Tech Forensics Take Center Stage in Manning Pre-Trial 172
smitty777 writes with some updates from Bradley Manning's Article 32 hearing: "Wired has been reporting all [yester]day on the prosecution's technological evidence against Bradley Manning. The first is on the technology and techniques used by Manning. In the second, the examiners admit they didn't find any matching cables on Manning's computer. And finally, evidence that Manning chatted directly with Assange himself."
The prosecution was able to access chat logs and other bits of evidence (which had been deleted, but not scrubbed from the disk) thanks to PFC Manning's use of the same password for his OS login and encryption passphrase. Oops.
"not scrubbed from the disk" ,"Same password" ?? (Score:3)
Not so fast... (Score:4, Insightful)
From the first article...
So Manning certainly knew about this kind of thing, but either didn't do it or didn't do it correctly. I wonder how difficult it is to mess something like that up?
Re:Not so fast... (Score:4, Interesting)
Or he most certainly did, or at least he set up an automated system to do it, etc.
But, no one can/will publicly admit the truth, that either the automated system to do that can be selectively remotely subverted on command (perhaps a routine investigation into him "fishing expedition" found more than expected?) OR the secret truth that cannot be discussed is that classified data recovery operations can read overwritten data much better than public recovery operations.
Most likely this is one of those "lawyers approach the bench" undocumented moments where both sides were informed that public discussion of these classified projects in this trial will be prosecuted, etc... The less this seemingly important topic is discussed during the trial, the more likely they're covering up some interesting technical means.
Having worked in a Army reserve unit in the early 90s in an IT-like capacity, we were told if we were overrun, the ammo depot's records had to be wiped by thermite, not "writing zeros" or whatever. This is public knowledge, read the public TMs. There is probably a very good reason when going up against "the bad guys" you only trust thermite, and going up against internal investigators and auditors, "trust us, writing zeros is good enough"
Re:Not so fast... (Score:4, Interesting)
Having worked in a Army reserve unit in the early 90s in an IT-like capacity, we were told if we were overrun, the ammo depot's records had to be wiped by thermite, not "writing zeros" or whatever. This is public knowledge, read the public TMs. There is probably a very good reason when going up against "the bad guys" you only trust thermite, and going up against internal investigators and auditors, "trust us, writing zeros is good enough"
Of course, that might have something to do with the fact that zeroing out the hard drives takes a not insignificant amount of time compared with just blowing them up. I've never been in the military myself, but I would hazard a guess that you might be under some time pressures if your base is being overrun by the enemy.
Re: (Score:2)
You do not take chances with classified data. It's just not done. Every media ever labeled anything other than unclassified is destroyed once it has served it's purpose.
Re: (Score:3, Informative)
Overwriting with zeros could leave some evidence of the previous data eg (w/ a 1/100th retention: 0.010031 and 0.0073).
Amplify those by 100 and you get back your 1.0031 and 0.073. It takes a very sensitive head, multiple reads, and a totally different drive enclosure, but you get the basic idea.
So, what if you write over the data with pseudo random noise? That's better, but not quite good enough. The problem is
Re: (Score:2)
Hammer isnt going to destroy the magnetic domains. Someone with really good gear could in theory make a digital reconstruction of the drives by reading off the broken pieces of the platter.
If you are going to destroy the drive anyways, throw it in an incinerator or degauss it, or else take a grinder to the platters (id like to see someone reconstruct the drive from abraded dust).
Re: (Score:2)
"Hammer isnt going to destroy the magnetic domains"
Umm, with the right impact, the heat and force imparted via thermodynamics to the platter can indeed change magnetic domains.
Re: (Score:2)
Thank You.
And don't the kind of data that could get you in trouble on a disk. When I say trouble, I don't mean the common pirated software / songs / movies, but the kind of stuff that disappears people.
Put in a USB key chain drive. They're arguably easier to destroy in a jiff, assuming you know what you're doing. One blowtorch, one USB key chain drive -> coming to a Youtube near you.
Re: (Score:2)
One blowtorch, one USB key chain drive -> coming to a Youtube near you.
Until UMG deletes it.
Re: (Score:2)
The magnetic data is analog. so, it's less 1's and 0's than 1.0031 and 0.073...
Overwriting with zeros could leave some evidence of the previous data eg (w/ a 1/100th retention: 0.010031 and 0.0073).
Hasn't this myth been put to bed yet?
Re: (Score:2)
Re: (Score:2)
OR the secret truth that cannot be discussed is that classified data recovery operations can read overwritten data much better than public recovery operations.
Which is why when people talk about the theoretical difficulties and the implausibility of recovering data off of overwritten sectors, its a worthless assurance. Noone has demonstrated a mathematical impossibility, they just say "we dont think anyone can do this".
