
U.S. Intelligence Analyst Arrested in Wikileaks Video Probe - dotBen
http://www.wired.com/threatlevel/2010/06/leak/
======
kordless
Brad worked for me at Zoto for about 6 months back in 2006 or so. I found him
fiercely intellectual.

He moved to Oklahoma from England where he said he had been living with his
mom. Because the driving age is 17 there, he hadn't gotten his license yet. I
took to picking him up from the house and then letting him drive my car to the
office so he could log time for his driver's permit.

One day he accidentally ran a stop sign, directly in the path of another car.
I ended up shouting something like "Stop Brad!" at him, and reaching over and
touching him on the arm as we squealed to a stop. What resulted was something
I never had observed in a person before. He literally shut completely down,
and for a about 5 minutes just sat there with his eyes closed, breathing. I
tried getting his attention, but he was completely catatonic. I pulled the
parking brake, and put the car in park because I had no idea what was going on
with him.

I ended up asking him to leave Zoto a few months later, because of this and
other bizarre incidences, which I chalked mostly up to being a young kid
coming from a split marriage. I'm still not exactly sure what caused his
strange behaviors, but it makes me sad to see that he went and straightened
his life out, only to have all this happen to him.

:(

~~~
rdl
I hope this came up during the interview stage of his TS-SSBI clearance
application.

~~~
kordless
Yeah, no. They never called me.

~~~
rdl
Maybe because he was under 18 when he worked for you? I don't really know how
the rules work for children.

But getting fired from a job should ABSOLUTELY be investigated, and I'd assume
"talk to the boss" is the standard for that.

That's some negligence right there! (or, he left it off his application
entirely, and they didn't do enough checking to verify employment at the time,
and see the gap)

~~~
elblanco
They don't consider history as a minor for the SSBI. And usually don't look at
anything older than 7 years prior anyway.

~~~
rdl
If they don't consider history as a minor, they should refuse to grant
clearances to anyone under 25 or 28.

I also seem to recall being granted S, TS, TS/SCI, etc. is a lot easier/faster
if you're in the military than if you're a contractor. Different queue,
different investigators, and higher presumed loyalty to the US. (i.e. you were
willing to roll the dice and potentially be stuck as a cook for 4-8 years,
which a spy might not be willing to do)

~~~
elblanco
Yeah, I know a few folks who got their TS investigations opened and shut in
about 2 months. It takes longer the older you are anyway especially if you've
moved around a lot or have foreign relatives. I've seen it take as long as 3
years.

I think minors aren't really investigated because they simply don't have much
of a paper trail to look into. Their security profile matches their parent's
more than their own. But who knows.

------
frisco
Everyone in the 2600 group on Facebook got a message from Adrian last week:

    
    
      Please take a moment to delete your ~/.purple/otr.private_key & re-key
      as soon as possible. Verify fingerprints in an out-of-band fashion,
      such as telephone. 
    
      If practical, change PGP keys, and consider re-keying on a set schedule.
    
      Set the re-key time on your SSH sessions to 30 minutes or less. *wild guess*
    
      There is no specific reason for this. I'm just suggesting this as a
      friendly piece of advice. Please act as soon as you have the time. 
    
      Post on the wall if you have any questions about how to do the above,
      or whether it applies to you. If you don't currently use OTR and PGP,
      look into them, especially OTR. 
    
      If anyone here with some actual expertise in cryptography has advice,
      I'm welcoming it. 
    
      *** Disable logging for OTR conversations. ***
    
      Have a nice day.
    

It was strange (concerning?) enough to get that at all; now it has me
wondering what else we're in for in the next few weeks.

------
lionhearted
> “[I] listened and lip-synced to Lady Gaga’s ‘Telephone’ while exfiltrating
> possibly the largest data spillage in American history,” he added later.
> ”Weak servers, weak logging, weak physical security, weak counter-
> intelligence, inattentive signal analysis… a perfect storm.”

The voyeuristic, excited element of it is what got him caught. I have to think
that if he'd been more solemn and reserved, saying he had to balance his duty
to the American people with the oaths he took, then he'd come across a lot
better.

But he didn't. He didn't carefully, agonizingly release a video he thought
relevant, he was talking about dumping all sorts of classified material - just
to do it. Doing that haphazardly shows supply chains, movements,
fortifications, investigations, counter-intelligence, logistics... it would be
a gold mine for terrorists and insurgents not to just attack the armed forces,
but also, maybe even more likely, to kidnap, torture, and kill civilians who
are doing logistics, shipping, etc without a heavily armed escort.

My view here will be unpopular I think, and I don't say this lightly, but I
think this is a rare case of where charges of treason should be brought and
the death penalty sought. He was putting tens of thousands of people's lives
at risk and not just soldiers... and he seemed giddy and excited about it like
a 15 year old figuring out the teacher's password and changing grades.

