U.S. Intelligence Analyst Arrested in Wikileaks Video Probe

June 7th, 2010

I have a bit of trouble believing what Wired is reporting here.

One just can’t go “rummaging through” compartmented files. Each person with access to a particular compartment would have to be individually cleared for that compartment.

Say the compartmented thing is a new spy plane that is designated with the codeword AAA. Bob works on one of the sensors that has the codeword AAA/BBB. Jim works on the avionics. That compartment is AAA/CCC. Bob, feeling bored one day, can’t just go have a look at the AAA/CCC avionics data. He wouldn’t have access. Jim, likewise, can’t access the AAA/BBB sensor compartment.

Also, I’ve heard stories from people with access to various classified, “air gapped” systems and they report that there’s no way to get data off of those systems because the floppy and optical drives are removed and USB is disabled or the ports have been filled in with epoxy to prevent the use of flash drives.

Obviously, there’s the way that things are supposed to work in theory, and then there’s what happens on the ground. Are there TS/SCI systems with CDRW drives and working USB ports? That would be hilarious and encouraging if true.

Then there’s this:

From the chat logs provided by Lamo, and examined by Wired.com, it appears Manning sensed a kindred spirit in the ex-hacker. He discussed personal issues that got him into trouble with his superiors and left him socially isolated, and said he had been demoted and was headed for an early discharge from the Army.

In other words, this guy wouldn’t have access to jack shit if this is true. The first thing they would do is pull his access if there were issues with his superiors.

Read about what happened to Russell Tice when he got on the wrong end of his supervisors at the NSA. He went from intercept operations to fueling and cleaning NSA vehicles and then unloading the NSA’s furniture at its warehouses!

Where am I going here? I don’t know. I’m just saying that some of this doesn’t make any sense.

Via: Wired:

Federal officials have arrested an Army intelligence analyst who boasted of giving classified U.S. combat video and hundreds of thousands of classified State Department records to whistleblower site Wikileaks, Wired.com has learned.

SPC Bradley Manning, 22, of Potomac, Maryland, was stationed at Forward Operating Base Hammer, 40 miles east of Baghdad, where he was arrested nearly two weeks ago by the Army’s Criminal Investigation Division. A family member says he’s being held in custody in Kuwait, and has not been formally charged.

Manning was turned in late last month by a former computer hacker with whom he spoke online. In the course of their chats, Manning took credit for leaking a headline-making video of a helicopter attack that Wikileaks posted online in April. The video showed a deadly 2007 U.S. helicopter air strike in Baghdad that claimed the lives of several innocent civilians.

He said he also leaked three other items to Wikileaks: a separate video showing the notorious 2009 Garani air strike in Afghanistan that Wikileaks has previously acknowledged is in its possession; a classified Army document evaluating Wikileaks as a security threat, which the site posted in March; and a previously unreported breach consisting of 260,000 classified U.S. diplomatic cables that Manning described as exposing “almost criminal political back dealings.”

“Hillary Clinton, and several thousand diplomats around the world are going to have a heart attack when they wake up one morning, and find an entire repository of classified foreign policy is available, in searchable format, to the public,” Manning wrote.

Wired.com could not confirm whether Wikileaks received the supposed 260,000 classified embassy dispatches. To date, a single classified diplomatic cable has appeared on the site: released last February, it describes a U.S. embassy meeting with the government of Iceland. E-mail and a voice mail message left for Wikileaks founder Julian Assange on Sunday were not answered by the time this article was published.

The State Department said it was not aware of the arrest or the allegedly leaked cables. The FBI was not prepared to comment when asked about Manning.

Army spokesman Gary Tallman was unaware of the investigation but said, “If you have a security clearance and wittingly or unwittingly provide classified info to anyone who doesn’t have security clearance or a need to know, you have violated security regulations and potentially the law.”

Manning’s arrest comes as Wikileaks has ratcheted up pressure against various governments over the years with embarrassing documents acquired through a global whistleblower network that is seemingly impervious to threats from adversaries. Its operations are hosted on servers in several countries, and it uses high-level encryption for its document submission process, providing secure anonymity for its sources and a safe haven from legal repercussions for itself. Since its launch in 2006, it has never outed a source through its own actions, either voluntarily or involuntarily.

Manning came to the attention of the FBI and Army investigators after he contacted former hacker Adrian Lamo late last month over instant messenger and e-mail. Lamo had just been the subject of a Wired.com article. Very quickly in his exchange with the ex-hacker, Manning claimed to be the Wikileaks video leaker.

“If you had unprecedented access to classified networks 14 hours a day 7 days a week for 8+ months, what would you do?” Manning asked.

From the chat logs provided by Lamo, and examined by Wired.com, it appears Manning sensed a kindred spirit in the ex-hacker. He discussed personal issues that got him into trouble with his superiors and left him socially isolated, and said he had been demoted and was headed for an early discharge from the Army.

When Manning told Lamo that he leaked a quarter-million classified embassy cables, Lamo contacted the Army, and then met with Army CID investigators and the FBI at a Starbucks near his house in Carmichael, California, where he passed the agents a copy of the chat logs. At their second meeting with Lamo on May 27, FBI agents from the Oakland Field Office told the hacker that Manning had been arrested the day before in Iraq by Army CID investigators.