If you want data really, truly, for realsies gone, degauss the disk, or raise it to the curie point.
Re: (Score:2)
There is probably a very good reason when going up against "the bad guys" you only trust thermite, and going up against internal investigators and auditors, "trust us, writing zeros is good enough"
It depends on the drive technology. If you were in the service in the 1970s/1980s, where hard drive tech was MFM or RLL or similar, then yes, thermite was the correct option. For 2011-era SATA drives, zeros are almost good enough, and overwriting with a random data stream is most definitely good enough (the amount of time and equipment needed to try to recover a modern drive that has been overwritten with a random data stream is so prohibitive that it is usually easier and cheaper to just threaten someone
Re: (Score:2)
It's because writing zeroes takes time and is easy to screw up -- power loss, drive failures, etc. will stop the erasure process. Thermite is fast, reliable, and gives visual feedback that the operation has completed successfully.
Re: (Score:3)
The standard recommendation I've seen is to overwrite at least 3, perhaps 5, 7, or even 9 times[0], often with a final all-zero overwrite[1] at the end (since an all-zero nominal image might discourage someone from looking harder, while a disk full of random-looking data can only result from a random overwrite or a full-disk encryption system).
The "kill it with fire" technique is more a question of speed and when you can afford to destroy disks. I've heard the NSA burns their disks, and Google physically m
Re: (Score:2)
Re: (Score:2)
Using thermite on my hard drive would be perceived by the interested parties as a confession of my guilt. If I were in his shoes I'd never use it, I'd just use non-destructive methods like the ones he did.
Re:Not so fast... (Score:4, Insightful)
So Manning certainly knew about this kind of thing, but either didn't do it or didn't do it correctly. I wonder how difficult it is to mess something like that up?
Extremely easy.
Any modern operating system uses swap space - and while there's usually a way to ask the OS never to swap a program out, it's seldom exposed to the user. It normally relies on the program itself requesting this, and not everything will. Though a program may be exited later, the area of swapfile it used to use is not necessarily freed from disk.
On top of that, a few programs (eg. Gimp) deal with their own memory management to a certain extent and so operate their own swap independently of the OS - they may also keep other temporary files floating around and don't always delete them. Or they may not save a file in the way you expect - when you hit "save", it's not unusual for a program to:
- Create a new file.
- Dump the data into the new file.
- Rename the old file.
- Rename the new file so it has the same name as the old one.
- Delete the old file.
This drastically reduces the risk of the app dying part way through the save process resulting in a corrupted file. It may result in a file that hasn't been saved, so some work may be lost, but it won't lose the lot. Of course this has the side-effect that there's an old file sat on the disk somewhere containing much the same data.
On top of that, very small files will be stored directly in the MFT on Windows. Now the size of file we're talking about is probably not big enough to contain any serious information, but it may well give a forensic investigator a clue as to what's been done.
I can think of a few scenarios in which Manning could easily mess up:
1. Several "secure delete" utilities offer the option to securely delete individual files. Which they will, but as discussed above that may not achieve much.
2. Using a tool to wipe all free space - these usually work by creating a file and filling it with zeroes until the OS eventually returns a disk full error, then deleting the file. I have no idea what - if anything - they'll do with any data still sitting around the MFT. Not to mention the fact that they won't help if there's any incriminating files sitting around that weren't deleted in the first place - and as we've established, it's quite possible for an application to do this totally invisibly to the end user.
Realistically Manning would need to run DBAN or something similar on the entire disk. This will wipe the OS, so the affected computer would need to be reimaged.
Re: (Score:2)
there's usually a way to ask the OS never to swap a program out, it's seldom exposed to the user.
This is why I don't use PuTTY's pageant on windows without disk encryption. It specifically states in it's faq that even with the functions it has available, it cannot guarantee that windows won't swap it to disk [greenend.org.uk].
Re:Not so fast... (Score:4, Informative)
Yeah, there are lots of ways to screw up, but swap is one of the easiest things to get right. Since the user doesn't need to know a key, the machine can pick a totally random one (256 real bits, no guessable passphrase with less actual entropy) for it at every boot. Swap can be as solid as your best symmetric cipher, and that's pretty damn good. All the PK used on the internet will fail long before this level of tech does. Set things up right and swap may be the #1 safest place on your disks, the catch being that your lose it every time your reboot. ;-)
Re: (Score:2)
Exactly. That's how to do it. Set it up once like that, and then you don't need to worry about swap anymore. I think Linux has had this easy-to-do since the 2.2 days and OpenBSD was (I think?) doing it before that. And that was back when processors were an order of magnitude slower than today's stuff.
The other problems jimicus mentions still stand, but the swap problem is so solved.
Re: (Score:2)
Re: (Score:2)
HAHAHA. POSIX states that writing zeros doesn't actually have to do anything but remember that it's supposed to return zeros for those blocks. Thus, you can store a file that's 1TB of zeros on a 100GB drive... Morons everywhere.
One would hope that anyone writing such a utility would have the good sense to fill the file up with something other than zeroes for precisely this reason.
Personally, I wouldn't stake my freedom on a gamble like that. You would be amazed how many applications are written with so little knowledge of the operating system's core API...
Re: (Score:3)
it's not unusual for a program to:
- Create a new file.
- Dump the data into the new file.
- Rename the old file.
- Rename the new file so it has the same name as the old one.
- Delete the old file.
This. Some of the more recent applications may replace last three steps with atomic rename so that new file replaces the old one. Linux has supported atomic rename already for a good while and so do Vista and later versions of Windows. Even after this data from the old file and new file are still retained on disk, even though space used for the old file will be marked 'free'.
Re: (Score:2)
when i worked for Uncle Sam the only sure way was to scrub the hard drive with wire brushes. a lot of the people that worked on Top Secret data would do that to their old hard drives when getting rid of old computers. for less sensitive data the standard was five complete passes over a hard drive to flip the bits. once or twice and a pro can still get data off it.
Re: (Score:2)
BS. Even if you just flip the bits twice (once to 0, once to 1) the data is virtually unrecoverable. There is not a single disk recovery company that can recover a deleted disk. Also, scrubbing with brushes would require you to open it and the particles you release by scrubbing the plates may be dangerous to your health. Use a magnet, fire or thermite.
Re: (Score:2)
BS. Even if you just flip the bits twice (once to 0, once to 1) the data is virtually unrecoverable.
This is speculation. Every time this comes up on slashdot, people talk about how difficult it is, without ever demonstrating why its not possible (note the "VIRTUALLY unrecoverable"). There is no physical or mathematical reason why it cannot be done, just speculation on what level of sophistication the would-be attackers have.
Re: (Score:2)
Yes there is. You don't know whether a relative voltage level of 0.01 indicates that this was a 1 overwritten with a zero twice, or a 0 overwritten with a 1 then with two zeros. You cannot know. The voltage level is set by the cumulative (lessening) effect of every write that ever occurred on that spot on the platter, and you do not know how many writes occurred.
Re: (Score:2)
Re: (Score:2)
The Great Zero Challenge (Score:2)
Not a study, but an interesting data point: http://hostjury.com/blog/view/195/the-great-zero-challenge-remains-unaccepted [hostjury.com].
Re: (Score:2)
The evidence suggests that the disk was partially zeroed, then that operation was cancelled and the disk was simply reformatted without first erasing it.
Re: (Score:3)
So Manning certainly knew about this kind of thing, but either didn't do it or didn't do it correctly. I wonder how difficult it is to mess something like that up?
Well,
Re: (Score:2)
>
So Manning certainly knew about this kind of thing, but either didn't do it or didn't do it correctly. I wonder how difficult it is to mess something like that up?
Depends on the method used.
If you just "cat /dev/null >dummy.txt" then there'll be a bit of data at the end of each incomplete file cluster which isn't overwritten.
Re: (Score:2)
He attempted to delete the information by zero-filling the disk. The same password issue stems from being the default on the operating system (Mac OS X). I guess the forensics contractor reversed the hash from the login information and retrieved the password that way. This requires some serious computing power for the password used.
I guess 11 digits can be considered mightily unsafe now. Obligatory xkcd reference [xkcd.com].
Re: (Score:2)
Modern Mac OS X uses a single SHA-1 hash (salted) to store passwords. Older versions of OS X uses somewhat less-secure hashes, and if you've interacted with a Windows network you may have things like an NTLM hash to work with.
While the password is 11 characters, it's well within the set of passwords that a good dictionary attack generator will hit -- a word, a year, and some symbols. SHA-1 is cheap to crack.
This is a good example of why operating systems storing passwords should use key strengthening. A 102
Re: (Score:3)
Obviously, but Manning's not-having-his-shit-together was way deeper than technical. His situation was one where you don't even want to be a suspect or "person of interest." Once you have determined investigators looking at you, it's like having a determined burglar specifically interested in your house. He was one of tens (hundreds?) of thousands of people with access to these supposedly-sensitive documents, safely lost in a totally unmanageable crowd, and
Military vs. Civilian Justice (Score:2)
The military justice system is a whole different world than that of civilians, it will be interesting to see if any of the circumstantial evidence will even matter.