I doubt they'll charge with him treason since it'd attract a lot of press they
don't want, but his actions were incredibly reckless and despicable. For
someone who has taken the military oaths to break them in such a care-free,
unthinking way, lip-syncing Lady Gaga and being all jazzed up about it... it's
crazy. He didn't even leak to a professional reporter who would use some
discretion in what to release, he went to an anonymous website that'd publish
anything.

Again, I think my view will be unpopular, but I think he should face the
firing squad for it. It remains to be seen whether he'll be painted as a
sympathetic person by people who don't like the war or dislike American policy
in general, but a lot of people stood to die violently as a result of this
man's actions if he wasn't caught.

~~~
pingou
I think you have some good points but I disagree with what you think this man
deserves (disclaimer : I'm an opponent to death penalty and it's even illegal
in my country), his actions will have very serious consequences, and he acted
stupidly, but I don't think he did this in an evil way, it's very human once
you have some power to misuse it, and I think a lot (well I mean a few
percent) will have done the same thing, so I'm not even sure it's a deviant
behaviour, it's not like he had directly murdered anyone, maybe some will die
because of him, but to me he doesn't deserve the same punishment as a
murderer.

I think he's not the only one to blame, he shouldn't have access to all this
sensitive data in the first place. And maybe at the end, all this leaked
informations will have a positive feedback on the USA, like in christianity,
confess your faults and you'll feel better. But I doubt it.

~~~
rdl
I agree he's not the only one to blame.

The FSO of the SCIF where he (presumably) worked should be investigated. His
CO and the rest of his chain of command should be investigated as well. The
(contract investigator, most likely) who was involved in granting him his
clearance, too. I'm pretty sure that all happens automatically when something
like this happens -- at the very least, they need to work on making sure this
doesn't happen again, but it's hard to believe they were 100% blameless in
this.

The actual IT systems used by the military for secret-or-higher classified
data are kind of pathetic, actually. Certain things are done well (the "air
gap" model for networks, and generally the military is decent at key
management, and most members granted security clearance are good about
changing passwords and reporting security probes, vs. commercial environments.
However, the technology itself is often windows (2k, xp, vista), and isn't
exactly the best managed network in the world. To some extent being "air
gapped" causes them to be lazy about other forms of security. A lot of this
has to do with the exceptionally slow procurement and integration cycle of the
military, but at the core, windows is just not a great solution for building
an office automation system with 100% accountability for every file.

(I'm actually working on a startup that will address this market; it's a good
market, but I've also been someone at personal safety risk from security
violations, so it is more compelling to me than writing another fb game or
ipad app.)

~~~
elblanco
I believe he did the exfiltration while in Iraq. The security environment
there is quite different than what you'll find CONUS.

<http://articles.latimes.com/2006/apr/10/world/fg-disks10>

~~~
rdl
I'm in Baghdad.

A SCIF is a SCIF, officially (which is where JWICS would be found). Generally
they rely on armed guards and 24x7 presence vs. vault doors here, but it's
still within the spec.

~~~
elblanco
I certainly don't disagree with you that the spec hasn't changed (24x7 armed
guards, several levels of physical access control, razor wire, etc. etc.).

The de-facto reality is that it's much easier to walk in an out of a SCIF in
theater with all manner of stuff (portable media, entire systems, etc.) than
it is back here. And if you are where I think you are, you know that most of
the SCIF space over there are just converted palaces and bungalows (or tents)
with boarded up windows or tents with a jury rigged razor wire setup on top of
the concrete blast barriers or the back of a Trojan Spirit Hummer parked
outside of your hooch. Some places are tighter than others. But I was in
plenty of places in Baghdad where I didn't even have to dig my badge out of my
pocket to get on their systems.

Don't even get me started on the OPSEC surrounding access to SIPR systems.
"Yes, let's bring a wireless router back from the Hajji Mart and hook it into
our SIPR drop so we can bring our BALs out next to the fake pond and smoke
cigars while we put together targeting packages. That's a brilliant idea!" or
my personal favorite, the terrabyte shared drive full of porn that made it's
way around the FOBs so everybody could make a copy onto their WSSs. Yes,
that's a great use of the RAID'd SCSI disk array in that big green box.

I'd bet far worse exfiltration has happened just with the DCGS-A techs
replacing broken equipment and moving hard drives in and out of the SCIFs
under the watchful eye of the 20 year old contract security guys too busy
playing pocket tanks to bother with the paperwork.

The "guards" are your buddies you eat with in the DFAC. If you have the proper
ID you could bring a Caddillac full of blow up hooker dolls in and out of the
spaces without anybody batting an eye.

It's just "different" there because of the nature of the environment. CONUS,
if it takes six weeks for somebody to fill out the forms so I can get a disk
burned with a single email off of my JWICS account (that contains no
classified information at all)...that's fine. In theater, you just bring in
the disk and burn it off, or just stick it on a thumb drive, if the 6 is awake
you might toss a notice their way that you are bringing something out -- but
they'll most likely be doing something else. Most of the time you don't
bother. Every once in a while you bring out a whole big pile of stuff and toss
it in a vehicle and bring it out by the lakes or the river and burn it all
while drinking near beer.

I'll admit, in places where we're really well established, like Germany or
Korea, the situation is just like in CONUS. But it really is just different
there. Every so often somebody will come down on a unit hard for lax security,
but once they've left the FOB, the unit reverts back to watching movies off
the shared drive and playing pocket tanks pretty quickly. There's just other,
external pressures that people have to think about more there that people in
established duty stations don't have to worry about, like a mortar coming into
your hooch.