Lamo has contributed funds to Wikileaks in the past, and says he agonized over the decision to expose Manning — he says he’s frequently contacted by hackers who want to talk about their adventures, and he’s never considered reporting anyone before. The supposed diplomatic cable leak, however, made him believe Manning’s actions were genuinely dangerous to U.S. national security.

“I wouldn’t have done this if lives weren’t in danger,” says Lamo, who discussed the details with Wired.com following Manning’s arrest. “He was in a war zone and basically trying to vacuum up as much classified information as he could, and just throwing it up into the air.”

Manning told Lamo that he enlisted in the Army in 2007 and held a Top Secret/SCI clearance, details confirmed by his friends and family members. He claimed to have been rummaging through classified military and government networks for more than a year and said that the networks contained “incredible things, awful things … that belonged in the public domain, and not on some server stored in a dark room in Washington DC.”

He first contacted Wikileaks’ Julian Assange sometime around late November last year, he claimed, after Wikileaks posted 500,000 pager messages covering a 24-hour period surrounding the September 11, 2001 terror attacks. ”I immediately recognized that they were from an NSA database, and I felt comfortable enough to come forward,” he wrote to Lamo. He said his role with Wikileaks was “a source, not quite a volunteer.”

Manning had already been sifting through the classified networks for months when he discovered the Iraq video in late 2009, he said. The video, later released by Wikileaks under the title “Collateral Murder,” shows a 2007 Army helicopter attack on a group of men, some of whom were armed, that the soldiers believed were insurgents. The attack killed two Reuters employees and an unarmed Baghdad man who stumbled on the scene afterward and tried to rescue one of the wounded by pulling him into his van. The man’s two children were in the van and suffered serious injuries in the hail of gunfire.

“At first glance it was just a bunch of guys getting shot up by a helicopter,” Manning wrote of the video. “No big deal … about two dozen more where that came from, right? But something struck me as odd with the van thing, and also the fact it was being stored in a JAG officer’s directory. So I looked into it.”

In January, while on leave in the U.S., Manning visited a close friend in Boston and confessed he’d gotten his hands on unspecified sensitive information, and was weighing leaking it, according to the friend. “He wanted to do the right thing,” says 20-year-old Tyler Watkins. “That was something I think he was struggling with.”

Manning passed the video to Wikileaks in February, he told Lamo. After April 5 when the video was released and made headlines Manning contacted Watkins from Iraq asking him about the reaction in the U.S.

“He would message me, Are people talking about it?… Are the media saying anything?,” Watkins said. “That was one of his major concerns, that once he had done this, was it really going to make a difference?… He didn’t want to do this just to cause a stir. … He wanted people held accountable and wanted to see this didn’t happen again.”

Watkins doesn’t know what else Manning might have sent to Wikileaks. But in his chats with Lamo, Manning took credit for a number of other disclosures.

The second video he claimed to have leaked shows a May 2009 air strike near Garani village in Afghanistan that the local government says killed nearly 100 civilians, most of them children. The Pentagon released a report about the incident last year, but backed down from a plan to show video of the attack to reporters.

As described by Manning in his chats with Lamo, his purported leaking was made possible by lax security online and off.

Manning had access to two classified networks from two separate secured laptops: SIPRNET, the Secret-level network used by the Department of Defense and the State Department, and the Joint Worldwide Intelligence Communications System which serves both agencies at the Top Secret/SCI level.

The networks, he said, were both “air gapped” from unclassified networks, but the environment at the base made it easy to smuggle data out.

“I would come in with music on a CD-RW labeled with something like ‘Lady Gaga’, erase the music then write a compressed split file,” he wrote. “No one suspected a thing and, odds are, they never will.”

“[I] listened and lip-synced to Lady Gaga’s ‘Telephone’ while exfiltrating possibly the largest data spillage in American history,” he added later. ”Weak servers, weak logging, weak physical security, weak counter-intelligence, inattentive signal analysis… a perfect storm.”

Manning told Lamo that the Garani video was left accessible in a directory on a U.S. Central Command server, centcom.smil.mil, by officers who investigated the incident. The video, he said, was an encrypted AES-256 ZIP file.

Manning’s aunt, with whom he lived in the U.S., had heard nothing about his arrest when first contacted by Wired.com last week; Debra Van Alstyne said she last saw Manning during his leave in January and they had discussed his plans to enroll in college when his four-year stint in the Army was set to end in October 2011. She described him as smart and seemingly untroubled, with a natural talent for computers and a keen interest in global politics.

She said she became worried about her nephew recently after he disappeared from contact. Then Manning finally called Van Alstyne collect on Saturday. He told her that he was okay, but that he couldn’t discuss what was going on, Van Alstyne said. He then gave her his Facebook password and asked her to post a message on his behalf.

The message reads: “Some of you may have heard that I have been arrested for disclosure of classified information to unauthorized persons. See CollateralMurder.com.”