Re: (Score:2)
I was going to ask, in a military trial, does the evidence even matter? Isn't the case basically just decided on by some high ranking military personnel? Is there any law or repercussions that would convince them to give a toss what the evidence says anyway?
If this was a civilian trial it'd all be rather interesting to hear the arguments and see how they justify the decided punishment in the face of given evidence (or in the face of his unlikely acquittal), but in a military trial I don't think it all even
Re:Military vs. Civilian Justice (Score:5, Informative)
Re: (Score:3)
"Contrary to what you wish to believe;"
You know, not everyone on Slashdot has their viewpoints set in stone. There are at least one or two of us here still that are capable of taking in new information and changing our viewpoint based on the balance of evidence, rather than posting asserting that some preconceived notion is correct, despite not actually knowing that to be the case with some degree of accuracy.
I don't know a lot about US military trials, which is why I phrased my post largely as a question,
Re: (Score:2)
I'm not in the military, but found this interesting article that gives details on what you are asking: http://usmilitary.about.com/od/justicelawlegislation/l/aacmartial2.htm [about.com]
As for a show trial, all trials are show trials to the extent they are intended to serve as a deterrent to others. From traffic court to murder trials. It's the fairness of the trial you're really wondering about.
It'll be as fair as any other high-profile case you've ever seen. Which is to say most of those involved know they are bein
Re: (Score:2)
I've had a search and can't find much to answer the question as to why military trials are separate in the first place. Part the reason I assumed military trials were separate was because it meant it allowed the military to deal with things in their own way. As part of this I was under the impression it meant without the need for as much rigour as the civilian system. I've previously heard the reason for this is based on the argument that if you're in a warzone for example, that if you suspect with a high d
Re: (Score:2)
Many of the safeguards that exist in US civilian courts, existed in the Military Courts, well before the civilian's.
Re: (Score:2)
Yes, but you've simply reiterated that they are separate - that much is clear. The question is why are they separate, why can't those infractions be dealt with under pre-existing civilian law and justice systems that everyone else is subject to?
There's obviously a reason for handling military justice separately, but I'm not clear what it is - as I say, they closest I've found to an explanation previously is precisely so that the military can deal with things more informally, and hence in a more timely manne
Re: (Score:2)
I'd like add one other reason to the other replies: jurisdiction. Civilian courts cover specific territory (a county or state for example). The early US was designed with states as sovereign, not the federal government. But that created a small problem of "under what law do we prosecute those in the military, especially if they aren't even in a particular state?" (for example, a ship far at sea, built in Massachusetts, launched out of New York, captained by a Virginian and crewed by Pennsylvanians. Oh,
Re: (Score:2)
Re: (Score:2)
Well, obviously they were questions, so your assertion to the counter is completely false. The fact you see them as negative merely highlights the point that you disagree with my previous view of the situation, and take offence to that.
But this is really a problem for you to deal with yourself. If you take offence to someone being wrong, and aren't willing to challenge their point, and offer them a chance to reassess their viewpoint before you get angry at them, then you must live a very angry lifestyle. Th
Re: (Score:2)
It is a joke. Just look at the Abu Ghraib trials or others where they were not tried for torture, murder and rape (which they did) but for 'dereliction of duty' or 'illegal discharge of a firearm'.
No, you're think of the BSG episode where Cally gets 30 days in the brig for murdering a Cylon because the Admiral reduces her violationg to "unauthorized discharge of a firearm". Abu Ghraib didn't involve gunshots.
Re:Military vs. Civilian Justice (Score:5, Insightful)
3. Contrary to what you wish to believe; military court martials aren't show trials. I'd argue that they're ultimately far more fair and impartial than you'll ever find in a civilian courtroom where a DA and/or Judge may have a political agenda to fulfill.
Bradley Manning was held in solitary confinement for almost a year before he was even indicted. How is that consistent with your even handed, non-political picture of military justice?
Re: (Score:2)
He got 3 hots and a cot, got paid and accrued leave time, Hard labor at United States Disciplinary Barracks at Fort Leavenworth [wikipedia.org] is going to make that seem like a vacation.
Re: (Score:2)
Being held without trial for a year violates his right to a speedy trial. An even-handed, non-political judge following the law in any sense of the word would have dismissed all charges due to the violation of due process.
Re: (Score:2)
He also had significant access to classified information and allegedly displayed a tendency to spread that information to person without adequate clearance or need to know.
Re: (Score:3)
From having been in the military although not involved in the justice system, there are two reasons why military trials tend toward pointlessness.
