U.S. Army Intel Analyst Arrested in Wikileaks Investigation
BY Nancy Scola | Monday, June 7 2010
Wired.com's Kevin Poulsen and Kim Zetter have the news that a 22 year-old soldier has been arrested by the Army for what the solider, SPC Bradley Manning of Potomac, Maryland, boasted of online as "the largest data spillage in American history" -- including, importantly, the video footage of an 2007 U.S. military Apache helicopter attack in Iraq that was made famous when it was posted by the online clearinghouse Wikileaks in April. (Wikileaks founder Julian Assange was scheduled to appear at PdF '10 last week on a panel with the "Pentagon papers'" Daniel Ellsberg, but Assange had to be Skyped in after he reported that he was fearful of traveling to the United States over concerns about being arrested.)
Go read Poulsen and Zetter's full piece. It's really remarkable stuff that weaves together deep questions about the relationship between the individual and the state in today's digital world, set into the context of hacker culture. In fact, as it turns out, Manning was exposed as source for the Apache footage as well as "hundreds of thousands of classified State Department records" after he bragged of his removal of data from military networks to former hacker Adrian Lamo. Lamo, according to Wired, was concerned enough that Manning was putting U.S. national security at risk that he decided that he had little choice but to blow the whistle on Manning:
Manning came to the attention of the FBI and Army investigators after he contacted former hacker Adrian Lamo late last month over instant messenger and e-mail. Lamo had just been the subject of a Wired.com article. Very quickly in his exchange with the ex-hacker, Manning claimed to be the Wikileaks video leaker. “If you had unprecedented access to classified networks 14 hours a day 7 days a week for 8+ months, what would you do?” Manning asked. Bradley Manning (Facebook.com) From the chat logs provided by Lamo, and examined by Wired.com, it appears Manning sensed a kindred spirit in the ex-hacker. He discussed personal issues that got him into trouble with his superiors and left him socially isolated, and said he had been demoted and was headed for an early discharge from the Army.
An important aspect that will probably be a significant part of this story in coming days is that this doesn't seem to have been an Ellsbergian leak on Manning's part, where Ellsberg pushed sensitive pieces of military information out into the world on principle, as a counterbalance to a government run amuck. (In the Pentagon Papers case, what Ellsberg saw as a mishandled execution of an unjust Vietnam War.) Said Lamo of Manning, "He was in a war zone and basically trying to vacuum up as much classified information as he could, and just throwing it up into the air." If anything, it was Wikileaks and Assange that made what we might call the editorial decision about the meaningfulness of the information. Wikilieaks and Assange functioned as the filter. According to Wired's reporting, tons of information that seems to have been pushed to Wikileaks by Manning hasn't (yet) been posted online.
The Wikileaks angle to Manning's arrest is fascinating, and that's were much of the press attention will probably go. But it's worth noting the cyber security implications here, and what it says about how exposed nation's critical infrastructure and national secrets might be. The Manning incident reads straight out of former White House cyber security point person Richard Clarke's new "Cyber War" book, and its dire warnings about the weakness of the Internet infrastructure in anything but the friendliest of circumstances. Sophisticated incursions, particularly when they are inside jobs as in this case, are difficult to stop on the current Internet landscape. Clarke and others have pushed to crack down on those weaknesses by changing the fundamental nature of what we think of as a global network, something that Clarke identifies Google's Vint Cerf as adamantly opposing. (See, for example, the decade long debate over GOVNET.) The military networks and the public Internet were "air gapped" in the Manning case, according to the Wired reporters; in other words, there was no digital connection between the two systems. This sophisticated cyber security technique was overcome by Manning bringing Lady Gaga and other CDs into the military labs, erasing the music, and then plugging the copied data onto the public Internet.
"Weak servers, weak logging, weak physical security, weak counter-intelligence, inattentive signal analysis," wrote the Army's Manning to former hacker Lamo as he described how he moved military data to Wikileaks, "a perfect storm." Which is probably exactly how Richard Clarke would have put it. More on this, hopefully, soon.