your average guy doing his banking on line,” Mr Lamo said.
If someone allegedly gave Manning encryption software that would help download documents to pass onto Wikileaks, then presumably Manning deployed that in Iraq. And if someone from Wikileaks allegedly gave Manning software that subsequently got loaded onto DOD computers in Iraq, then it might explain their current theory of prosecution for conspiracy to leak this information.
The article (as well as a few others like it) on hackers who may have helped Manning came out on August 2, 2010, just days after Jacob Appelbaum had been stopped at the border and his computers–which he refused to decrypt–confiscated.
Appelbaum, of course, is one of the people whose Twitter account was subpoenaed last December. Only, unlike two of the other people listed on the document request (the two who are not US persons), Appelbaum was not named by name. He was named only by his Twitter handle, “ioerror.” Appelbaum was also apparently not–as Birgitta Jónsdóttir was–told by Twitter that DOJ wanted his twitter information. Both of those details have made me wonder whether there is another, still-sealed, warrant pertaining to Appelbaum, which the government would require for some uses since he is a US person.
After the subpoena was revealed, Appelbaum tweeted,
Motivation: …”I must not fear. Fear is the mind-killer. Fear is the little-death that brings total obliteration. I will face my fear.”…
He is now on his way back to the US from Iceland; the ACLU plans to meet him at his flight (perhaps to make it harder to detain him as they did in July).
So what does the government think Manning loaded onto his computer, and how do they know the timing of it?”
I don’t know how much I trust Lamo’s assertions. What he describes Manning using isn’t really what was described by Manning himself in the chat logs.
I don’t see how you’re going to make an sftp drop look like checking your banking information … I mean, who banks using FTP? Lamo *has* kind of been caught talking BS more than once in this whole saga.
Thanks ever so much for this, EW. Excellent.
Thank you for all your work here.
I watched the movie Sophie Scholl last night, and it very much reminded me of Bradley Manning – no uncovering of dirty secrets, the White Rose was just passing on the secrets that they knew about and trying to end the dirty war that Germany was going to lose anyway – and trying to stop the war crimes that were going on.
At her trial, Sophie said that her country needed “God, conscience and empathy” and her father made the statement “There is a higher justice”.
I recommend the movie. Sophie and her brother and her friends were true heroes, as is Bradley Manning.
when even the washington post sez you have issues with hypocrisy and are a hypocrite, then you have issues.
As Rep. Peter King’s Muslim hearings approach, his past views draw ire
As King prepares to hold hearings Thursday on what he called “the extent of the radicalization” of American Muslims, his past as a defender of armed struggle has led critics to assert he is imposing a double standard.
“My problem with him is the hypocrisy,” said Tom Parker, a counter-terrorism specialist at Amnesty International who was injured by an IRA bomb that struck a birthday party at a military hall in London in 1990. “If you say that terrorist violence is acceptable in one setting because you happen to agree with the cause, then you lose the authority to condemn it in another setting.”
“It’s ironic that someone who offered such vocal support for the IRA is involved in this kind of witch hunt against Muslims in America,” said Ibrahim Hooper, spokesman for the Council on American-Islamic Relations.
But King sees no parallel between the IRA and violent Islamist extremism, which he describes as a foreign enemy or a foreign-directed enemy. His preferred comparison for the IRA is with the African National Congress led by Nelson Mandela; the IRA, no less than the ANC’s military wing, was fighting for community rights and freedom, he says.
http://www.washingtonpost.com/wp-dyn/content/article/2011/03/04/AR2011030405855.html
Blindness to what the IRA was doing and where it was operating, or just stupidity?
It wasn’t being run (AFAIK) out of the US government, so it’s not ours, it’s foreign, and it most certainly was violent terrorism. (I suspect they’d cheerfully have run operations against the US government if they’d felt the need….)
Book Salon up with Micah Sifry’s Wikileaks And The Age Of Transparency hosted by Siun
For the latest story on Bradley Manning’s Briefs and Forced Nudity, the WaPo just put this up:
And here’s the blog of Bradley Manning’s lawyer David Coombs where the WaPo got some of its info:
The Truth Behind Quantico Brig’s Decision to Strip PFC Manning
And I should have scrolled all the way down the FDL front page to see that Jane was already on top of this story. My badddd! *g*
Hi all,
My computer knowledge of the US Military is very much out-of-date. But the movements of behemoths are notiously slow, and very innefficient so here goes.