1) Dumb people and addicts and nuts more or less can't get in the military. Most civilian trials, from talking to jury members, tend to involve some level of comedy, like how stupid / arrogant / high did the defendant have to be to think he'd not get picked up by the cops. Easy, trivial, to catch. But the smart military crooks (most stories I heard were about f
Re: (Score:3)
I remember Heinlein saying If you're guilty, you're better off in a civilian trial. If you're innocent, you're better off in a military trial.
From "Starship Troopers", I believe.
Re: (Score:2)
Where did you get the idea that this is all a show from? It's as much a trial as it would be in the civilian system. If there is any prejudgement, it's wrong. I can't say whether this exact trial will be fair or not, but it is supposed to be.
Re: (Score:2)
The fact that Bradley Manning has suffered almost a year of solitary confinement and only now getting a hearing would lead one to believe that this is all a show.
Re: (Score:2)
He has been denied his right to a speedy trial, [i]it is already unambiguously unfair[/i]. There's nothing leading me to believe the court's contempt for due process will stop once the actual trial begins.
Hero (Score:5, Insightful)
You do realize, that unlike your football and basketball stars, you actually have a real hero, don't you? He is in your prison - a political prisoner, because he dared to challenge the government and its illegal activities.
Re: (Score:2)
A hero would have exposed corruption, wrongdoing, etc. and not just released a database hoping others would figure it all out. The hero in this scenario would have no need to be anonymous.
Re: (Score:3)
A hero would have exposed corruption, wrongdoing, etc. and not just released a database hoping others would figure it all out. The hero in this scenario would have no need to be anonymous.
The alleged hero in this scenario was 22 years old at the time of the event. A 22 year old witness to his "brothers" in arms commiting atrocities.
Re: (Score:2)
And yet he produced no evidence of these atrocities. Instead we hear about what diplomats think about world leaders. He didn't go searching for evidence of these atrocities he just grabbed a bunch of files and hoped there was something hidden inside them that was worthwhile.
Re: (Score:2)
You really think he would have even had the time to have scoured the cables?
Re:Hero (Score:4, Insightful)
Yes, because heroes leak information on what the government considers sensitive sites that could be vulnerable to terrorist attacks. You have a warped and naive view of what a hero is. Certainly some small amount of the information that came out indicated distasteful activity, however a large portion of it had no possible political purpose other than to try to hurt the US or give "bragging rights". The actions of whoever leaked the documents is not that of a hero trying to protect, but of an arrogant child trying to show off what they could do.
Even if the goal had been to see what they saw as atrocities stopped, it was not the correct forum to do so by and even if the correct forums had been taken, bragging about it demonstrates the true motivations. I hate corruption and abuse as much as anyone, but that doesn't even make the beginning of an excuse for the vast majority of the type of information that was leaked. What possible whistle is being blown by exposing that many neighbors and "allies" of Iran are secretly terrified of them getting nukes and begging for it to be stopped. All it does is make the situation more dangerous, less likely to be resolved peacefully and accomplishes nothing. There is no point to it.
The calls to go after Assanage seems foolish to me as he isn't a US citizen and I don't see how US law applies to him, but he could reasonably be considered a person non grata. Whoever leaked the documents however, did so from the US and is an enemy of the US and in fact world peace, whether intentionally or not and should be prosecuted as such. Arguably doing some small amount of good (in the wrong way) does not make up for the huge amount of inexcusable, irresponsible harm which was done.
Re: (Score:2)
Whoever leaked the documents however, did so from the US and is an enemy of the US and in fact world peace
So do you believe that the editorial staff of the New York Times should be prosecuted as enemies of the US? They are the ones who actually published the leaks in the US, not Manning.
Of course not (Score:2)
So do you believe that the editorial staff of the New York Times should be prosecuted as enemies of the US? They are the ones who actually published the leaks in the US, not Manning.
Of course not, did you utterly miss the point of what he was writing? He said for example: "The calls to go after Assanage seems foolish to me". The person who PUBLISHES a leak to my mind is not at issue, once a leak is out it is out. A leak is wholly on the person who decided to break a vow or oath and release information th
Re: (Score:2)
SuperKendall did a great job of explaining it, but I will too. The fact is that the NY Times simply brought to light what had been leaked. The information was already publicly available and distributing the type of information that was released to the US population isn't really a risk. The risk is that the information was already out there for people who wanted to find it. All the NY Times did was bring that fact to light.
The one who actually does the leaking is responsible. In the case of the list I m
Re: (Score:2)
Oh, I perhaps see what you were thinking after I re-read my post. What I meant by that line was referring to someone in Manning's position. Not someone who reprints it. I try to avoid saying Manning did it though as he is accused and not yet convicted. I don't know the evidence against him and am not in a position to stipulate that he did or did not actually leak the information. Prosecuting someone for the leak however is certainly more than fair and not going after a hero, but rather a criminal.