~~~
rdl
Yeah, I've definitely seem some seriously lax sites, but it's vastly better
than in 2004. The great anti-usb-flash jihad of 2008-2009 seems to have helped
a lot, at least on nipr and sipr.

The mitigating factor is that someone in a deployed environment is probably
more aware of the potential harm from letting slip (even unintentionally)
sensitive or classified information. i.e. mortar in the hooch.

~~~
elblanco
It was pretty rampant in 06 and 07 :(

> The mitigating factor is that someone in a deployed environment is probably
> more aware of the potential harm from letting slip (even unintentionally)
> sensitive or classified information. i.e. mortar in the hooch.

That _does_ seem to be the thinking/hope. But I guess as this example shows,
it's not foolproof. Also, it's hard to keep people motivated about security
protocols when their on their on their nth, multiple deployment.

I think that this problem applies to this case because it's obvious that the
other people at the site were not watching the house very well either.

(btw, keep your head down and good luck, I was there in 2006-2007 and learned
more during my deployment there than in the entire rest of my career).

~~~
rdl
It's definitely a great learning environment -- I've been doing this about 50%
from 2004 to now (I'm pretty sure this is my last trip, unless I get deployed
contracts for my product, which is always possible). It's almost tempting to
write a book, although for it to be interesting, it would either have to be
fiction set in this environment with lots of factual details (e.g. Tom
Clancy), or at least fairly fast and loose with the facts. A lot of
interesting stuff wouldn't be appropriate to publish, and a lot of the hyper-
accurate stuff would be boring.

~~~
elblanco
Wait a minutes....rdl......just checked your profile....now I know who you
are! I haven't seen much about you since '05ish, since Wired did the profile
on you. I actually asked around for your outfit for a while when I was over
there to see about getting sat service around BIAP in '06-'07 for a couple
buildings I was in. Crazy, this Internet -- small world and all that.

> A lot of interesting stuff wouldn't be appropriate to publish, and a lot of
> the hyper-accurate stuff would be boring.

What's the old saying? "War is long periods of interminable boredom followed
by intense moments of stark terror."

There is something really bizarre about _being_ there that's really hard for
people to understand via description or pictures or stories or articles --
taking rocket fire while standing outside a Taco Bell so you can pay $3 for a
taco, not even flinching because you know it's just one of 30 or 40 attacks
that day and the QRF will be in the air to handle the situation anyways, and
you've waited like 3 hours in line for this taco. Then you go back and watch
CNN or something and hear about the attack you were just in -- and think it's
getting boring, why don't they report something else? At least that's how it
was back then. It's always stuck with me you could buy a brand new 46" LCD TV
and a Wii to put at the foot of your bunk and a case of frozen steaks and
sunflower seeds, in an active war zone. I remember thinking, "the news is
describing where I am, but I can't seem to really relate it to what I'm
seeing".

I've heard it's calmed down tremendously in the last couple of years. Nowhere
near "safe", but not like at the end of '06 and the beginning of '07 by any
stretch.

> I'm pretty sure this is my last trip, unless I get deployed contracts for my
> product, which is always possible

Good luck with it. Our role there is changing very fast, wouldn't be surprised
to see very few contractors/civilians over there in the next 12-18 months.

~~~
rdl
I think 2011 is going to be the end (thankfully), and really summer/fall 2010
should be around the end. Iraq especially, but even Afghanistan -- I wouldn't
be surprised to see mainly-SF in Afghanistan, with some presence at BAF and
KAF, and maybe 30-50k total troops footprint, by 2012.

------
rbanffy
> Manning was turned in late last month by a former computer hacker with whom
> he spoke online. In the course of their chats, Manning took credit for
> leaking a headline-making video of a helicopter attack that Wikileaks posted
> online in April.

What part of "trust no one" didn't he get?

You simply don't take credit for something that pisses off the very people who
can throw you in jail and misplace the key.

It's a brave thing to do, the Right Thing to do, but it's also the thing you
write in your memories, for publishing after you die.

~~~
puredemo
Yeah, most 22 year olds probably don't get that.

