Skip to main content

In Part 2, we looked at the security environment at FOB Hammer and discovered that there was effectively none. That was the first component of the "perfect storm" that enabled Pfc. Manning to collect the video and documents that were published by WikiLeaks. There were two dimensions that interacted there. One was lax-to-completely-absent physical security at the site. The other was the failure on the personnel management side to detect all of the indicators that Manning was a candidate for being an insider threat.

In Part 3 we will shift attention to the other components of the perfect storm that Manning described and show that they were there not for lack of information or institutional awareness, but because of negligence.

The rest of the herd after the Fleur de Kos:

                                                     Elephants 3 - 6

Bear with me. This is pretty long. But there was a lot to say . . .

Lets declare the "weak site security" elephant dead and move on to the others in Manning's "perfect storm:" "weak servers, weak logging, weak counter-intelligence and inattentive signal analysis." This was not a case of someone being asleep at the switch . . . there was no switch. In all of the places in which controls to prevent or monitor unauthorized or suspicious activity usually are, there were few or none, and those that might have been in place were ineffectual or simply ignored.

Effective host and database access "need-to-know" controls could have blocked access to much of the information Manning accessed. Effective logging would have captured the sources and destinations of the gigabytes of data that Manning was downloading, as well as the origins of the requests. Effective traffic monitoring and analysis could have flagged Manning's anomalous activity. Even in the absence of traffic analysis, had there been logging, forensic analysis of the traffic would have led back to him.

Apparently there was no logging because it wasn't until WikiLeaks published the data that anyone was aware of what had happened and it wasn't until Lamo fingered Manning that anyone had a clue who did it . . . The lights were on, the doors were open, but there was no one home.

Recall the BankInfoSecurity interview with Marcus Ranum mentioned in Part 2. Later in that interview Mr. Ranum also had this to say about lessons learned from WikiLeaks:

Then the other piece of the puzzle that I find is really interesting is the apparent inability of the people who lost the data, the original data holders, to tell what data was stolen and while it was being stolen. And this is an important message for anyone who is a CISO because it shows what can happen when your data leaks if you don't have auditing and logging in place so that you can go back and say, 'Well, OK if we do believe this guy leaked a bunch of information, what information did he actually access and when?' Of course, ideally you would get in front of that process and maybe detect the fact that somebody who really didn't have a need to access this particular information was downloading [this information] in one fell swoop. That is kind of a red flag, I would think.
As usual, a master of understatement . . . But he was really being polite, I think. In terms of getting one's attention, this should be more of an IED going off in one's face than a red flag.

Scott Bradner had a slightly different take on the idea:

The surprise about this latest series of leaks is not that it happened, but how it had not happened long before. Actually, maybe it has -- not everyone who would like a copy of such information would be interested in publishing it. [emphasis mine]
The picture that emerges from media reports is that of an organization (the DoD) that was either oblivious to the risks it was taking or which didn't care. Either way, it is a failure of management. It is a failure of the chain of command to monitor and enforce standing policies designed to protect Secret and Top Secret information. There was a complete absence of any attempt to operate the system in a secure manner. The problem here isn't WikiLeaks and Pvt. Manning. The culpability lies with the chain of command that permitted such an environment to exist in the first place. They are the ones who provided the means and opportunity.

Now, this is a very important point, so I'm going to beat it to death: Nobody had a clue about what Manning was up to until the video and cables were published on WikiLeaks. In his own words, he had been “rummaging around classified military and civilian networks for more than a year” . . . and nobody had noticed anything!

Let's take a step back and do a thought experiment: Let's say that instead of the documents being stored electronically on machines on a network that I have physical documents stored in a warehouse . . . the same documents, just different storage medium. Let's say this warehouse is located in a storage facility. The entrance to the storage facility is unlocked, unguarded and unmonitored. The doors and windows of the building are all open and the lights are on. There is no document check-out/check-in process so there is no way to track what documents are accessed by whom or when. There are no surveillance cameras in the building so there is no way to even tell if/when anyone is there. There is a high-volume copy machine on every floor, but there are no counters or access control mechanisms so that I would have some idea of who was copying how much . . . I have no means of knowing anything at all about what goes on in the building or who goes in and out of the storage facility. Then one day I see excerpts from my cables showing up in every newspaper, TV news broadcast and blog on the Internet.

Three questions:

1. Should I be surprised?
2. Who is responsible for the breach?
3. Who is accountable for the breach?

Answers to the three questions:

1. No.
2. The person who allowed those documents to be stored in that environment. I guess that'd be me.
3. The person who authorized the storage of those documents in that environment. I guess that'd be me, too.

If I were the CEO of Coca Cola and that was the Coca Cola “secret formula” that was being spread around, I would be reaching for my golden parachute, and it would be interesting to see how many of the board members survived the next stockholders' meeting.