Re: (Score:2)
The actions of whoever leaked the documents is not that of a hero trying to protect, but of an arrogant child trying to show off what they could do.
Sounds like you've already made up your mind.
If you read the chat logs, you'll discover that Manning says why he's leaking this stuff, and "arrogant child trying to show off" isn't really in the cards.
But carry on. Don't let facts get in your way.
Re: (Score:2)
I will re-read the chat logs, but my impression of them on first read was that the fact the conversation even occurred in the first place was looking for a pat on the back. Either way, even if that part of the argument isn't valid, the fact remains that he was irresponsible in the type of information released. It was at best criminally negligent while committing a crime and at worst willfully harmful. Either way, it disqualifies him from even remotely resembling a hero working on his ideals.
Re: (Score:2)
Any idiot could figure this out. There are too many sensitive sites, most of which cannot well protected. You sound like a shill.
I hate corruption and abuse as much as anyone, but that doesn't even make the beginning of an excuse for the vast majority of the type of information that was leaked.
Interestingly, some people (even you) recognize that some of the information wa
Re: (Score:2)
Any idiot could figure out what vulnerable sites are if they did a lot of surveying and went looking to figure out where things are, what isn't sufficiently guarded, etc, but that kind of recon is going to draw attention. Letting someone shortcut that process has no possible benefit and can only cause problems.
I don't know if I would agree that the people who classified distasteful information should be prosecuted necessarily, so long as those responsible for the actions were prosecuted. I can see the rea
Re: (Score:2)
Any idiot could figure out what vulnerable sites are if they did a lot of surveying and went looking to figure out where things are, what isn't sufficiently guarded, etc, but that kind of recon is going to draw attention.
Maybe you and I differ on definition of "vulnerable site". Are you talking about poorly defended military bases? Because to me obvious vulnerable sites are bus/train stations. Any tall building during business hours, most of them aren
Re: (Score:2)
The listing I am talking about as vulnerable sites is the one described here "http://www.cbsnews.com/stories/2010/12/06/eveningnews/main7123658.shtml." It is a listing of sites deemed critical to our infrastructure that are currently under-protected and open to attack. Determining at least a fair number of those locations would be non-trivial. I see no possible benefit in their release and only possible harm. I would also agree that much of the recent TSA regulation is ridiculous. Body scanners do noth
Re: (Score:2)
He's not more than an attention whore who could have, as any G.I. who has had access to even low-level classified knows, pursued his agenda via legal channels over time and built a case if his evidence was sufficient.
That appears to have been too much work compared to doing a data dump.
He violated tregulations. That was an adult choice.
Re:Real Heros do not throw the lives of others awa (Score:5, Insightful)
A real hero would have taken the time to scrub names of people who are informants and such in hostile areas.
Whoever passed the information did so unto the entity that did the scrubing for him. It's unreasonable to expect that he parsed reams of documents to remove stuff.
A real hero would always be on the look out for the the little guy, not simply acting out of anger or spite.
Whoever leaked the docs, was looking out for the helpless and wanted to defend them from US military assholes acting out of infantile anger, spite and sadism.
A real hero does not act as Manning allegedly did.
FTFY, idiot.
we will never know how many lives were lost because of it. Granted we may not know of lives saved, but I imagine those lost are real.
FTFY. That's just your imagination/wishful thinking/bad will/brainwashing.
BULLSHIT and you of all people should know better (Score:2, Insightful)
Whoever passed the information did so unto the entity that did the scrubing for him.
That is a BULLSHIT excuse. Perhaps being a Slashdot reader you remember the phrase "information wants to be free". Well that applies for ANY information leaked. No-one Manning leaked to had a security clearance, so why should he trust them to scrub out sensitive information and not feed some in side channel?
Either information is leaked or it is not, just as you cannot be only a little bit pregnant. Manning chose to leak
Re: (Score:2, Flamebait)
Ellsberg.
Re:Real Heros do not throw the lives of others awa (Score:4, Insightful)
In fairness;
-He was assured that the names of sensitive peoples would be scrubbed. Or rather, the truly sensitive cables would not be leaked. And Wikileaks actually did not release many documents purely because of that.
-Wikileaks was using agencies like TheGuardian for the leaks, which assured them that they would properly vet the cables
-The last, drastic and total leak was the result of general incompetence in regards to the total file and the security passcode for it having been posted online by different people, unawares. Oops.
Really, his duty is to the US constitution, and if he believed that there was cause for the leaks - that the army or military or diplomats were treasonous in their duty and that the cables were proof needed to bring this to light - then it's quite understandable that he tried to expose them.