I was in the US Navy with a Data Processing rating. I programmed computers in BASIC, COBOL, and Fortran IV. I worked in a secure installation and had a Top Secret Nato and Atomic Clearance.
Here is what I observed.
There were computers around the various installations that I interacted with that still had their original factory passwords on them. You know – the password was “password”. Passwords were written on post-it notes that were stuck to the front of the terminals. New security protocols were very slow to be implemented because it was “too much trouble” and memorizing new passwords would “just screw things up”. And this is in the good old days when computers were the size of small rooms!
Classified documents were left lying around where the janitors (other sailors with no clearances) could just walk by and see them. Stuff that was never supposed to be outside of a safe unless two people were there to watch it was out all the time because it was too much trouble to go get the second person. And the worst offenders of all were not the enlisted personnel – it was the officers.
The info above about a new security system being installed but never activated is totally not surprising to me.
People in the DoD have already admitted publicly that over a million other people had access to all the documents that Manning did – so whether he was the (only) leaker, I think those chat logs could/can easily be impeached if his lawyer just gets a fair chance at them in court and then what evidence? If so much of this stuff is just guesswork – as it appears to be – it seems that they really don’t have much of a case.
Just sayin’.
OK, I’ll offer my 2 cent speculations.
#1 on the “attempt[ed] to bypass network or information system security mechanisms.” This could also be a case of them hard-balling him for trying to modify the server access log files or something similar – which is a very typical hacker thing to do when trying to cover tracks.
#2 This is kind of a more oddball theory – and not knowing how SIPRNET servers interconnect, it could be off base totally. I know of people charged with something similar to the “introducing software” thing for using hacked servers as an info dump (putting “hot” files on an arbitrary hacked server – allowing someone else to sneak in and nab it later). It isn’t necessarily a given that the software introduced was executable. I keep coming back to this bit from the transcripts:
It sure sounds like the video was actually served from a MIL IP. And it like it was transmitted in such a way that had someone been paying attention, they would likely have noticed. Is it possible that Manning collected stuff on his hard drive, prepared it, encrypted it, and then dumped it on to some globally routeable directory on a server? That is one classic way a hacker might do it. If this were the case, you could read the situation as “between [x] and [y] this data appeared on the network” (figured in part from looking at backups maybe?) … with the second side being forensics trying to pinpoint who accessed the data externally and when.
Just a thought. Not sure how good it is. To me it definitely seems like there was more than one mechanism employed by Manning to get stuff into the hands of Wikileaks.
OT: I was wondering if there was any reason why 3 companies HBGary, Palantir, Berico would choose as group to be referred to as “Team Themis.” As Team Themis they were willing to profile and propose attacks on the integrity of wikileaks, Glenn Greenwald, and Brad Friedman among other targets
Aside from the fact that Themis was a Titan goddess of ‘divine justice’ and ‘organizer of communal affairs of humans,’ I found it intriguing that Themis is, according to some Greek myths, the mother of the 3 Fates or Moirae who kept track of every mortal on earth– spinning, measuring, and cutting the thread of life.
downright creepy — and megalomaniacal
Maybe more than one meaning attaches to Team Themis.
Apparently Themis the Titan is also mother to the three Horai –among whose duties included ‘guarding the gates of
the Masters Of The UniverseOlympus.’“Themis” comes from the same Indo-European root as Sanskrit “dharma”.
Good to know. Nevertheless, I doubt Team Themis as a business is into Buddhism or Hinduism.
We are faced with only two alternatives here. We are given Lamo’s “lady gaga” legend where manning downloaded and copied and copied the cabled in plain sight of superiors while pretending (lip synching) to be listening to a lady gaga tune on a military computer. That implies that military issue siprnet computers have cd-rw drives and one can load software to play cds without raising an eyebrow. That is to say that the military is offering absolutely no security to a system in which they are not only hosting defence sensitive data, but state department data (hilary’s cables).
The only alternative is that lamo and his project themis buddies concocted the chat transcripts to meet their project’s needs. Presumably manning was chosen for being gay and in the military.
i went here* instead. just to remember how much i appreciate your work. you were the reason i registered here. you are why i keep returning, occasionally to say thank you, mostly to review all you’ve done for us.
* “June 26, 2008: David Addington and John Yoo (HJC)”
now that sunlight is appearing in egypt, perhaps…with a couple of good shoves from spain…we’ll learn more.
my dkos sig comes from here, unchanged and unchanging:
” The Addington perpwalk is the trailhead for accountability in this wound on our national psyche. […you know: Dick Cheney’s “top” lawyer.] –Sachem “