Wikileaks: How our Government IT Failed Us

Wikileaks: How our Government IT Failed Us

Summary: It wasn't an insecure SIPRNet that created the "perfect storm" that allowed Private Bradley Manning to dump the State Department cables to Wikileaks. It was the failure of our government to apply standard IT practices in a theater of war.

SHARE:

It wasn't an insecure SIPRNet that created the "perfect storm" that allowed Private Bradley Manning to dump the State Department cables to Wikileaks. It was the failure of our government to apply standard IT practices in a theater of war.

This week, a lot of folks in the IT security community are scratching their heads. At the State department and at the armed forces, IT heads are likely rolling over the dump of over 250,000 secret US embassy cables to Wikileaks, which has shared this material with multiple media outlets.

Political and diplomatic ramifications of this data dump aside, many questions remain as to how it was even possible that confidential, secret State Department data from one of our most secure government networks, the SIPRNet, or Secret Internet Protocol Router Network, was even able to be leaked by a US Army intelligence analyst, Private First Class Bradley Manning, who was deployed at a field operations center in Iraq.

Conventional wisdom would seem to indicate that if Manning was so easily able to dump data off of this network, then maybe our defense networks aren't secure after all. But it's not that simple.

As it turns out, as it is most frequently deployed, SIPRNet (as well as JWICS) is an extremely secure environment which would have prevented offloading of data of any kind from an endpoint terminal or workstation, because one of the most common configurations uses thin-client terminals which have their USB ports disabled and contain no hard drives or even an optical storage device.

Also Read: The Battlefield Beyond Bad Flash Drives (ZDNet Government)

This purchase record from 2008, for example, from the Department of the Army for the US National Guard is indicative of a typical SIPRNet configuration, using HP T5735 smart terminals which run on Linux and use encrypted Citrix ICA sessions to a terminal server which present a virtualized SIPRNet desktop to the end-user. This is implemented using a software solution called Nettop 2, which is sold by Trusted Computer Solutions, which recently became a division of Raytheon.

The systems architecture of NetTop 2 is flexible (see embedded PDF presentation) in that it you can use any number of endpoint terminal types, including PCs, so that different sessions can be established to different virtual desktops and the end-user can have access to a mix of unclassified, semi-classified and classified material from multiple networks, such as the SIPRNet-connected intranet in which the State Department cables that Manning accessed were stored.

However, it is designed so that it is impossible for a NetTop2 user to copy or transfer data from that SIPRNet or JWICS virtual desktop session -- no data transfer or cross-domain copying is allowed between access levels whatsoever.

Page 2: [What really went wrong]  »

For a quick overview of the issues involved, have a look at this video that was supplied to me by Raytheon TCS, where their COO, Ed Hammersla discusses the challenges of cross-domain data sharing and how their product is designed to prevent the type of nightmare classified information leak scenario that we're all hearing about now.

So if SIPRNet is secure, and with the NetTop 2 environment it's impossible to copy data off to a USB flash drive or a DVD from a secure session, how the heck was Manning able to dump that data to Wikileaks?

Well, the problem is that in this case, the US Army didn't deploy NetTop 2 for the workstations that Private Manning had access to in Iraq. Instead, he had access to two laptops, with functional DVD writers which were directly connected to the SIPRNet and JWICS, not through secure, isolated virtual desktop sessions.

This resulted in a chink in the armor that was exposed to the wrong type of person -- a mentally unstable, angry young 22-year old Army Private who had carte blanche capability to copy and suck down everything from SIPRNet and the JWICS that he could get his grubby little hands on.

We don't know exactly what methods Private Manning used on this PC to copy down the data --  whether he had direct access to the HTML or data files on the State Department web servers that stored the embassy cables, or whether he used some sort of custom code to spider the pages. The chat records that were supplied by Adrian Lamo have been sealed by the government.

But according to a Wired article from over the summer, we know exactly what went wrong:

As described by Manning in his chats with Lamo, his purported leaking was made possible by lax security online and off.