Should I have known better? Absolutely. My job is to minimize the risk of the loss of the confidentiality, integrity and availability of mission-sensitive information.

Now, I believe that there is not a reader out there who couldn't come up with ways to button the situation up so tightly that someone would have to work very hard to get into the storage facility, into the building, copy the documents and get back out again without being detected. There are the logical equivalents for the protection of electronic systems and data. And the DoD has that information. Nicely collected in a document titled “DoD Insider Threat Mitigation” (pdf) published April 24, 2000. From the Executive Summary:

This report provides an explicit set of recommendations for action to mitigate the insider threat to DoD information systems. [emphasis mine] The report results from the actions of an Insider Threat Integrated Process Team (IPT) requested by the Senior Civilian Official (SCO) of the Office of the Assistant Secretary of Defense (Command, Control, Communications and Intelligence) OASD (C3I). The Team’s charter was "to foster the effective development of interdependent technical and procedural safeguards" to reduce malicious behavior by insiders.
The recommendations fall under seven categories:

1. Policy & Strategic Initiatives
2. Personnel (Management and Security)
3. Training and Awareness
4. Deterrence
5. Protection
6. Detection
7. Reaction/Response

I am beating this subject into the dirt to show that there is no possible excuse for the breach to have occurred. The cause is sheer negligence at the highest levels of the DoD (and as we will see in Part 4, also State). In 2000, the DoD was handed a cookbook for the mitigation of the insider threat. If, in the intervening ten (10)! years between the time the document was published and Manning had gone on his shopping spree, the recommendations in that document had been implemented, Manning would have been found out when he first started fiddling around and it would have ended there. Purely and simply it was an abject failure of adequate risk management at the organizational level.

. . .

After the leaks hit the fan, the military hastily slammed the barn door shut.

The U.S. Military is telling its troops to stop using CDs, DVDs, thumb drives and every other form of removable media or risk a court martial.

Maj. Gen. Richard Webber, commander of Air Force Network Operations, issued the Dec. 3 (2010) "Cyber Control Order" - obtained by Danger Room - which directs airmen to "immediately cease use of removable media on all systems, servers, and stand alone machines residing on SIPRNET," the Defense Department's secret network. Similar directives have gone out to the military's other branches.

"Unauthorized data transfers routinely occur on classified networks using removable media and are a method the insider threat uses to exploit classified information. To mitigate the activity, all Air Force organizations must immediately suspend all SIPRNET data transfer activities on removable media," the order adds.

Reread the previous two paragraphs. Then think about what is being said, and by whom. A Major General is announcing in a memo that, as commander of Air Force Network Operations, he knows that "unauthorized data transfers routinely occur on classified networks using removable media." General Webber didn't just take it upon himself to send out that memo. He sent it out for the same reason that "similar directives have gone out to the military's other branches." It really doesn't matter from how high up the chain of command the impetus for the statement came, the point is that policy dealing with how to handle highly confidential information was being blatantly ignored throughout the military . . . and, as acknowledged in the memo, the chain of command up to at least the Major General level was aware of it and tolerated it. And this is only part of the problem. The most important part is that the DoD was responding to the superficial aspect of the problem and had no clue about the root of the problem. Clueless, clueless, clueless.

What we have here is a gross failure of risk management and governance that is hard to distinguish from negligence at the highest levels of the military establishment. Not to put too fine a point on it, but, because no one was paying attention, Secret and Top Secret data has been leaked . . . from the State Department, the Defense Department and the NSA (and who knows where else). One could fly a flight of B-52s through the holes in those networks and no one would know they were there. . . . The lights are on, the doors are open, but there's nobody home . . .

Which leads us to another one of the elephants. Given Pvt. Manning's perfect storm along with the admission that "unauthorized data transfers routinely occur on classified networks . . ." one has no way of knowing how much data was compromised, how many times, by whom, or for how long. As Scott Bradner said, " . . . not everyone who would like a copy of such information would be interested in publishing it." And apparently, there are those out there . . .

Again from the Threat Level article:

The [FBI] agents did tell Lamo that he may be asked to testify against Manning. The Bureau was particularly interested in information that Manning gave Lamo about an apparently-sensitive military cybersecurity matter, Lamo said.

That seemed to be the least interesting information to Manning, however. What seemed to excite him most in his chats was his supposed leaking of the embassy cables. He anticipated returning to the states after his early discharge, and watching from the sidelines as his action bared the secret history of U.S. diplomacy around the world.

Manning was only focused on the embassy cables, and in this case, we lucked out and dodged a bullet. But then the FBI was much more interested in "an apparently-sensitive military cybersecurity matter . . ." Good luck, guys. You're going to need a boatload of it . . . Without any forensic evidence, you don't have a chance in hell of finding out what happened.