An Army defense attorney then phoned Van Alstyne on Sunday and said Manning is being held in protective custody in Kuwait. “He hasn’t seen the case file, but he does understand that it does have to do with that Collateral Murder video,” Van Alstyne said.

Manning’s father said Sunday that he’s shocked by his son’s arrest.

“I was in the military for 5 years,” said Brian Manning, of Oklahoma. “I had a Secret clearance, and I never divulged any information in 30 years since I got out about what I did. And Brad has always been very, very tight at adhering to the rules. Even talking to him after boot camp and stuff, he kept everything so close that he didn’t open up to anything.”

His son, he added, is “a good kid. Never been in trouble. Never been on
drugs, alcohol, nothing.”

Lamo says he felt he had no choice but to turn in Manning, but that he’s now concerned about the soldier’s status and well-being. The FBI hasn’t told Lamo what charges Manning may face, if any.

The agents did tell Lamo that he may be asked to testify against Manning. The Bureau was particularly interested in information that Manning gave Lamo about an apparently-sensitive military cybersecurity matter, Lamo said.

That seemed to be the least interesting information to Manning, however. What seemed to excite him most in his chats was his supposed leaking of the embassy cables. He anticipated returning to the states after his early discharge, and watching from the sidelines as his action bared the secret history of U.S. diplomacy around the world.

“Everywhere there’s a U.S. post, there’s a diplomatic scandal that will be revealed,” Manning wrote. “It’s open diplomacy. World-wide anarchy in CSV format. It’s Climategate with a global scope, and breathtaking depth. It’s beautiful, and horrifying.”

6 Responses to “U.S. Intelligence Analyst Arrested in Wikileaks Video Probe”

  1. ronjondoe says:

    There were some stories awhile back (last 1 to 2 years…) which related to security breaches at the Afg/Bagram AO where USB flash drives where being re-sold in the local bazaar by Afghani merchants that had been ‘found’ in the trash by local Afghan base laborers. These flash drives had troop data, social securities numbers, etc., still on them, amongst other supposedly security-related things I can’t recall…there is also a couple of websites on which soldiers can upload battle pics which has gunship camera activity on it, open to the public (war porn…)
    So, I believe this type of lax security in theater is highly probable and not surprised…the Abu Ghraib scandal was the result of leaks as well, if I recall, and more and more of that type of bad behavior gets leaked all the time…the problem, to me, is after the initial shock, most take it in stride, shrug their shoulders in realization that they personally can do nothing, nothing will be done except a couple of low-level scape-goats will be thrown to the wolves if the populace whines enough, and then, back to business as usual…

  2. RBNZ says:

    Never underestimate the stupidity of the people in charge. They’re only human… well I hope they are!

    Intelligence analysts have access to a wider range of info than regular joes, that might explain his access. Analysts quite often take their work home.

  3. quintanus says:

    There is a chance that the personal issue that left his isolated was Don’t ask-Don’t tell. The jerk who turned him in, Adrian Lamo, is gay or bi, and is friends with the writer of this article, Kevin Poulson (so he might have verbally stepped around it). He also wrote that Manning IMd him as if they were long friends. The U.S. military has an erratic history of using then dumping highly skilled gay staff. They have a shortage of linguists, many of whom were gay, and periodically one administrator gets angry about it.

  4. Kevin says:

    My guess about Lamo was that he was thinking about not going to prison.

    Manning was writing things that Lamo must have known were going to result in a very serious bust. The fact that it went over the wire to him screwed him in a way. At the end of the day, there would have been feds asking Lamo, “Why didn’t you report this? Oh, never mind, we’re going to charge you with *insert bullshit here* for not reporting this threat to the Homeland.”

  5. ltcolonelnemo says:

    The items leaked were not of the sensitive technical variety that would be compartmentalized. It would be of much more value, and therefore difficult, to leak the plans to classified, emerging weapons systems.

    While I cannot comment on the value of the embassy cables, I doubt the massacre video and report on Wikileaks mean anything in the grand scheme of things. Neither item are very surprising; only fools are unaware that soldiers callously massacre civilians during operations and that supposed combat restraint laws and rules are merely psy-ops fig leafs to make the domestic population feel better, and also as tools to slaughter the occasional scape-goat; likewise, the military perceives even the mildest disapproval as a threat, hence their COIN ops against Quaker and other peacenik groups. By its existence, Wikileaks would inevitably spawn such a report. But for all we know, the whole thing may be another honeypot. Assuming Assange and his crew start out as legit, one can only guess at how long it would take to compromise them. They made the tactical choice of going public with their intentions, so they paint a big target sign on their back. If there are not already, there will undoubtedly be infiltrators and spies who will work to tear the group apart by sowing fears and suspicions; i.e. painting valuable team members as the real traitors. Then, there is the ability to use Wikileaks to spread disinformation. How does evaluate the information leaked?

  6. AHuxley says:

    This generation lost its visual Daniel Ellsberg.
    If your work is compartentalised, keep your whistleblowing compartentalised from chat strangers too.

Leave a Reply

You must be logged in to post a comment.