PJ Media

WikiLeaks and U.S. Computer Security: The 'Second Spy' Theory

Whatever else it may have been, the disclosure of 250,000 State Department cables by WikiLeaks promises to provide material to the punditariat for weeks or months.

The revelations themselves were not all that surprising. The real news is — as with the Climategate files last year — that many of the most cynical explanations of what was happening turned out to be true:

— The U.S. really is tied in with an unstable and bipolar ally in Karzai, and works actively to keep him from damaging our interests.

— The global climate change conferences — like Copenhagen last year and Cancun this year — really are largely mercenary efforts by the UN, small countries, and qangos to extract cash from the developed world and use it to line their pockets and those of their friends.

— Under all the bureaucratic bafflegab of diplomacy, the State Department really does recognize that Russia’s government has been suborned into a kleptocratic oligarchy by ex-KGB officers who are unusually unscrupulous, even considering that organization’s sordid history.

In other words, the cables largely revealed that there remain people within the U.S. diplomatic establishment that actually are in touch with reality.

As someone who has been involved with intelligence for more than 30 years and with computer security for 25, however, the professionally interesting point is: “How did it happen?”

Let’s start by recalling some of the basics of the whole arcane mechanism of classification. The classification system in the U.S. grows out of two basic axioms: first, you work hardest to protect the material that can cause the most damage; and second, the one way to be certain someone can’t reveal a secret is to make sure they don’t know it.

The first rule leads to the sensitivity levels: TOP SECRET, SECRET, CONFIDENTIAL, and UNCLASSIFIED. Those levels define how much damage could be expected if the classified item were revealed.

The second rule leads to the notion of compartmentalization: classified items have various other terms attached, indicating limits on who should have access. In the WikiLeaks State cables, the cables themselves range from SECRET to UNCLASSIFIED, and the most common compartment is NOFORN: “no foreign dissemination.” Compartmentalization is part of an overall philosophy called “need to know”: you shouldn’t know something unless you need it, and so you shouldn’t have access to it unless someone with responsibility for the classification agrees you should.

To make this whole process easier, each paragraph is labeled with initials in parentheses. So, if you see a paragraph in the cables labeled (U) it means that paragraph was considered UNCLASSIFIED; (S//NF) means “SECRET NOFORN.”

The whole system of classification depends on two things: making it hard to get sensitive information, and making sure as few people as possible do know a particular piece of classified information by using “need to know” rules and their formalization in compartments.

According to the press coverage, the only suspect is one Pfc. Bradley Manning. Manning had been an intelligence analyst supporting the 10th Mountain Division. Manning bragged about having passed information to WikiLeaks to Adrian Lamo, previously famous for having cracking into the New York Times‘ internal systems. Lamo turned him in.

The story, as reported by the Guardian, is that Manning gathered the information on SIPRnet — a U.S. government sharing network for data at SECRET and below — then loaded it on writable CD-ROMs that he brought into his work area saying they contained Lady GaGa music.

The problem here: this explanation raises many more questions than it answers.

First is the “need to know” question. Manning had been a E-4 Specialist (same pay grade as a corporal) analyst — he was busted to PFC for unrelated reasons — and would have had access to intelligence in theatre. It seems inconceivable that he would have access to worldwide diplomatic cable traffic. The Guardian story’s answer is that these cables were being dumped into SIPRnet as part of a 9/11-inspired attempt to make information available, and thus avoid the problem of people not “connecting the dots.”

Perhaps. But the other side of that argument is what’s known as the “aggregation problem” in computer security: the more information you collect together, the more you can learn. As we’re seeing in these leaks, you can infer some very sensitive stuff from a lot of relatively low-level information. Are we really giving any random person with a SECRET clearance access to this much information, including video of Baghdad firefights and Special Forces operation reports?

Second, there’s the way Manning is said to have gotten the information out of his secure area. According to the Guardian, Manning brought in some rewritable CD-ROMs with music, erased the music, copied the data to the CD-ROMs, and walked back out with them.