Now, published reports give no information/insight into whether Manning was the only one of all of the people who have or had access to SIPRNet and JWICS to extract (or, for that matter, edit or insert bogus) information from them. It is safe to say that the probability of that being the case is infinitely small . . . Especially given the FBI's interest in that "apparently-sensitive military cybersecurity matter." After all,

. . . squashing Wikileaks disclosures to prevent exposure of sensitive information would not prevent terrorist organizations or enemy states from obtaining that same data and using it for more nefarious purposes.
Just to make sure that this elephant is well and truly dead: This really was the perfect storm. Nonexistent network/database security allowed Manning to hoover up gigabytes of data in complete anonymity and nonexistent site security at FOB Hammer allowed him to “export” those data from the “secure room” to the WikiLeaks servers. Though many/most of the sites that have access to SIPRNet and JWICS may adhere to policy, processes and procedures that prevent this sort “exporting” from happening, there are an unknown number that do not. And while we know of one case in which the weaknesses of the system were exploited, there is an unknown and unknowable number that are not. On top of that, given the lack of controls that would allow us to know, we have no idea what and how much other data has been downloaded and how much has been deliberately compromised . . . if, when or by whom.

In the current vernacular, this is what one would call an Epic Fail.

It is tempting to call for the heads of those who are accountable for the abysmal security of the environment at FOB Hammer. DoD Instruction 8510.01 defines a Certification and Accreditation process that would theoretically allow one to identify them. That person/those people certainly need to be held accountable, but in a way, they would be just as much scapegoats as is Manning. From what one can glean from published reports, the problem is endemic. Manning described it himself when he described the perfect storm. Then, General Webber's statement that "Unauthorized data transfers routinely occur on classified networks . . ." confirmed it. This is a system-wide (at least DoD, State and the NSA) lack of basic risk management and governance.

From a ComputerWord article discussing the fallout from WikiLeaks:

Adm. Mike Mullen, chairman of the U.S. Joint Chiefs of Staff, was blunt in his criticism of Wikileaks during the press conference. "The truth is they might already have on their hands the blood of some young solider or that of an Afgan [sic] family," Mullen said.
The real truth is that if there is any blood on anyone's hands it would be on Adm. Mullen's and the hands of those under his command who permitted the lack of security that allowed Manning to exfiltrate the information. A mea culpa from Adm. Mullen is most appropriate and would have been welcome. In its absence, a "Good riddance!" and a "Hope to see you in court sometime soon!" will do.

When the North Koreans shelled Yeonpyeong Island, the South Korean Defense Minister resigned. It would have been nice if Secretary Gates had acknowledged the scope of the problem and at least made the gesture of offering to fall on his sword.

To wrap up, a couple of observations from the press:

From the National Journal in late 2010:

The U.S. Central Command has begun security reviews of protocols at forward-deployed settings like Hammer in Iraq, where Manning spent several years. 'Insider threat working groups' have been established, and commanding officers are being trained to detect behavioral changes in their young analysts.
Remember “DoD Insider Threat Mitigation” published in April 2000? And the response in 2010 is to establish insider threat working groups?!?!?!?!? Jesus, Mary and Joseph! I've seen some dysfunctional organizations in my time, but this absolutely takes the cake. What the hell were they doing in the ten years between the time the Insider Threat Mitigation Guide was published and the archetypal insider threat punked the whole DoD and State Department?

Finally, from CTOEdge:

Without the most basic level of security, it's hard to see how you can expect your sensitive data, including your business plans, your customer information or your own accounting data, to not eventually leak out. The difference between the government and you is that such a leak can shut down your business, and perhaps put you in jail if you violate federal compliance laws. With the government, only Manning is likely to see prison time. The people who designed the security system, it appears, aren't being held accountable.
Yes, unfortunately, but typically, it is likely very true that Manning is the only one likely to see prison time. He just showed up for work to find an all-you-can-eat-for-free smorgasbord.

The people who should be held accountable are those who had ten years to implement the recommendations made in "DoD Insider Threat Mitigation" and four years to train unit commanders and non-coms on the observations made in "Comparing Insider IT Sabotage and Espionage: A Model-Based Analysis" on how to spot potential insider threats and how to manage them.

The bull elephant in the room is how cavalierly the DoD has treated information security and the apparent lack of an organized governance and risk management process, not to mention a mature information security practice. It would be wonderful to think that we really dodged a bullet with this and that all that happened was we found out a little about how our government has lied to us and that, as a whole, our diplomatic corps is a pretty astute bunch of folks. The thing is, because of "weak servers, weak logging, weak physical security, weak counter-intelligence, inattentive signal analysis . . ." even if DISA had an incident response team, there is very little information available that would help with a forensic analysis.

There is no telling how much data has leaked or where it is. There is no public evidence of the existence of a formal incident response process. The response to this incident reminds one of the Keystone Kops and the Marx Brothers. We have seen some knee-jerk responses such as blindly forbidding the use of removable media and the institution of "insider threat working groups." Can you say too little, too late?

I'm going to stop right here for a minute to remind the reader of Marcus Ranum's comments on the insider threat . . . that he'd been banging that drum for 20 years and that others had been banging the drum for 20 years before him. “So that is nothing new.” Remember also that the DoD has been funding projects collaborating with organizations like NIST, RAND, CERT and others on understanding the insider threat and documenting mechanisms for managing it. And the report on insider threats that was published in 2006 listed the six attributes that characterized an insider threat . . . all six of which Manning exhibited! Now, that information was, in and of itself, as Mr. Ranum said, not new. Apparently the threat was not important enough for the DoD to actually do anything about it . . . Or more likely, no one was paying any attention. No matter how you cut it, though, the negligence that was/is displayed should cost careers. What we have here is a failure to manage risk. Apparently, protecting Secret and Top-Secret information is not a priority for the Defense Department.

So what's missing from the public discussion at least, is any indication of awareness of the main problems and the "big picture." Perhaps the charitable thing to do is to apply Hanlon's razor to this situation. But what does remain is the fact that there is no evidence of risk management and governance, at least as far as security is concerned, in the DoD.

(For an idea of what it looks like when an organization takes network security and data protection seriously, read this article on The Register. The threat to national security is not Bradley Manning and WikiLeaks. It is the cluelessness of the people who are responsible for protecting our classified data).

We have talked about several of the elephants in the room, but we still have one left. To this point, the DOD has gotten all the attention. To be fair, the management at State is if anything, even more clueless than the folks in the DoD. We'll address that elephant in Part 4.

This diary was cross-posted to Don't Confuse Me With Facts, My Mind's Made Up!

Originally posted to lartwielder on Wed May 16, 2012 at 10:20 PM PDT.

Also republished by Community Spotlight.

EMAIL TO A FRIEND X
Your Email has been sent.
You must add at least one tag to this diary before publishing it.

Add keywords that describe this diary. Separate multiple keywords with commas.
Tagging tips - Search For Tags - Browse For Tags

?

More Tagging tips:

A tag is a way to search for this diary. If someone is searching for "Barack Obama," is this a diary they'd be trying to find?

Use a person's full name, without any title. Senator Obama may become President Obama, and Michelle Obama might run for office.

If your diary covers an election or elected official, use election tags, which are generally the state abbreviation followed by the office. CA-01 is the first district House seat. CA-Sen covers both senate races. NY-GOV covers the New York governor's race.

Tags do not compound: that is, "education reform" is a completely different tag from "education". A tag like "reform" alone is probably not meaningful.

Consider if one or more of these tags fits your diary: Civil Rights, Community, Congress, Culture, Economy, Education, Elections, Energy, Environment, Health Care, International, Labor, Law, Media, Meta, National Security, Science, Transportation, or White House. If your diary is specific to a state, consider adding the state (California, Texas, etc). Keep in mind, though, that there are many wonderful and important diaries that don't fit in any of these tags. Don't worry if yours doesn't.

You can add a private note to this diary when hotlisting it:
Are you sure you want to remove this diary from your hotlist?
Are you sure you want to remove your recommendation? You can only recommend a diary once, so you will not be able to re-recommend it afterwards.
Rescue this diary, and add a note:
Are you sure you want to remove this diary from Rescue?
Choose where to republish this diary. The diary will be added to the queue for that group. Publish it from the queue to make it appear.

You must be a member of a group to use this feature.

Add a quick update to your diary without changing the diary itself:
Are you sure you want to remove this diary?
(The diary will be removed from the site and returned to your drafts for further editing.)
(The diary will be removed.)
Are you sure you want to save these changes to the published diary?

Comment Preferences

  •  I can't speak to military secrets (4+ / 0-)
    Recommended by:
    Don midwest, BOHICA, m16eib, bnasley

    but I do know what SNAFU stands for...and what FUBAR means.  Put them together, and you have the situation SNAFUBAR; Situation Normal All Fucked Up Beyond All Recognition.

    Which is pretty normal when your commander in chief is a loser like the Shrub.

    To make the argument that the media has a left- or right-wing, or a liberal or a conservative bias, is like asking if the problem with Al-Qaeda is do they use too much oil in their hummus. Al Franken

    by Youffraita on Thu May 17, 2012 at 12:55:07 AM PDT

  •  this series should be published in... (5+ / 0-)
    Recommended by:
    Don midwest, erratic, jrooth, JVolvo, m16eib

    .... some major media outlet with a huge mainstream readership.  

    It's the most astute and comprehensive analysis of the situation around the Manning case I've read.  

    And yes, the contributory negligence of bad security should be weighed in the Manning case.  

    What I would do if I was the presiding judge or equivalent, is draw a line based on what would have occurred had any reasonable security measures been in place.  Whatever Manning could have obtained under those conditions, would be chargeable.  Whatever he couldn't have obtained under those conditions, but only obtained do to the actually abysmal security, would not be chargeable.  

    "Minus two votes for the Democrat" equals "plus one vote for the Republican." Arithmetic doesn't care about your feelings.

    by G2geek on Thu May 17, 2012 at 01:59:42 AM PDT

    •  Re: this series should be published (3+ / 0-)
      Recommended by:
      jrooth, JVolvo, m16eib

      Thanks very much for the compliment!

      I agree wholeheartedly that contributory negligence should be weighed in the case. Barring that, I'd settle for some long brig time for the "contributors." They should have an opportunity to contemplate the errors of their ways . . .  :)

      And, I really like your idea on how to parse out what's chargeable and what's not . . . Sounds very reasonable to me . . .

      •  that's how judicial temperament works. (1+ / 0-)
        Recommended by:
        m16eib

        On one hand I believe there was real damage done and laws were broken, so some kind of penalty is necessary.

        On the other hand, throwing away someone's life who arguably has a major psych diagnosis (bipolar), does not do justice.

        On the third hand, contributory negligence.

        With everything I know about this case including the stuff that's not public, I would probably end up condensing the charges to one charge of unlawful conveyance of classified material to a person unauthorized to receive it, sentence him to five years in prison and five years of probation, suspend four years of the prison term, and give him credit for time served thus far, and the necessary dishonorable discharge.  

        The net result would be that he doesn't serve any more prison time as long as he stays out of trouble, and probation can be used to ensure he gets himself into the VA to get his head troubles fixed.  

        And last but by no means least, make some kind of statement to the effect that this is justice tempered by mercy due to circumstances, but similar cases in the future should be dealt with far more harshly.  That as a warning and attempt to deter anyone else from thinking they can go down that road.  

        Unfortunately the actual outcome of this is more likely to be life in prison without possibility of parole.  As I said, nothing good comes of this whole affair.  And LWOP will also make him something of a "cause," which will also result in goading others to attempt similar activities.  Whereas a more merciful outcome would prevent him becoming a "cause," and not encourage "revenge hacking."  

        "Minus two votes for the Democrat" equals "plus one vote for the Republican." Arithmetic doesn't care about your feelings.

        by G2geek on Thu May 17, 2012 at 01:54:11 PM PDT

        [ Parent ]

  •  Manning Still Responsible For His Actions (3+ / 0-)
    Recommended by:
    redlum jak, ballerina X, m16eib

    Generally, I have no quarrel with most of this.  The information breach was a major failure of government security.  Not much controversy here - this is sort of like a diary that blames the Katrina response on poor management at FEMA.  One wonders why all the effort.

    It all becomes clear when you consider the second conclusion, which is that the persons who stored the documents without sufficient safeguards are responsible for the breach.  

    Fair enough, but incomplete - Manning is also responsible.  And if - a big if at this point - Wikileaks did something on its own that is actionable at law - then Wikileaks and Assange also bear responsibility.  However Assange and Wikileaks remain uncharged, so it is not clear the evidence is there and until and unless that happens he deserves the presumption of innocence.

    But its worth pointing out - the government's failures here don't excuse the actions of others.  That is like saying the thief goes free because you used a poor lock to secure your house.

    "Hidden in the idea of radical openness is an allegiance to machines instead of people." - Jaron Lanier

    by FDRDemocrat on Thu May 17, 2012 at 07:32:19 AM PDT

    •  Agreed that it doesn't let Manning off the hook (3+ / 0-)
      Recommended by:
      lysias, JVolvo, m16eib

      However the breadth to which the breach occurred, that others are not being tried for gross negligence of duty surprises me.

      --Enlighten the people, generally, and tyranny and oppressions of body and mind will vanish like spirits at the dawn of day. - Thomas Jefferson--

      by idbecrazyif on Thu May 17, 2012 at 07:43:26 AM PDT

      [ Parent ]

      •  Manning broke the law, but he is being grotesquely (2+ / 0-)
        Recommended by:
        m16eib, truong son traveler

        overcharged with this "aiding the enemy" nonsense.

        If making information the government wants kept secret available to the public amounts to aiding the enemy, then an awful lot of journalists can be charged with aiding the enemy.  (And recent government actions like yesterday's executive order suggest that that is precisely what the government has in mind.)

        The influence of the [executive] has increased, is increasing, and ought to be diminished.

        by lysias on Thu May 17, 2012 at 09:12:46 AM PDT

        [ Parent ]

        •  Manning is not a journalist though... (1+ / 0-)
          Recommended by:
          m16eib

          Member of the military are held to different legal standards.  When he signed up, Manning took an oath.  Don't do the crime if you won't do the time.

          Floyd Abrams, the lawyer for the New York Times in the famous NYT v Sullivan case, made this point when he distanced himself from arguments being made by Julian Assange and other Wikileaks defenders. In the Pentagon Papers case, Daniel Ellsberg admitted to wrongdoing, but held that he did so pursuant to avoiding greater evils.  Ellsberg was never prosecuted, but there were grounds to do so.

          Maybe that is the real issue here.  If the Afghanistan War was as deeply unpopular as Vietnam, and the American people were as affected by the Afghan War as much as by Vietnam (one was a conscript-driven war the other an all-volunteer) then maybe there would be more sympathy for Manning.  But since his actions involved a conflict against an enemy who had defended the killers of 9/11, he gets little from me.

          "Hidden in the idea of radical openness is an allegiance to machines instead of people." - Jaron Lanier

          by FDRDemocrat on Thu May 17, 2012 at 10:22:55 AM PDT

          [ Parent ]

          •  The time for what Manning did should be (4+ / 0-)

            a couple of years, maybe, in a stockade.  (I spent many years in the military, in military intelligence, and am now a lawyer, who spent his last couple of years in the military in military law, so my instinctive reaction means something.)

            Not the grotesquely long sentence that will result if he is convicted on this ridiculous "aiding the enemy" charge, which should have been thrown out by the military judge at the first opportunity.

            The influence of the [executive] has increased, is increasing, and ought to be diminished.

            by lysias on Thu May 17, 2012 at 11:34:27 AM PDT

            [ Parent ]

            •  He's already served that much, hasn't he? (2+ / 0-)
              Recommended by:
              lysias, m16eib

              And a lot of the time he was under what I consider cruel and unusual punishment.  

              Further, what he (allegedly) leaked was politically damaging but of little security/military significance.  

              Regarding the comment that Manning was/is not a journalist, I think most people who haven't taken a secrecy oath should qualify as journalitsts.  I imagine you have to take one to get a security clearance.  Does everyone in the military have to take one?

              We're all pretty strange one way or another; some of us just hide it better. "Normal" is a dryer setting.

              by david78209 on Thu May 17, 2012 at 02:04:42 PM PDT

              [ Parent ]

              •  We don't know the significance... (1+ / 0-)
                Recommended by:
                m16eib

                Aside from speculation about some people potentially being compromised, we don't know the extent of the damage.

                Remember, Assange and Wikileaks initially claimed they were redacting these cables.  That was certainly not the case with the later raw dump.

                Go back the see some of the comments from organizations like Human Rights Watch, who was concerned about people in authoritarian countries who complain to US diplomats could end up suffering.

                Lots of love for Bradley Manning here on DKOS - not much concern, apparently, for the consequences of his actions to innocents.  People are white washing this without information, Assange-style.

                "Hidden in the idea of radical openness is an allegiance to machines instead of people." - Jaron Lanier

                by FDRDemocrat on Thu May 17, 2012 at 03:53:28 PM PDT

                [ Parent ]

                •  Such concern for innocents, (3+ / 0-)

                  when the government hasn't been able to point out a single innocent who has suffered.

                  The influence of the [executive] has increased, is increasing, and ought to be diminished.

                  by lysias on Thu May 17, 2012 at 03:59:43 PM PDT

                  [ Parent ]

                  •  As I said.... (0+ / 0-)

                    ....the very nature of the information militates against our ever having full knowledge.  For example, if a US Embassy abroad had a confidential informant in an authoritarian government and we believed that information revealed through Wikileaks compromised that source, we would not necessarily make that knowledge public - ever.

                    The "all information is free!"pro-Wikileaks crowd obviously never had to live in authoritarian countries where simply openly advocating for human rights or workers rights or political change can be a death sentence.

                    Perhaps that did not occur here - again neither of us can say yes or no with certainty.  But as an American I am not comfortable letting the decision to release such information be made by Julian Assange and his shadowy group, operating beyond any morality or controls but their own.

                    Assange has shown his true colors lately by becoming a pawn of RT (Russia Today), the pro-Putin "news" outlet that is helping crush reform in Russia.

                    "Hidden in the idea of radical openness is an allegiance to machines instead of people." - Jaron Lanier

                    by FDRDemocrat on Thu May 17, 2012 at 07:56:52 PM PDT

                    [ Parent ]

                    •  As I said, Manning broke the law, and I (0+ / 0-)

                      don't object to punishing him, within reason.  But this "aiding the enemy" stuff is really beyond the pale, and its implications as a precedent are scary indeed.

                      The influence of the [executive] has increased, is increasing, and ought to be diminished.

                      by lysias on Fri May 18, 2012 at 07:42:42 AM PDT

                      [ Parent ]

                    •  Assange, on the other hand, has broken no (0+ / 0-)

                      law and has a perfect right to deal with the Russians and to do things that our government -- and you, apparently -- do not like.

                      He is an Australian citizen, after all.

                      The influence of the [executive] has increased, is increasing, and ought to be diminished.

                      by lysias on Fri May 18, 2012 at 07:44:13 AM PDT

                      [ Parent ]

                      •  I never questioned his right to do so... (0+ / 0-)

                        ...but his actions disqualify him even more from ever being trusted to make judgement calls on how to treat sensitive information.  It is amazing how many people are fearful of how government treats information but perfectly happen to let Assange and persons unknown take over the task.  

                        Chances are quite high that Wikileaks has been thoroughly penetrated by any number of foreign intelligence services...

                        "Hidden in the idea of radical openness is an allegiance to machines instead of people." - Jaron Lanier

                        by FDRDemocrat on Sun May 20, 2012 at 10:25:07 PM PDT

                        [ Parent ]

            •  With all due respect for your service... (1+ / 0-)
              Recommended by:
              m16eib

              ...there are people I have spoken to with similar backgrounds as yours who think Manning should have the book thrown at him.  This is bearing in mind that this was not some sort of isolated or spur of the moment occurrence, but a massive and knowing breach based on a political agenda.

              You or I also still don't know the extent to which the released State Department information compromised sources or methods.  Without information on the consequences, we can't make a final judgement on the extent - if any - of the damage.

              "Hidden in the idea of radical openness is an allegiance to machines instead of people." - Jaron Lanier

              by FDRDemocrat on Thu May 17, 2012 at 03:49:33 PM PDT

              [ Parent ]

              •  Nothing Manning revealed was classified (2+ / 0-)
                Recommended by:
                m16eib, truong son traveler

                any higher than "Secret".  Anything the revelation of which would be a serious matter is classified "Top Secret" or higher.  (And an awful lot that is classifed even as high as Top Secret or higher should never have been classified in the first place.  That goes all the more for just Secret stuff.)

                The influence of the [executive] has increased, is increasing, and ought to be diminished.

                by lysias on Thu May 17, 2012 at 04:03:32 PM PDT

                [ Parent ]

          •  I'm not sure it's accurate to say the Taliban (3+ / 0-)

            defended the killers of 9/11.  The Guardian: Bush rejects Taliban offer to hand Bin Laden over (Oct. 14, 2001):

            President George Bush rejected as "non-negotiable" an offer by the Taliban to discuss turning over Osama bin Laden if the United States ended the bombing in Afghanistan.

            Returning to the White House after a weekend at Camp David, the president said the bombing would not stop, unless the ruling Taliban "turn [bin Laden] over, turn his cohorts over, turn any hostages they hold over." He added, "There's no need to discuss innocence or guilt. We know he's guilty". In Jalalabad, deputy prime minister Haji Abdul Kabir - the third most powerful figure in the ruling Taliban regime - told reporters that the Taliban would require evidence that Bin Laden was behind the September 11 terrorist attacks in the US, but added: "we would be ready to hand him over to a third country".

            The influence of the [executive] has increased, is increasing, and ought to be diminished.

            by lysias on Thu May 17, 2012 at 11:38:18 AM PDT

            [ Parent ]

  •  Even the simplest network administrative policies (5+ / 0-)
    Recommended by:
    jrooth, redlum jak, lysias, JVolvo, m16eib

    Could have prevented nearly all of this. When I heard about the leak and the HOW it happened the sysadmin in me literally yelled at the radio.

    For one absolutely no granular control access for one. Its so simple to setup and maintain. A literal set it and forget it using any form of LDAP and group membership for database access control rights.

    Secondly, what business does analysts have utilizing external drives of ANY sort. Analysts by their nature have access to sensitive data, so by default that data should have access control locked tight.

    As an example. On the primary network I administrate, I have it set so that if a particular client shows dramatically increased network traffic. That client is flagged, logged and the logs then emailed to me so I can see who access what, when, and how.

    And with the logging if there is a breach of security, say I forgot to close a loophole of group access or something. The logging allows me to at least take reactive steps to close the plug before the dam breaks.

    Your analysis is spot on. Heads should have been rolling on this one.

    --Enlighten the people, generally, and tyranny and oppressions of body and mind will vanish like spirits at the dawn of day. - Thomas Jefferson--

    by idbecrazyif on Thu May 17, 2012 at 07:41:01 AM PDT

  •  If someone had wanted to expedite transfer (2+ / 0-)
    Recommended by:
    m16eib, truong son traveler

    of highly classified information to foreign governments, he could hardly have done a better job than the people who created this climate.

    The influence of the [executive] has increased, is increasing, and ought to be diminished.

    by lysias on Thu May 17, 2012 at 09:08:57 AM PDT

  •  No way of knowing if others accessed the same (1+ / 0-)
    Recommended by:
    m16eib

    treasure trove of information that Manning is alleged to have done or if they did, what they did with it. There may be some very rich ex-service personnel who sold even more sensitve or damaging data to real enemies of the USA which may have cost lives and operational advantages world wide. Cheney just endangered one spy network. Rumsfeld opening all the data to the unsecured networks probably screwed many more as well as hardening the negotiating positions of other countries or even alerting international drug cartels of operations.