His main mistake was pure naivety or pure dumbassery in trusting a random foreigner with such sensitive data - he had NO way of knowing that this information wasn't going straight into enemy hands - and not trying to bring this data to a local news agency like the NYT (just an example).
Not fair whatsoever (Score:2)
He was assured that the names of sensitive peoples would be scrubbed
And why should he trust them not to send any of it elsewhere? As it turned out in fact the trust was totally misplaced so my question is really more hypothetical since the concern is proven to be totally valid. That's what happens when you give secure information to people without security clearances (or, as it turned out, sometimes to people with them). You must as a leaker assume all information given will be published somewhere.
I just
Re: (Score:2)
but I am pretty sure those lost are real.
Really? Why? None of the informants actually named in the documents has been killed yet...
Re: (Score:2)
Plus Manning didn't know what he was doing. He did not read all of the information and then decide that it was important enough to make public. People are still sifting through all the data he grabbed to figure it out, and we still haven't learned anything new about illegal activities instead we learn about a lot of diplomatic trivialities. Instead he saw a bunch of files and grabbed them wholesale, sort of like wheeling out a filing cabinet without looking inside first.
Re: (Score:2)
But he didn't just report what he felt was a crime. He reported what he felt was distasteful and he also reported many things which were completely irrelevant to an entity known to have an ax to grind with the US. The fact that he leaked documents that have no wrongdoing and serve to destabilize not just US interests, but world stability as well and then was bragging about it reveal the true nature of whoever leaked the documents. Either it was Manning or it was someone who intentionally tried to frame M
Info Doesn't Add Up (Score:3, Interesting)
Maybe it's the usual journalist dumbing-down, but the forensics info doesn't add up:
Then, on or around Jan. 31, someone attempted to erase the drive by doing what’s called a “zerofill” — a process of overwriting data with zeroes. Whoever initiated the process chose an option for overwriting the data 35 times — a high-security option that results in thorough deletion — but that operation was canceled. Later, the operation was initiated again, but the person chose the option to overwrite the information only once — a much less secure and less thorough option.
So it's "only" zero-filled.
Mark Johnson, a digital forensics contractor for ManTech International who works for the Army’s Computer Crime Investigative Unit, examined an image of Manning’s personal MacBook Pro...
How is that contractor able to decode the original data from a zero-filled disk from a mere image?
Re:Info Doesn't Add Up (Score:4, Informative)
Somehow you missed the very next line of the article ....
All the data that Johnson was able to retrieve from un-allocated space came after that overwrite, he said.
Re: (Score:2)
Zero-filling the disk should write over the whole disk, not just parts of it. Why is there unallocated space with data?
Re: (Score:2)
It seems someone used the computer after it was zero-filled, then 'deleted' some files.
Re: (Score:2)
The actual procedure as it was explained to me is that he used the OS X install-disk option to overwrite his disk and chose the Gutmann erasure option, which is a 35-pass wipe. It also takes forever and gives you a helpful progress bar indicating that it will take forever. Apparently he cancelled this and chose the zero-pass wipe -- also known as "just format the drive and install a new OS without actually erasing the disk".
Pro tip: zero-pass wipe is not secure.
A climate of really lousy security... (Score:3)
(1) Net Centric Diplomacy database
Appears to have been trivially downloadable. Manning used Wget to automate the capture of cables from this database. Manning had access to secure networks (SIPRNet) and it was this, rather than any technical expertise, that allowed him to pull all the cables.It seems as if the Net Centric Diplomacy database and its interface (presumably a web front end) lacked any functionality to inhibit automated / bulk downloads, to track or log downloads or to alert operators to suspicious or anomalous patterns of access.
Contrast this with the logging that was available in IntelLink (the SIPRnet internal search engine) that helped link incriminating keywords (Assange, Wikileaks etc) to the IP address assigned to Manning's computer. The defense cannot refute that, while they may be able to undermine the (very poorly gathered) computer forensics from Manning's computer.
(2) Microsoft Share Point server
Appears, also, to have been wide open to anyone on SIPRnet and to have permitted automated (scripted) bulk downloading of files. And, like (1), appears to have lacked any functionality to alert operators to suspicious behaviour.
Contrast this, also, with the logging that was available in IntelLink.
(3) Manning is no expert
First, he used the same password for both his operating system (presumably, his Windows username/password) as for his encryption. Second, he claims to have "zero-filled" his hard disk but had not done so. Third, he used his own computer for the IntelLink searches thereby leaving a trail of evidence.
(4) Lack of expertise seems quite widespread...