Manning had access to two classified networks from two separate secured laptops: SIPRNET, the Secret-level network used by the Department of Defense and the State Department, and the Joint Worldwide Intelligence Communications System which serves both agencies at the Top Secret/SCI level. The networks, he said, were both “air gapped” from unclassified networks, but the environment at the base made it easy to smuggle data out.

“I would come in with music on a CD-RW labeled with something like ‘Lady Gaga,’ erase the music then write a compressed split file,” he wrote. “No one suspected a thing and, odds are, they never will.”

“[I] listened and lip-synced to Lady Gaga’s ‘Telephone’ while exfiltrating possibly the largest data spillage in American history,” he added later. ”Weak servers, weak logging, weak physical security, weak counter-intelligence, inattentive signal analysis … a perfect storm.”

There's a lesson to be learned here. You can have the most secure network(s) in the entire world, and all kinds of enabling technology to help you safeguard your information, but if you don't follow consistent IT practices across the board, have gaping holes in your endpoints, and you don't psychologically profile the people who have access to your most trusted, secret information, you're just asking for trouble.

That Manning was sucking down vast amounts of data from the State Department's email and intelligence intranets should have tripped alarms at a security console at a network operations center somewhere and the controls should have been put in place in terms of logging and server hardening to prevent this sort of thing. This either didn't happen or nobody was watching -- that's definitely a big issue and it needs to be addressed at a much higher level.

However, these other IT weaknesses and shortcomings aside, Manning would never have been able to transfer that data if the Army had been following the same standard IT practices that it follows stateside and on military bases and other government installations. In my discussions with various people in the defense IT community, I've learned the following:

At the time of the breach, there was a ban on all USB devices at the Department of Defense in effect due to a malware attack that was spread by infected USB drives. At one point, all removable media were banned, including DVD-writeables.

However, DVD-R drives -- such as the ones in Manning's laptops weren't disconnected on all systems because IT policy as it was applied was inconsistent. Additionally, in Afghanistan as well as in Iraq, where Manning was deployed in theater operations, soldiers were using "sneakernet" to move data around because of a lack of consistent network connectivity out at the edge in the battlefield.

So what nailed us was simple. We allowed this guy to walk into work with writeable DVD media and gave him laptops with functional read/writeable DVD drives and possibly even USB ports, at an Iraq field operations center in a theater of war, when the standing policy on military bases and in other government installations (such as at US Central Command) is to prohibit personnel from bringing USB devices, Smartphones, iPods and CDs onsite.

That's just plain stupid.

Was it an insecure network that permitted Manning to perpetrate his treasonous acts against the American people, or was it the Army's inconsistent IT policy that did us in? Talk Back and Let Me Know.

Topics: CXO, Government, Government US

About

Jason Perlow, Sr. Technology Editor at ZDNet, is a technologist with over two decades of experience integrating large heterogeneous multi-vendor computing environments in Fortune 500 companies. Jason is currently a Partner Technology Strategist with Microsoft Corp. His expressed views do not necessarily represent those of his employer.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

49 comments
Log in or register to join the discussion
  • The news wasn't the leaks, it is the weaknesses

    in the cyber security of the DOD. You know damn well that some IT heads are rolling.
    Snooki_smoosh_smoosh
    • But WTF does this have to do with Net neutrality?

      Huh ZDNet?

      What a bunch of asshats.
      dgurney
    • re: this Blog post... how the media is attacking the wrong issues!

      @Jason Perlow

      I just love the way you so-called patriotic Yanks are trying to down-play the nature of the content leaked by attacking the s'posed leaker (note that it has yet to be [b]proved[/b] that Manning was the source) rather than being outraged at the content of those leaks... the content of which deserves outrage from those nations sniped and slandered (us Aussies included)!

      Much of the content leaked clearly demonstrates the utter ARROGANCE and ill-informed IGNORANCE that defines the powers-that-be within your country, and all you can do is attack the leaker, and the inept IT department/policies that made it all possible.

      Bl00dy typical!
      kaninelupus
      • RE: Wikileaks: How our Government IT Failed Us

        @kaninelupus People and governments are duplicitous and talk behind each other's backs all the time, especially when they think those conversations are private and confidential. You would find similar language, attitudes, and positioning tactics in the diplomatic cables and verbal communications of any other country.

