An Army intelligence analyst arrested for leaking classified U.S. combat videos and State Department records to WikiLeaks.org reportedly carried the secret data out of secure areas on CD-RWs.
In April 2010, whistleblower website WikiLeaks released a video that it maintains is classified gun-sight footage of a 2007 U.S. helicopter attack in Baghdad that killed two Reuters news staff. According to a CNET News.com article published shortly after the footage's release, "government sources told both Reuters and the Associated Press on Monday that the clip is authentic."
Early this month, Wired.com reported that a U.S. Army intelligence analyst, identified as Bradley Manning, was arrested in May for allegedly leaking the 2007 Baghdad footage, additional video from 2009 air strike in Afghanistan, and over 260,000 classified U.S. diplomatic cables. According to Wired, the 22-year-old analyst discussed leaking the secret material to former computer hacker Adrian Lamo in a series of online chats.
At some point after that, Lamo notified the FBI and the U.S. Army about the pair's conversations. The analyst was arrested and is being held in Kuwait while the U.S. Army Criminal Investigate Division (CID) and other U.S. agencies investigate the leaks.
As of this article's publication, the analyst has not been formally charged with leaking the classified material. Neither the U.S. Army nor the U.S. State Department have said much about the leak, other than to acknowledge that an investigation in taking place and that hard drives used by the analyst in Iraq are being analyzed.
Classified data allegedly carried out on CD-RWs
Wired has published what it claims is a transcript of the chat sessions between Lamo and the analyst. Within the material, Manning reportedly described how he carried the data out of the secure areas in which he worked. The following are excerpts from that transcript:
(01:52:30 PM) Manning: funny thing is... we transffered so much data on unmarked CDs...
(01:52:42 PM) Manning: everyone did... videos... movies... music
(01:53:05 PM) Manning: all out in the open
(01:53:53 PM) Manning: bringing CDs too and from the networks was/is a common phenomeon
(01:54:14 PM) Lamo: is that how you got the cables out?
(01:54:28 PM) Manning: perhaps
(01:54:42 PM) Manning: i would come in with music on a CD-RW
(01:55:21 PM) Manning: labelled with something like "Lady Gaga"... erase the music... then write a compressed split file
(01:55:46 PM) Manning: no-one suspected a thing
Manning also describes overall lax IT security policies:
(02:43:33 PM) Manning: also, theres god awful accountability of IP addresses...
(02:44:47 PM) Manning: the network was upgraded, and patched up so many times... and systems would go down, logs would be lost... and when moved or upgraded... hard drives were zeroed
(02:45:12 PM) Manning: its impossible to trace much on these field networks...
(02:46:10 PM) Manning: and who would honestly expect so much information to be exfiltrated from a field network?
10 ways to make sure your data doesn't walk out the door
If the above chat transcripts, which Lamo gave to Wired, are true, they show a shocking lapse in IT security. As TechRepublic blogger Debra Shinder wrote in her article, "10 ways to make sure your data doesn't walk out the door," a popular way "to sneak digital information out of an organization is by copying it on some sort of removable media or device." She suggests organizations restrict the user of removable media, writing:
"SB thumb drives are inexpensive and easy to conceal, and high capacity SD, CF, and other flash memory cards can hold a huge amount of data. Users can also copy files to their iPods or other MP3 players or to CD or DVD writers. You can permanently restrict the installation of USB devices by removing the ports physically or filling them with a substance. You can also use software to disable the use of removable devices on each individual computer or throughout the network.
In Vista, you can restrict use of removable media (USB devices and CD/DVD burners) through Group Policy. (See What's New in Vista Group Policy for details.) For other operating systems, there are third-party products, such as Portable Storage Control (PSC) from GFI."
Whatever the outcome of the Manning case, the possibility that classified data was carried out of a supposedly secure U.S. Army location on a CD-RW should be a wake-up call to all network administrators. It's often the threat you don't see that's most dangerous.
Bill Detwiler has nothing to disclose. He doesn't hold investments in the technology companies he covers.
Bill Detwiler is Managing Editor of TechRepublic and Tech Pro Research and the host of Cracking Open, CNET and TechRepublic's popular online show. Prior to joining TechRepublic in 2000, Bill was an IT manager, database administrator, and desktop support specialist in the social research and energy industries. He has bachelor's and master's degrees from the University of Louisville, where he has also lectured on computer crime and crime prevention.