The computer environment at the FOB where Manning worked was risible. In testimony, an officer described how "soldiers would store movies and music in their shared drive on the SIPRnet. The shared drive, called the “T Drive” by soldiers, was about 11 terabytes in size, and was accessible to all users on SIPRnet who were given permission to access it, in order to store data that they could access from any classified computer." In other words, in practise, no distinction between storage for movies and music and the storage for classified materials. While the officer told soldiers not to use it for music and movies (and used to delete same as well as reporting the abuse), the practise was prevalent. And despite the 11 terabytes (that is 11 thousand Gigabytes) available for music and movies, this officer cites lack of storage as the reason that some logs (that may have contained evidence) were not maintained. This officer, Capt. Thomas Cherepko, received a "letter of admonishment" for the lax enviroment at this base.
Has the buck stopped at the Captain? I believe that points 1, 2 and 3 suggest a culture of information security so poor as to merit serious enquiry in its own right. Manning probably did break several laws in gathering and communicating the cables to WikiLeaks and, if convicted, must face the music. But the ease with which he did this ought to be cause for far more concern than we are seeing in the media. The US Army appears to be throwing Manning under a bus, but only a slap on the wrist for Cherepko. That is unjust. Lets see how this unfolds...
Should we believe a word? (Score:2)
Should we trust Wired to report honestly on this case?
Re: (Score:3)
I'm very curious about this, because as far as I was aware, the debate on "how much do you need to overwrite data to securely delete it?" raged quite a bit a few years ago, but nobody could actually prove that it was possible to recover data that was overwritten just the once? There was even a website set up, the Great Zero challenge (Which has now been pulled, supposedly nobody ever accepted it) to try and prove or disprove the myth.
Does anyone have any information on where that really stands? Is it actual
Re: (Score:2)
There is a residual charge in a platter when set to 0. Basically, you can tell what the previous charge was because it isn't quite as strong as it would have been if you wrote a 1 twice. A hard disk platter isn't truly digital. It is actually an analog storage medium. If the magnetic field strength is above or below a certain value, it is considered a one or a zero. However, if you write a 1 twice in a row, then that 1 will be minutely stronger and if you have a one and then write it to a 0, the 0 may
Re: (Score:2)
Interesting, that certainly makes a lot of sense. Does that mean that Flash memory isn't as susceptible to such techniques, or does it also have some form of residual data?
Also, does that mean that writing zeros numerous times is also likely not to be effective since (theoretically, at least) there will still be a difference in charge between what was once a 0 (before it was overwritten) and what was a 1? Similarly, overwriting with all zeroes and then all 1's would likely be a waste of time? Hence why you
Re: (Score:2)
I know flash has burn in issues where they get a limited number of writes before they can't be written anymore. What I don't know is if there is any practical means by which this could be used to reconstruct part of a previous state of the card. That's beyond my level of understanding of flash technology, but I would hazard that it probably isn't as I think the mechanism of failure is actually the ability to switch the state of a circuit and there wouldn't be much of an effective means to measure the dete
Re: (Score:3)
It's not that simple. That's a reasonable description of an MFM disk, an old technology that isn't used any more. MFM disks were the topic of the Gutmann paper. Basically all claims that you can recover data from a zeroed drive are based on this paper. Gutmann has since repudiated it. Modern disks are substantially more complicated in terms of how a block of data gets turned into a collection of magnetizations, such that it's no longer reasonable to ever expect to get any useful information out of hysteresi
Re: (Score:2)
Thanks for that info. I did not know the tech had changed. I don't follow hard disk tech that closely and only had knowledge of the original reasoning behind the multi-wipe recommendation. It is still interesting that the government recommendation is still on the books though and from what another poster said, the number of cycles has been increased from 7 to 35. Perhaps there is some other type of residual information that we don't know about but they do, or perhaps it is just fear that someone may dis
Re: (Score:2)
The DoD actually stipulates 7-pass still. (However, physical destruction seems to be required for classified material.) 35-pass is the recommendation Gutmann made as so is often available in disk-wiping software.
The appeal of the multi-pass wipe is that it provides some degree of future-proofing (if people figure out a new technology for drive recovery, you may still be protected against it) and it's basically free if you're dealing with enough drives and have proper workflow.
Re: (Score:2)
Yes, yes I do. Because your statement seems to show a great lack of understanding of digital forensics. Great care is taken to ensure and verifiable prove that the data is not altered from the state it was when the system is taken in. There must still be a reliable link made to indicate that the files were created by the individual and not by a third party, but the files are significant evidence if they can be linked to him.
Re: (Score:2)
Hey AC,
I actually looked around for articles from some other source before I posted this, but couldn't find any. Most of the other sources talked about the non-tech (or non-nerd if you will) aspects of the case. I just wanted to focus on the stuff I thought would be interesting to the /. crowds.
smitty777