WikiLeaks and U.S. Computer Security: The 'Second Spy' Theory
Whatever else it may have been, the disclosure of 250,000 State Department cables by WikiLeaks promises to provide material to the punditariat for weeks or months.
The revelations themselves were not all that surprising. The real news is -- as with the Climategate files last year -- that many of the most cynical explanations of what was happening turned out to be true:
-- The U.S. really is tied in with an unstable and bipolar ally in Karzai, and works actively to keep him from damaging our interests.
-- The global climate change conferences -- like Copenhagen last year and Cancun this year -- really are largely mercenary efforts by the UN, small countries, and qangos to extract cash from the developed world and use it to line their pockets and those of their friends.
-- Under all the bureaucratic bafflegab of diplomacy, the State Department really does recognize that Russia’s government has been suborned into a kleptocratic oligarchy by ex-KGB officers who are unusually unscrupulous, even considering that organization’s sordid history.
In other words, the cables largely revealed that there remain people within the U.S. diplomatic establishment that actually are in touch with reality.
As someone who has been involved with intelligence for more than 30 years and with computer security for 25, however, the professionally interesting point is: "How did it happen?"
Let's start by recalling some of the basics of the whole arcane mechanism of classification. The classification system in the U.S. grows out of two basic axioms: first, you work hardest to protect the material that can cause the most damage; and second, the one way to be certain someone can't reveal a secret is to make sure they don't know it.
The first rule leads to the sensitivity levels: TOP SECRET, SECRET, CONFIDENTIAL, and UNCLASSIFIED. Those levels define how much damage could be expected if the classified item were revealed.
The second rule leads to the notion of compartmentalization: classified items have various other terms attached, indicating limits on who should have access. In the WikiLeaks State cables, the cables themselves range from SECRET to UNCLASSIFIED, and the most common compartment is NOFORN: "no foreign dissemination." Compartmentalization is part of an overall philosophy called "need to know": you shouldn't know something unless you need it, and so you shouldn't have access to it unless someone with responsibility for the classification agrees you should.
To make this whole process easier, each paragraph is labeled with initials in parentheses. So, if you see a paragraph in the cables labeled (U) it means that paragraph was considered UNCLASSIFIED; (S//NF) means "SECRET NOFORN."
The whole system of classification depends on two things: making it hard to get sensitive information, and making sure as few people as possible do know a particular piece of classified information by using "need to know" rules and their formalization in compartments.
According to the press coverage, the only suspect is one Pfc. Bradley Manning. Manning had been an intelligence analyst supporting the 10th Mountain Division. Manning bragged about having passed information to WikiLeaks to Adrian Lamo, previously famous for having cracking into the New York Times' internal systems. Lamo turned him in.
The story, as reported by the Guardian, is that Manning gathered the information on SIPRnet -- a U.S. government sharing network for data at SECRET and below -- then loaded it on writable CD-ROMs that he brought into his work area saying they contained Lady GaGa music.
The problem here: this explanation raises many more questions than it answers.