/ 19 December 2011

‘WikiLeaker’ hearing told of Iraq base’s security lapses

The person in charge of ensuring the security of the computer network that Bradley Manning worked on in Iraq was officially admonished earlier this year for failing to accredit and certify the system.

Captain Thomas Cherepko confirmed to Manning’s pre-trial hearing in Fort Meade, Maryland, that he received a letter of admonishment in March. He was censured for having failed to submit a package of documents to his superiors — known as a Diacap — that would have verified the network met the defence department’s minimum standards on computer security and was designed to have exposed any vulnerabilities.

Not only did Cherepko admit to the hearing that he had failed to submit the package, but he confessed that he had never done so in his entire career as an information assurance manager in charge of network security. He didn’t even know how to submit such paperwork.

The embarrassing admission adds to a growing mountain of evidence that Manning’s defence lawyer, David Coombs, has obtained from prosecution witnesses over the first three days of proceedings, pointing towards a diabolical absence of security controls at the soldier’s intelligence unit.

The court has heard that the sensitive compartmented information facility (SCIF) where Manning was deployed as an intelligence analyst, was rife with soldiers playing music and video games stored without authorisation on a classified shared computer drive.

Concern over widespread breaches
Cherepko said he raised the problem of lack of discipline in the use of the SIPR computer network, which carried classified data up to the level of “secret”, to both his immediate supervisor and brigade executive officer. He said he was concerned about widespread breaches of the rules and that the practice of putting unauthorised programmes on to the shared drive had to stop.

Asked what happened after he raised the objections, he replied: “I am not aware of any actions that were taken.”

Manning’s defence team have succeeded in the early stages of the hearing of exposing a woeful lack of security controls within Forward Operating Base Hammer, where he was deployed in October 2009.

Against that, the prosecution team led by Captain Ashden Fein has attempted to show that Manning was subject to clear military rules governing the handling of classified documents of which he, in tune with every single soldier in Iraq, was fully aware.

Through work terminals used by Manning at the intelligence unit in Baghdad, the young soldier had access to a trove of classified and secret US Army information, witnesses have told the court.

But despite the sensitive nature of the work carried out in the unit, soldiers were able to download files not authorised, it has been alleged.

Pirated movies
Music, games and even pirated movies purchased from Iraqi nationals were stored on a shared drive.

An accceptable use policy had to be signed by all members of the unit, which outlined what they could and could not do.

Prohibited was the burning of any files on to a disc, and the removal of that information from the secure terminals.

But there was no real way of enforcing this, the hearing was told.

Cherepko said: “There was no technical restriction put in place by me or any other soldier to stop that happening. The only thing preventing that from happening is trust that the soldier would do as right and not remove classified information.”

Abuse of trust
That trust, the prosecution will argue, was abused by Manning in his quest to provide WikiLeaks with the biggest dump of state secrets in US history.

Meanwhile, prosecutors have also begun detailing how they believed Manning carried out the crime, and what links him to the evidence.

Investigators building up a case against the soldier found classified data and chat log confessions amongst his property, the hearing was told.

A computer crimes expert said a digital storage device shipped back to the Maryland home of the suspect’s aunt from Baghdad had confidential data stored on it special agent Mark Mander told the military court: “There was one card, an SD memory card, which contained information. Some of that information was classified.”

Other evidence taken by a specialist team appeared to confirm a chat log between Manning and convicted hacker Adrian Lamo — the former confidant who turned the soldier in to the authorities.

“We travelled to California where Lamo lived and collected a computer and a hard-drive that Lamo used. On the hard drives were the versions of the chats,” Mander said. “They were also found on the property collected from Manning,” he added.

The hearing, which is designed to produce a recommendation on whether or not Manning should go to a full court martial, continues on Monday. —