Accused WikiLeaks source Pfc. Bradley Manning installed and used unauthorized “data-mining software” on his SIPRnet workstation during the time he allegedly siphoned hundreds of thousands of documents off that classified network, the Army said Friday in response to inquiries from Threat Level.
Manning’s use of unauthorized software was the basis of two allegations filed against him this year in his pending court martial, but the charge sheet listing those allegations was silent on the nature of that software.
On Friday, an Army spokeswoman clarified the charges. “The allegations … refer to data-mining software,” spokeswoman Shaunteh Kelly wrote in an e-mail. “Identifying at this point the specific software program used may potentially compromise the ongoing criminal investigation.”
She added that the two allegations relate to “the same data-mining software used on two different dates.”
Manning’s attorney, David Coombs, did not respond to telephone and e-mail inquiries.
Manning allegedly installed the software twice on Army computers connected to SIPRnet, the Secret Internet Protocol Router Network that’s been identified as the original source of WikiLeaks’ large-scale U.S. releases. Those releases included 250,000 State Department diplomatic cables and 500,000 classified field reports from the wars in Iraq and Afghanistan.
Manning allegedly installed the code the first time between Feb. 11, 2010 and April 3, 2010. The second time was around May 4, the day he was demoted from Specialist to Private First Class and given a new job assignment following an altercation with another soldier.
If Manning installed data-mining software on his SIPRnet workstation, that could potentially strengthen the government’s case against the alleged leaker. Two of the 22 allegations against Manning are for exceeding authorized computer access in violation of the Computer Fraud and Abuse Act –- the federal anti-hacking statute.
Manning exceeded his authorized access to SIPRnet, the charge sheet says, when he obtained and leaked classified U.S. State Department cables to an unauthorized third party. According to a former federal prosecutor, the data-mining software could aggravate the unauthorized access crime by showing premeditation to obtain the documents.
“Generally, people who engage in unauthorized access — many of them anyway — are thrill seekers who do it without any specific plan in mind,” said Scott Christie, a former federal prosecutor who specialized in computer crime and is now a partner at the private firm McCarter & English.
“But to upload a data-mining suite of software suggests you have a plan in mind, you’re sophisticated enough to use the software and to configure it to find what you want, and that you have given this plan a great deal of attention.”
Christie said that prosecutors wouldn’t have to show definitive evidence that the software was used to obtain or sort the purloined documents; just the fact that it was installed on Manning’s computer during the time the documents were taken would allow prosecutors to draw reasonable inferences that it was used to commit the crime.
The charges also suggest that the United States has recovered evidence from Manning’s machines, despite Manning’s apparent confidence that no investigator would be able to uncover forensic evidence against him.
Manning was arrested in May 2010 after telling former hacker Adrian Lamo in online chats that he had leaked two Army videos to WikiLeaks, as well as 260,000 U.S. State Department cables and hundreds of thousands of documents on the Iraq war. Lamo provided the chat logs to U.S. investigators.
Manning never mentioned installing software on SIPRnet. But he did say that his classified computer hard drives had been “zerofilled” — securely wiped — as part of the Army’s withdrawal from Iraq. “[E]vidence was destroyed,” he wrote, “by the system itself.”
It’s still unclear exactly what the software was — “data-mining” is a fairly broad term, and the Army declined to be more specific. But data-mining programs generally sort and index files on a computer or network, allowing users to do keyword searches across all file formats — Word documents, PDFs, Excel spreadsheets, media files, etc.
Such a program on a SIPRnet machine might have been useful to Manning as an alternative search tool rather than “the official one that might be monitored,” said computer security expert Chris Wysopal, CTO at VeraCode.
Wysopal added that the tools are designed to make sophisticated queries and that in order to customize the program, if needed, someone would have to possess a certain level of skill.
“You’d have to understand the query language they use to build up different rules,” he said. “I don’t think it would be that difficult, but you probably need to have somewhat of a programming mindset. I don’t know if Manning would have that, or if he would need someone to help him do that.”
Manning is currently being held at the U.S. Marine Corps brig in Quantico, Virginia. Last July he was charged with two crimes consisting of 12 counts. In March, the Army dismissed these charges and filed a new charge sheet. Manning now faces three charges consisting of 22 counts, including a capital offense. The Army, however, has said it would not seek the death penalty.
No hay comentarios:
Publicar un comentario