        The outrage should properly be directed at: (i) Wikileaks, Manning, and others who profit/benefit from theft; and (ii) government IT who allowed the theft to take place.
        jayallengator
      • Similar but not the same

        @kaninelupus ... The convention on cluster munitions - banning cluster bombs - was ratified in 2008 by the United Kingdom. It is not ratified by Russia, China or the United States.

        One of the diplomatic cables discusses how the UK - in violation of its agreement to ban cluster bombs - is storing many of them on behalf of the United States, and lying to its own citizens about doing so, asserting they are not.

        So if you live in the UK and you enjoy getting all up in the face of your member of Parliament, you might want to take note of this.

        Your government is storing prohibited weapons used to murder babies on behalf of the United States.
        HollywoodDog
      • RE: Wikileaks: How our Government IT Failed Us

        @kaninelupus Oh come off it.<br><br>Even if 95% of the leaked information was just foolishness (and why wouldn't it be? Do you think YOUR government, wherever YOU live is any better? I bet its filled with an equal number of asshats), its the 5% which compromises people's safety or well-being which is at issue and the mere presence of the predictable foolish stuff is only a bonanza to people who loathe the U.S... and would anyway without this having happened. So at least fess up to why this thrills you. Its not that its "proving" anything new to anyone. Its that its giving you ammunition to act like the things expressed in that data aren't typical results of human nature, and no different from what anyone would do. There's no "magic society" out there who wouldn't have foolish diplomats, and lots of F.U.D. in their diplomatic correspondence. None.
        Snark Shark
      • RE: Wikileaks: How our Government IT Failed Us

        @HollywoodDog

        But seeing as I [i]don't[/i] live in the UK, I can be disgusted with [b]BOTH[/b] countries!

        To be honest, with all the details being exposed through these types of leaks, it is not only easy to see just how much the US actually deserved the events of 9/11 (more deaths have resulted from your country playing dirty politics in the backyards of other countries!), but why other developed countries should be wiping their hands of the United States altogether... It's not like you guys ever seem to learn!
        kaninelupus
      • RE: Wikileaks: How our Government IT Failed Us

        @kaninelupus I've gone back and seen that you are an Aussie. Great. Its a lovely country. But you are fooling yourself if you project it as a perfect society. Take the issue of racial tolerance, for example. The U.S certainly has a horrible track record, but do you think Australia is any better? Take ANY issue, any like that, and there will be national skeletons. If the Aussie President was the leader of the so-called Free World, and the Australian diplomatic corps in the position of the American ones, I'm SURE an equal mountain of embarrassing dispatches would exist, and even with the smaller scale it has as a medium sized world power now, I'm sure if someone "leaked" the Aussie dispatches, there'd be PLENTY of horrid, embarrassing stuff. Try to deny that, and I think you'd just be blowing smoke.

        What was leaked was a lot of the worst stuff--or at least that's what people cherry picked to notice. Any run of the mill efficiency, anything which showed these folks or the U.S. government in a GOOD light was too boring for anyone to bother to comment on. Its just the bad stuff, the stuff which would inevitably be there from that MUCH material, which people deign to design outraged rants around.
        Snark Shark
  • I dont think that the goverment failed

    But there was maybe a sense of invulnerability at the DOD maybe that '' Guy's out system are concrete no one can hack us ....But they never tought that a 22 years old private would screw them .....<br><br>Anyways 5 years ago someone would have say ..... guy one of these day will get screwed by a 22 years old private . the answer would have been '---- hey dumb @ss slow down on the coffee your getting paranoid .''<br><br>I really doubt that anybody would have think or imagine a inside job.....Ever .<br><br>So in a sense the government didnt failed the system did there a difference.<br><br>And before some of you start screaming Obama failed you .... Did Obama name private Manning there NO <br> Did Obama is a IT genius NO <br> DID Obama relax the security will never know.<br><br>In the end who could have predicted a inside job ( no one )

    Buy after that there will be full body search for IT guy at the DOD i hope they will but a nice broad for the search and not some 400 pound destroyer with 1 % body fat --- with a huge german accent Come here I will search you ... (sound of bone breaking screaming in the background) dont be a wuss its only a your spin you dont need it anyways. you sit on your fat ass all day .....
    Quebec-french
    • RE: Wikileaks: How our Government IT Failed Us

      @Quebec-french

      <i>"But they never thought that a 22 years old private would screw them .....</i>

      Espionage has has been a tactic for centuries, and it never occurred to the government that this could happen? If that is the case that would mean the IT department of the DOD is even more incompetent.