If so, there is an ex-officer from his unit who is now counting socks in Thule, Greenland, or should be. Secure areas have a very straightforward rule on such things: media may come in, but it can’t go back out. (In fact, when I worked in a secured area, we even had to lock up our typewriter ribbons and platens.)

But this seems unlikely, because the DoD had forbidden people to even bring CDs and thumb drives in to secure areas in 2008.

As CNET reported:

The U.S. Department of Defense has temporarily banned the use of thumb drives, CDs, and other removable storage devices because of the spread of the Agent.bzt virus, a variant of the SillyFDC worm, according to Wired.

This explanation isn’t completely implausible. Not completely. If it’s true, it appears that it means general breakdowns in the methods by which the U.S. has protected classified information since the First World War, as well as violating explicit policies and procedures.

Of course, there’s another explanation: someone at a higher level of trust than Pfc. Manning is the real source, and Manning is just a convenient fall guy.

We can draw a picture of that source, just from what we know already. The source has access to diplomatic cable traffic, U.S. war reports, and even gun sight video across both major theaters of the war. Compartmentalization puts that person back inside the Washington, D.C., theater.

State’s diplomatic traffic is transmitted over their own networks; NSA, as the government’s cryptography arm, has some control of the implementation of that network, but State jealously guards its right to manage those networks. It’s possible someone at NSA would have access to all this, but NSA is a collection organization, not an analysis organization.

Analysis is done largely at CIA, but State also has people who look at, summarize, and digest the cable traffic — someone has to make it usable to the upper level diplomats, as there’s just too much to deal with in raw form.

It seems to me that our ideal other source would be someone with broad access, either at CIA, in the Department of State, or in the national security apparatus in the White House.

Countering this, of course, is Manning’s confession to Lamo. Lamo’s chat log of the discussion has been released, and it does seem as if Manning is claiming to have done it himself — but he also is cagey about it, and looking at the whole chat, it’s clear Manning is a very troubled young man. Might he be suggesting that he wasn’t the original source somehow?

So here’s the dilemma: If Manning really is the perpetrator, then there have been massive screw-ups, top to bottom, in the U.S. government’s management of classified data. If not, if Manning had a co-conspirator or if he’s the fall guy for someone else, then there may be someone who still has access to these networks, just waiting for the heat to come off in order to strike again.

And, of course, there’s another aspect to this “second spy” theory. Michael Savage, among others, has suggested this was a political “hit” by Obama insiders against Hillary Clinton, trying to block her from a primary challenge in 2012. I’m not a big fan of Savage; I’m not pleased to find myself entertaining what seems, at first, to be a fairly squirrelly conspiracy theory. But think of what’s followed: Assange has explicitly called for Secretary Clinton to be fired or resign; Hillary herself said since these cables leaked that this will be her “last public job.”

Both of these notions are speculation, and either one is troubling. Hopefully, with the new incoming Congress, the question of what really happened will be fully investigated.

WikiLeaks has certainly done harm to the United States and our interests, although I suspect it’s actually been less than previous releases of action videos and war logs.

Honestly, the deepest revelation seems to have been that the State Department really does operate cynically, for political motives, and I personally find that perversely reassuring. It’s better that then the other possible explanation — that State is full of delusional fools.

Nor do I imagine that the revelation that we say harsh things about our allies in internal documents caused much real disturbance, although the assumed outrage will undoubtedly be regurgitated in high-level posturing for the many years to come. But as Secretary Clinton has reported, the off-the-record response was: “Don’t worry about it, you should see what we say about you.” These people aren’t children.

What should really disturb us is the implications — not for our diplomacy, but for the competence and effectiveness of our own counter-espionage. There are really two possibilities: we’ve either, in the name of “sharing,” completely forgotten all the lessons that have been learned, at great cost, over the “War Century”; or there is someone else, with much broader access that Pfc. Manning, who was really behind this leak. And either conclusion should scare us silly.