Wednesday, August 11, 2010
What is in insurance.aes256 and What is it For?
“I would come in with music on a CD-RW labeled with something like ‘Lady Gaga,’ erase the music then write a compressed split file,” he wrote. “No one suspected a thing and, odds are, they never will.”
“[I] listened and lip-synced to Lady Gaga’s ‘Telephone’ while exfiltrating possibly the largest data spillage in American history,” he added later. ”Weak servers, weak logging, weak physical security, weak counter-intelligence, inattentive signal analysis … a perfect storm.”
There were at least two failures of security here. He had access and permissions to use the DVD burner on his analyst system and he had a way to backup files to a CDRW. (Windows has this ability by default without the need of third party software like Nero.) Army physical security let him leave a secure facility without noticing that he brought a rewriteable CD to work in a secure facility. The first problem could have been solved by physically removing the DVD burners or enabling a software policy to disable the device. The second problem is more difficult to solve. It is difficult to police what goes in and out of a facility unless those items are banned from the workplace which evidently they weren't. They likely are now, though. I am guessing that USB drives were banned or locked down which necessitated the need to burn backup CDs or DVDs. No information went out over a secure network that we know of, and likely never did. He could have mailed the CDs or DVDs to whomever he pleased or found a way to transfer them to Wikileaks securely without being discovered or having the information compromised.
Network monitoring programs do not do a good job of intercepting and breaking encrypted communications. Sure, one can see the traffic, but assembling and decrypting it is another story unless you have the cryptographic keys. The NSA and other agencies have likely made some headway in this area, but if you are a guy like Brad Manning, you know the strengths and weaknesses of the systems that you are trained on. He avoided all of those traps by not using those networks to transfer files and made the IT Security and system administrators of a highly secure facility look like idiots. (To be fair though, insider threats are difficult to counter and are the most damaging. This still shows that military networks are not very well compartmentalized, thanks Microsoft!) He did this theft over some period of time which means he could have smuggled out gigabytes worth of information. Documents would not take up a lot of storage, but videos would. My guess is that he has smuggled out more than a few video files along with countless documents, and that most of his evidence is likely video files. We know of video evidence of at least one incident being suppressed. Perhaps that is all he smuggled out. Only he, Wikileaks, and the military know for sure. But we know from Pat Tillman's friendly fire death, that other cover ups have happened. So, it is possible that he's got the government and DOD in a bind and they are proceeding carefully until some accommodation can be reached or the threat of embarrassing disclosure is nullified. This would explain the initial outrage of the administration followed by complete silence. We've heard nothing about his incarceration or court martial. It's being kept very low key for now.