Manning Trial Probes Diplomacy Database

     FT. MEADE, Md. (CN) – The former chief technology officer of the State Department told a military judge Wednesday about the diplomacy database Pfc. Bradley Manning used to extract the largest load of U.S. cables ever made public.
     Published under the name “Cablegate,” these disclosures account for more than one-third of the files that Manning exposed.
     The 25-year-soldier said he hoped to shine a light on how the U.S. conducts diplomacy by leaking a large stash of low-sensitivity cables marked with a “SipDis” caption, indicating that they were low sensitivity and meant for wide government distribution.
     Charlie Wisecarver, the State Department’s former chief technology officer, explained how a low-ranking soldier stationed in Baghdad gained access to secrets from U.S. posts around the world, through the Net-Centric Diplomacy database.
     The Department of Defense spearheaded a program to disseminate State Department data more widely in the wake of the Sept. 11, 2001, attacks, he said.
     When first launched in 2003, the program was known as Horizontal Fusion, but it evolved three years later as the Net-Centric Diplomacy database, or NCD. Wisecarver said the idea was to have the military’s classified Secret Internet Protocol Router Network, or SIPRNet, disseminate State Department “information for the war fighter.”
     The contract to develop the system went to a private contractor called Creative Information Technology Inc., or CITI, he said. While Wisecarver did not specify the size of CITI’s contract, he acknowledged under cross-examination that it involved some “padding” of the budget.
     “They’ll shoot for the sky,” Wisecarver said. “They’ll put in as much as they can.”
     The value of the cables Manning leaked could impact his potential fine, sentencing exposure, or even whether he is convicted. To meet that element of their burden, however, prosecutors need only to prove that the database’s worth exceeded $1,000.
     After the release of “Cablegate,” State Department officials and major newspapers joined a chorus panning the NCD database for its vulnerabilities. The Washington Post titled its Dec. 31, 2010, article “WikiLeaks cable dump reveals flaws of State Department information-sharing tool.”
     Two months later, Susan Johnson, who heads the American Foreign Service Association, a union representing diplomats, praised the article and called for more study into the database’s funding, stakeholders and protocols the union’s newsletter.
     The State Department’s Deputy Inspector General Harold Giesel assessed only the vulnerabilities of the system in September 2012. The report indicated, “Progress in addressing the NCD weaknesses that made the WikiLeaks incident possible has been very slow.”
     Such criticism does not appear, however, to have soured CITI’s relationship with the State Department.
     A CITI press release dated Jan. 16, 2013, announced its involvement in formal launch of the department’s “Program and Project Management Community of Practice,” designed to increase collaboration between the military and civilian sectors.
     A State Department spokeswoman declined to comment on NCD’s alleged defects, or the department’s apparently continuing contracts with CITI.
     CITI CEO Sunil Kolhekar did not immediately respond to a request for comment left via voice mail.
     Meanwhile, Wisecarver’s testimony boosted Manning’s assertion that “SipDis” caption was intended for many government eyes. Defense attorneys assert that at least a million employees had access to them. The witness could not confirm these numbers, except to say that the State Department alone included 20,000 employees who could view them.
     More sensitive tags included “NoDis,” for no distribution; “ExDis,” for executive distribution; “Roger,” for intelligence distribution; and “TerRep,” for terrorism-related matters, Wisecarver said.
     Manning contends that he is innocent of “exceeding authorized access” to military servers, an element of multiple specifications in his charge sheet. Prosecutors claim that Manning hacked into servers, cracked codes and designed an automated process. Defense attorneys deny that occurred, and call it unnecessary given the unfettered access the systems provided.
     Indeed, the State Department’s resource branch manager testified in a stipulation that the digital trial recording Manning’s cable extraction did not contain the hallmarks of hacking.
     “There is no evidence to suggest that PFC Manning used any tools to defeat the firewall protection,” said Gerald Mundy, who analyzed the firewall logs.
     Manning’s charges also accuse him of putting “unauthorized software” on his military computers to pull off the leaks, including the file-grabbing freeware WGET. While defense attorneys acknowledge that he used this program, they say that the program was a common user tool that was not illicit or even exotic.
     Toward the end of the day, forensic analyst David Shaver confirmed his finding that Manning’s user profile downloaded the program on multiple occasions. He also found more than 149,000 connections with the military server in a single day.
     The military judge, Col. Denise Lind, asked if someone could pull off that many connections without the help of software.
     “Maybe if they were really dedicated, ma’am,” Shaver said. “They’d be clicking a lot.”
     Proceedings concluded with court entering into closed session to discuss classified information. The public and press do not have access to this testimony.
     Before trial, prosecutors estimated that roughly one-third of the proceedings would be closed, but Wednesday’s session marked the first time that court has been closed in more than three weeks of trial. Classified testimony may also be entered into a sealed record by stipulation.

%d bloggers like this: