By Kevin Poulsen and Kim Zetter June 6, 2010 9:31 pm
Federal officials have arrested an Army intelligence analyst who boasted of giving classified U.S. combat video and hundreds of thousands of classified State Department records to whistleblower site Wikileaks, Wired.com has learned.
SPC Bradley Manning, 22, of Potomac, Maryland, was stationed at Forward Operating Base Hammer, 40 miles east of Baghdad, where he was arrested nearly two weeks ago by the Army’s Criminal Investigation Division. A family member says he’s being held in custody in Kuwait, and has not been formally charged.
Manning was turned in late last month by a former computer hacker with whom he spoke online. In the course of their chats, Manning took credit for leaking a headline-making video of a helicopter attack that Wikileaks posted online in April. The video showed a deadly 2007 U.S. helicopter air strike in Baghdad that claimed the lives of several innocent civilians.
He said he also leaked three other items to Wikileaks: a separate video showing the notorious 2009 Garani air strike in Afghanistan that Wikileaks has previously acknowledged is in its possession; a classified Army document evaluating Wikileaks as a security threat, which the site posted in March; and a previously unreported breach consisting of 260,000 classified U.S. diplomatic cables that Manning described as exposing “almost criminal political back dealings.”
“Hillary Clinton, and several thousand diplomats around the world are going to have a heart attack when they wake up one morning, and find an entire repository of classified foreign policy is available, in searchable format, to the public,” Manning wrote.
Wired.com could not confirm whether Wikileaks received the supposed 260,000 classified embassy dispatches. To date, a single classified diplomatic cable has appeared on the site: released last February, it describes a U.S. embassy meeting with the government of Iceland. E-mail and a voice mail message left for Wikileaks founder Julian Assange on Sunday were not answered by the time this article was published.
The State Department said it was not aware of the arrest or the allegedly leaked cables. The FBI was not prepared to comment when asked about Manning.
Army spokesman Gary Tallman was unaware of the investigation but said, “If you have a security clearance and wittingly or unwittingly provide classified info to anyone who doesn’t have security clearance or a need to know, you have violated security regulations and potentially the law.”
Manning’s arrest comes as Wikileaks has ratcheted up pressure against various governments over the years with embarrassing documents acquired through a global whistleblower network that is seemingly impervious to threats from adversaries. Its operations are hosted on servers in several countries, and it uses high-level encryption for its document submission process, providing secure anonymity for its sources and a safe haven from legal repercussions for itself. Since its launch in 2006, it has never outed a source through its own actions, either voluntarily or involuntarily.
Manning came to the attention of the FBI and Army investigators after he contacted former hacker Adrian Lamo late last month over instant messenger and e-mail. Lamo had just been the subject of a Wired.com article. Very quickly in his exchange with the ex-hacker, Manning claimed to be the Wikileaks video leaker.
“If you had unprecedented access to classified networks 14 hours a day 7 days a week for 8+ months, what would you do?” Manning asked.
Bradley Manning (Facebook.com)
From the chat logs provided by Lamo, and examined by Wired.com, it appears Manning sensed a kindred spirit in the ex-hacker. He discussed personal issues that got him into trouble with his superiors and left him socially isolated, and said he had been demoted and was headed for an early discharge from the Army.
When Manning told Lamo that he leaked a quarter-million classified embassy cables, Lamo contacted the Army, and then met with Army CID investigators and the FBI at a Starbucks near his house in Carmichael, California, where he passed the agents a copy of the chat logs. At their second meeting with Lamo on May 27, FBI agents from the Oakland Field Office told the hacker that Manning had been arrested the day before in Iraq by Army CID investigators.
Lamo has contributed funds to Wikileaks in the past, and says he agonized over the decision to expose Manning — he says he’s frequently contacted by hackers who want to talk about their adventures, and he’s never considered reporting anyone before. The supposed diplomatic cable leak, however, made him believe Manning’s actions were genuinely dangerous to U.S. national security.
“I wouldn’t have done this if lives weren’t in danger,” says Lamo, who discussed the details with Wired.com following Manning’s arrest. “He was in a war zone and basically trying to vacuum up as much classified information as he could, and just throwing it up into the air.”
Manning told Lamo that he enlisted in the Army in 2007 and held a Top Secret/SCI clearance, details confirmed by his friends and family members. He claimed to have been rummaging through classified military and government networks for more than a year and said that the networks contained “incredible things, awful things … that belonged in the public domain, and not on some server stored in a dark room in Washington DC.”
He first contacted Wikileaks’ Julian Assange sometime around late November last year, he claimed, after Wikileaks posted 500,000 pager messages covering a 24-hour period surrounding the September 11, 2001 terror attacks. ”I immediately recognized that they were from an NSA database, and I felt comfortable enough to come forward,” he wrote to Lamo. He said his role with Wikileaks was “a source, not quite a volunteer.”
Manning had already been sifting through the classified networks for months when he discovered the Iraq video in late 2009, he said. The video, later released by Wikileaks under the title “Collateral Murder,” shows a 2007 Army helicopter attack on a group of men, some of whom were armed, that the soldiers believed were insurgents. The attack killed two Reuters employees and an unarmed Baghdad man who stumbled on the scene afterward and tried to rescue one of the wounded by pulling him into his van. The man’s two children were in the van and suffered serious injuries in the hail of gunfire.
“At first glance it was just a bunch of guys getting shot up by a helicopter,” Manning wrote of the video. “No big deal … about two dozen more where that came from, right? But something struck me as odd with the van thing, and also the fact it was being stored in a JAG officer’s directory. So I looked into it.”
In January, while on leave in the U.S., Manning visited a close friend in Boston and confessed he’d gotten his hands on unspecified sensitive information, and was weighing leaking it, according to the friend. “He wanted to do the right thing,” says 20-year-old Tyler Watkins. “That was something I think he was struggling with.”
Manning passed the video to Wikileaks in February, he told Lamo. After April 5 when the video was released and made headlines Manning contacted Watkins from Iraq asking him about the reaction in the U.S.
“He would message me, Are people talking about it?… Are the media saying anything?,” Watkins said. “That was one of his major concerns, that once he had done this, was it really going to make a difference?… He didn’t want to do this just to cause a stir. … He wanted people held accountable and wanted to see this didn’t happen again.”
Watkins doesn’t know what else Manning might have sent to Wikileaks. But in his chats with Lamo, Manning took credit for a number of other disclosures.
The second video he claimed to have leaked shows a May 2009 air strike near Garani village in Afghanistan that the local government says killed nearly 100 civilians, most of them children. The Pentagon released a report about the incident last year, but backed down from a plan to show video of the attack to reporters.
As described by Manning in his chats with Lamo, his purported leaking was made possible by lax security online and off.
Manning had access to two classified networks from two separate secured laptops: SIPRNET, the Secret-level network used by the Department of Defense and the State Department, and the Joint Worldwide Intelligence Communications System which serves both agencies at the Top Secret/SCI level.
The networks, he said, were both “air gapped” from unclassified networks, but the environment at the base made it easy to smuggle data out.
“I would come in with music on a CD-RW labeled with something like ‘Lady Gaga’, erase the music then write a compressed split file,” he wrote. “No one suspected a thing and, odds are, they never will.”
“[I] listened and lip-synced to Lady Gaga’s ‘Telephone’ while exfiltrating possibly the largest data spillage in American history,” he added later. ”Weak servers, weak logging, weak physical security, weak counter-intelligence, inattentive signal analysis… a perfect storm.”
Manning told Lamo that the Garani video was left accessible in a directory on a U.S. Central Command server, centcom.smil.mil, by officers who investigated the incident. The video, he said, was an encrypted AES-256 ZIP file.
Manning’s aunt, with whom he lived in the U.S., had heard nothing about his arrest when first contacted by Wired.com last week; Debra Van Alstyne said she last saw Manning during his leave in January and they had discussed his plans to enroll in college when his four-year stint in the Army was set to end in October 2011. She described him as smart and seemingly untroubled, with a natural talent for computers and a keen interest in global politics.
She said she became worried about her nephew recently after he disappeared from contact. Then Manning finally called Van Alstyne collect on Saturday. He told her that he was okay, but that he couldn’t discuss what was going on, Van Alstyne said. He then gave her his Facebook password and asked her to post a message on his behalf.
The message reads: “Some of you may have heard that I have been arrested for disclosure of classified information to unauthorized persons. See CollateralMurder.com.”
Ex-hacker Adrian Lamo (Ariel Zambelich/Wired.com)
An Army defense attorney then phoned Van Alstyne on Sunday and said Manning is being held in protective custody in Kuwait. “He hasn’t seen the case file, but he does understand that it does have to do with that Collateral Murder video,” Van Alstyne said.
Manning’s father said Sunday that he’s shocked by his son’s arrest.
“I was in the military for 5 years,” said Brian Manning, of Oklahoma. “I had a Secret clearance, and I never divulged any information in 30 years since I got out about what I did. And Brad has always been very, very tight at adhering to the rules. Even talking to him after boot camp and stuff, he kept everything so close that he didn’t open up to anything.”
His son, he added, is “a good kid. Never been in trouble. Never been on
drugs, alcohol, nothing.”
Lamo says he felt he had no choice but to turn in Manning, but that he’s now concerned about the soldier’s status and well-being. The FBI hasn’t told Lamo what charges Manning may face, if any.
The agents did tell Lamo that he may be asked to testify against Manning. The Bureau was particularly interested in information that Manning gave Lamo about an apparently-classified military cybersecurity matter, Lamo said.
That seemed to be the least interesting information to Manning, however. What seemed to excite him most in his chats, was his supposed leaking of the embassy cables. He anticipated returning to the states after his early discharge, and watching from the sidelines as his action bared the secret history of U.S. diplomacy around the world.
“Everywhere there’s a U.S. post, there’s a diplomatic scandal that will be revealed,” Manning wrote. “It’s open diplomacy. World-wide anarchy in CSV format. It’s Climategate with a global scope, and breathtaking depth. It’s beautiful, and horrifying.”
Read More http://www.wired.com/threatlevel/2010/06/leak/#ixzz0q8URPBwN