    I'd tip you but they cut off my tip box.

    by OHdog on Thu May 17, 2012 at 10:59:09 AM PDT

    •  Re: No way of knowing . . . (0+ / 0-)

      Greets OHdog,

      Man, you hit a lot of my hot buttons . . . Especially when you pointed out the things you did wrt Cheney and Rumsfeld. They're two of my least favorite people. I'd love to get hard evidence to tie them into this . . . It'd make my decade . . .

      "With sufficient thrust, pigs fly just fine." -- RFC 1925

      by lartwielder on Fri May 25, 2012 at 12:29:28 AM PDT

      [ Parent ]

  •  I know this comment is going way into CT, (0+ / 0-)

    but just indulge me for a moment?

    Apparently there was no logging because it wasn't until WikiLeaks published the data that anyone was aware of what had happened and it wasn't until Lamo fingered Manning that anyone had a clue who did it . . . The lights were on, the doors were open, but there was no one home.
    We live in the times where the media are mouthpieces and enforcers for the government (and of the government if you take into consideration the likes of Judith Miller, IMHO) and their propaganda. (Or for the corporations that own both the politicians and the media, if you prefer? Which is a better assessment, IMHO)

    Would it be wise to assume that they would expect the media to turn in any leaks they receive as sure as they would pummel a whistleblower in their oft slanted stories?

    Would the government/military/corporations/whatever assume that  the complicit media was just another layer of their security?

    I mean... This might be their assumption before they knew wikileaks was serious trouble for them?

    I know... Probably a high percentage of reporters (70%? 80%? +++?) are not bad people BUT they do work for others, others who are often horrible to our nation's health and would gladly step up for the FBI/CIA/Military/crazy politicians/whatevs just because they have proved to be part of the problem.

    And I know, as well, that it does not address the security threat of foreign governments at all in a sensible way.

    But it is a line of thinking that makes me ponder if they are more worried that WE CITIZENS FIND OUT THIS INFORMATION than they are of foreign spies knowing what they have secured?

    Judging by their reactions to the information and spin of it all it would seem they are more worried about us knowing, IMHO.

    Kind of off topic and all. And even if it is purely CT, though somewhat related to the big picture, I guess? Just something I have been thinking about for a while.

    ePluribus Media
    Collaboration is contagious!

    by m16eib on Thu May 17, 2012 at 04:15:49 PM PDT

    •  Re: I know this comment . . . (0+ / 0-)

      grin

      Hello ePluribus Media,

      "Just because you're paranoid doesn't mean that they're not out to get you . . ."

      I think that there's some truth to what you're saying. I've wondered why no one else has taken up the charge on this. This could be a major talking point . . .

      For now, I'm willing to write it off to ignorance (and I don't mean that in a negative way). The tech media gets it. If not, I wouldn't have all of these quotes to use. So, the way I'm treating it right now, it's up to those of us who have a clue and who care to keep raising a stink until someone does something to shut us up . . .  :)

      Cheers

      "With sufficient thrust, pigs fly just fine." -- RFC 1925

      by lartwielder on Fri May 25, 2012 at 12:25:50 AM PDT

      [ Parent ]

  •  Two huge elephants (0+ / 0-)
    • The hyper-classification of information, including the post-classification of info already in the public record.
    • The classification of information to cover up wrongdoing and/or to protect wrongdoers.

    Ellsberg released far more sensitive material than did Manning. He is now rightly considered a hero.

    This is our country!

    If only donkeys could have elephant balls... Occupy!

    by chuckvw on Thu May 17, 2012 at 06:59:32 PM PDT

  •  Thank you (0+ / 0-)

    Excellent series. Echos what every objective sysadmin I've discussed this subject with has said: this was a massive management failure of first proportion. Never mind giving anyone the chance to resign with honor: there is absolutely no excuse for anyone in the chain of command from Manning up to the top levels of the Pentagon to not have been summarily dismissed for negligence. Having said all that, the unfortunate truth is that the military is just following the example of the private sector in its chronic dismissal of its own established security policies at every level.

    One day we're all going to wake up to complete network failure due to the work of some 19 year old PLA hacker and these same incompetents will say, "No one could have predicted..." Seems that's a tune they've sung before.

    •  Re: Thank you (0+ / 0-)

      Hola plembo,

      Thanks for the compliment and, more importantly, the sentiment. The incredibly sad thing is that you are absolutely correct. Anyone who has any clue about what's going on sees it for what it is. My only hope is that I can shake enough trees that someone will listen. It's about Manning, but, then again, it's not just about Manning. He did us a GREAT favor by showing that the emperor has no clothes. Our job is two-fold: Pull Manning's fat out of the fire and dump everyone from the DoD and State into it .  . .

      Cheers

      "With sufficient thrust, pigs fly just fine." -- RFC 1925

      by lartwielder on Fri May 25, 2012 at 12:16:31 AM PDT

      [ Parent ]

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site