      Of course they (the DOD) new it was a possibility, and with 3 Million people with accesses to similar levels of confidential information, of course that should have been secured so tight, that the information shouldn't have gone anywhere.
      Snooki_smoosh_smoosh
  • Sorry, Wrong Title

    It should be HOW OUR GOVERNMENT FAILED US.

    It's been doing that for years...Gulf of Tonkin anyone?

    This guy and Assange are preventing another mess that could cost thousands of servicemen and women's lives for the sake of big money.
    cyberslammer2
    • Keep telling yourself that

      @cyberslammer2, maybe you'll believe it.
      Though I'm going to take a guess that you advocate pirating music and software as actually [i]helping[/i] the artist and developers.

      Next you'll be stealing computers claiming "it's for the safety of the children".
      John Zern
      • Mushroom?

        @John Zern

        You must like to sit in the dark and be fed BS. That is also how your government likes it.

        Questioning minds bother those in power. Clearly yours does not.
        Economister
      • RE: Wikileaks: How our Government IT Failed Us

        @Economister Maybe if you quantified having a mind the size of an acorn...which John Zern has.

        He's probably one of those cowards who thinks that patting down an 80-year old and feeling up kids in the airport is acceptable in the name of security.

        Stalin and Hitler would have been proud of you.
        cyberslammer2
      • RE: Wikileaks: How our Government IT Failed Us

        @John Zern Actually I do support pirating music as long as the artist supports it...try looking up Trent Reznor and see how he feels about it.

        Software piracy, no I'm not for it.

        So you're WRONG on both accounts.

        How's my burger coming?
        cyberslammer2
      • You are the winner, cyberslammer!

        you where the first person to invoke Godwin's Law!

        But then, in all seriousness, you have no idea what's the issue is, do you?
        John Zern
      • Come on cyberbuddy2, don't tell me your one of them!

        here I am agreeing with john zern, i'm surprised you dont understand whats going on.
        Whether you feel you have any right to know who is a confidential informant, let me tell you something - YOU DON'T!

        this info was kept confidential, and 100 percent leagally - just as we have the right to express opinions or assesments of others with ertain individuals, so does the government.

        These names, cables, all this info was kept in the same way and for the same reasons as the government keeps the name and info of people in Witness Protection Program. So what your saying is that you feel we all have a right to know who these people are? I'm sure the people they put out of business would love to know where they live today and what there new name is.

        Well guess what - its nobody's overseas business what our diplomats and elected officals think about a situation someplace anymore then what elected officials of other countries think about ours.

        what you advocating is that some competitor of yours should have access to all your business dealings and assesments of other competitors, right.

        Gee I wonder what happens if within those documents are ideas or discussions on how to get jobs back here in the USA, and now India or China is alerted to that ideal?
        Ron Bergundy
  • Can't something be done about Jason Purlow

    Here he is discussing the configuration of terminals used for SIPRnet. I hope our enemies aren't listening.
    I'm just asking the question; why is he still breathing? Why haven't our intelligence services hunted him down like Al Queda?
    Of course everything he released is readily available and a surprise to no one. But that doesn't excuse the fact that he is talking about confidential information systems.
    ETC.
    (Please note, the above is satire)
    HollywoodDog
    • RE: Wikileaks: How our Government IT Failed Us

      @HollywoodDog I got all the information with simple Google searches and the vendor, Trusted Computer Solutions, was more than happy to talk to me about their product and provide me with that video. It's not like I'm disclosing information that was handed to me that was confidential.
      jperlow
      • That's OK Jason

        HollywoodDog's been writing all week how it's great Assange exposed all these secret cables, informant names, and plans to everyone, so he'll come around and start calling you a "hero" in a day or two. ;)
        John Zern