Army’s Lax Security Highlighted In US WikiLeaks Hearing
The theme of the pre-trial testimony of WikiLeaks source Bradley Manning is that US military security was lax
The pre-trial hearing against the Army analyst who leaked classified government documents to WikiLeaks has revealed glaring security flaws in how the military secured its computer networks.
The evidence being heard in the preliminary hearing against Private Bradley Manning cantered around documents that were recovered from the Army intelligence analyst’s computer. Portions of the hearings were conducted behind closed-doors when the government laid out classified evidence, according to a live blog of the proceedings maintained by the United Kingdom-based publication The Guardian.
Private goes public
Manning (pictured) is accused of illegally leaking hundreds of thousands of classified diplomatic cables to whistleblower Website WikiLeaks last year.
WikiLeaks started posting redacted copies of the embassy cables at the end of November 2010, causing a lot of embarrassment for the US government with its allies abroad. Earlier this year, the site released the remaining cables without redacting them after reports emerged that the full copies were available on some file-sharing sites.
Army investigator Special Agent David Shaver, of the Computer Crime Investigative Unit, testified that he found electronic references and often full copies of more than 10,000 documents Manning had downloaded, and some classified videos. A forensic analysis of the computer showed Manning had searched for information about WikiLeaks and its founder Julian Assange more than 100 times, as well as searches for information about Guantanamo, Shaver said.
“A lot of the searches seemed out of place,” Shaver testified, according to the Associated Press.
Under cross-examination, Shaver admitted he had not compared the actual cables he found with those that had been posted on the Wikileaks Website.
Manning’s supervisors said there was no work-related reason for Manning to have been conducting those searches, but one officer admitted to sending Manning and other analysts the link to the database containing the diplomatic cables. He said he thought the database might aid their analysis of threats in Iraq.
Witnesses testified that no passwords were required to access the cables and there was no prohibition on downloading cables, The Guardian reported.
No security checks
Security experts have previously questioned why the military did not have automated systems to monitor what kind of data and systems users were accessing, or even logs of user activity, such as downloading data. In fact, the Obama administration issued an executive order requiring federal agencies to have built-in auditing systems to monitor access to data. New rules also require two people to authorise any kind of data downloads.
Fifteen military staff have been disciplined in the wake of the scandal, according to the Defense Department.
Manning also allegedly wrote a script to automatically download files using the wget program, which is not a “standard” application on military computers, according to Shaver. It is not clear what operating system the military had running on these machines, but wget is a standard part of Unix and Linux systems, and readily available online for Windows and Mac OS X.