Is Tehran Turning Its Back On the World Wide Web?

Doug Bernard | Washington DC

For years, the Iranian government has been threatening to pull the plug on the world wide web, sealing the nation and its people off from the rest of the Internet. Officially, Tehran says it wants to create a “halal” Internet, or one free from outside “impurities” or temptations. Unofficially, it’s believed the ruling clerics are uncomfortable with the free flow of news and opinions coming from outside Iran, and how democracy advocates inside the nation have used the web to organize. Periodic cyber-attacks, like the Stuxnet virus, only compound the worries.

Very often these threats would rise and fall in close relation to national events, such as upcoming elections or rumors of national protests. For example, earlier this February, with elections nearing, there were renewed rumblings about pulling the country offline. Additionally, the official Iranian office of cyber-police issued new rules requiring online cafes to install video cameras and ask for identification before letting anyone on the net. The government also stepped up efforts to block social network sites like Facebook and Twitter, and slowed Internet traffic to a trickle. Then once the elections passed, the pressure and rhetoric subsided. Just as in years past.

Google traffic report on Iran showing major, but short-lived constriction of Internet traffic

Now, those threats appear to be ramping up once more. Last week, the government announced a prohibition on all banks, telephone companies and other commercial enterprises from using foreign-based email service for its communications. According to the rule, those firms may now only use email services with the .ir top-level domain, effectively banning Gmail, Hotmail and many others. Then on Monday, the semi-official Mehr news service announced that Iran’s main oil terminal on Kharg Island was being taken offline for an unknown period of time due to a cyber-attack.

A source at the National Iranian Oil Company told Reuters that a virus had been detected inside the terminal’s command and control systems, but offered little other information. Of course it’s been impossible to independently verify what actually happened at the Kharg facility. But given Iran’s experience with Stuxnet, and later with the Duqu virus, a new infection at Kharg is a real possibility.

The larger question is whether this is just another momentary squeezing of the Internet, or a sign that officials are seriously working to take their nation off the web. If they can, that is.

Recently web researcher Collin Anderson unearthed a Persian-language request from the Iranian government for help in building a more robust Internet filtering system. “I believe this clearly demonstrates that the Iranian government does not intend on cutting off access to the external Internet time soon,” Anderson told Cyrus Farivar of Ars Technica:

“This might suggest that the government has not been able to acquire the services of foreign companies for planning and optimizing an infrastructure. This is surprising for those, including me, who believe that much of the censorship software and hardware was being developed internally. The RFI seems to imply the desire to move beyond blacklisting sites and keywords, to a more intelligent system of detecting and blocking ‘immoral’ content, such as pornographic or culturally offensive material.”

As frustrating as filtering can be, it’s still a long way off from taking an entire country offline. Only North Korea has severed all ties with the web and built its own intranet, called ‘Kwangmyong’, or ‘bright’ in Korean. And Egypt’s more recent experience with pulling the plug even for just a few days might be enough to persuade Iranian leaders about the potential negative impacts.

It’s a lesson that perhaps even Iran’s supreme leader, Ayatollah Khamenei, could stand to learn. As our colleague Golnaz Esfandiari points out, his recent fatwa against using anti-filtering software in Iran was itself filtered – by Iranian web blocks.

Rogue “Info Ops” Agents Go After The Wrong Target

Doug Bernard | Washington DC

As many have learned the hard way, protecting your reputation online can be difficult. The way the web works, once just one person publishes something bad or inaccurate about you, it lives forever in the net’s cache. Should you be unfortunate enough to have someone, or even a team of people, who know their way around the Internet writing malicious things about you, it can be impossible to ever fully correct the record. Bad stuff tends to thrive online.

Just ask Tom Vanden Brook or Ray Locker. They’re both reporters at USA Today; Vanden Brook covering the Pentagon for the paper since 2006, and Locker the White House and other agencies. Recently they teamed up to explore what the Pentagon calls “information operations” in places like Iraq and Afghanistan. A term of military art, “Info Ops” is frankly just another phrase for propaganda: the transmission of information, factual or not, with the specific goal of changing beliefs. “Winning the hearts and minds,” as President Lyndon Johnson was fond of saying during the Vietnam war.

USA Today reporter Tom Vanden Brook

Vanden Brook and Locker began digging into the effectiveness of current Pentagon information operations in overseas war zones, and their overall assessment was not positive. “U.S. info ops programs dubious, costly” read the headline in the February 29th story. “From 2005 to 2009, such spending rose from $9 million to $580 million a year mostly in Iraq and Afghanistan, Pentagon and congressional records show,” they write:

“Last year, spending dropped to $202 million as the Iraq War wrapped up. A USA TODAY investigation, based on dozens of interviews and a series of internal military reports, shows that Pentagon officials have little proof the programs work and they won’t make public where the money goes. In Iraq alone, more than $173 million was paid to what were identified only as “miscellaneous foreign contractors.”

In particular, the reporters ask hard questions about one of the Pentagon’s largest info ops contractors, Leonie Industries. The firm, they write, was founded in 2004 by a brother and sister team “with no apparent experience working with the military.” Of the $130 million dollars in awarded contracts, the reporters conclude there is little to no oversight, and uncertainty about Leonie’s effectiveness. Worse still, the founders Camille Chidiac and Rema Dupont together owed more than $4 million in unpaid taxes.

Leonie responded quickly. “As of March 23, 2012 all tax obligations for Leonie’s owners have been met,” read the curt post on the firm’s blog.

Locker and Vanden Brook kept digging. “Pentagon defends millions to contractor despite unpaid taxes” read the next story on April 16, detailing congressional calls to garnish Leonie’s contracts and increase oversight.

Around the same time, the two reporters began to notice something odd. Twitter accounts purporting to be them popped up, as did Facebook pages, and even websites like www.raylocker.com. These fake accounts began to post messages and stories that, to put it mildly, cast the reporters in a negative light. Needless to say, neither Locker nor Vanden Brook had any connection to these phony accounts.

Then on April 19, in a little noticed story, USA Today reporter Gregory Kane wrote “A USA TODAY reporter and editor investigating Pentagon propaganda contractors have themselves been subjected to a propaganda campaign of sorts, waged on the Internet through a series of bogus websites.” Kane and his colleagues worked to track the origins of the campaign: when it began and who was behind it. Kane concluded:

“Internet domain registries show the website TomVandenBrook.com was created Jan. 7 — just days after Pentagon reporter Tom Vanden Brook first contacted Pentagon contractors involved in the program. Two weeks after his editor Ray Locker’s byline appeared on a story, someone created a similar site, RayLocker.com, through the same company.  If the websites were created using federal funds, it could violate federal law prohibiting the production of propaganda for domestic consumption.”

The websites, fake social media accounts and other mischief, such as altering Wikipedia entries, all painted the journalists in a negative light. Some posts suggested that the two were working in cooperation with the Taliban. In other words, someone with motive was trying to smear Vanden Brook and Locker.

Although a Pentagon spokesman denied any knowledge of any such operation, it didn’t take long for fingers to point back to defense contractor Leonie Industries. Among those pointing were Gawker‘s John Cook:

“Oddly, the USA Today story on the mischief names only “Pentagon contractors” as likely culprits. But a source familiar with the story confirms that the contractor responsible is Leonie Industries, an information operations company with more than $90 million in Army contracts in Afghanistan.”

Cook doesn’t name his source, and says that Vanden Brook told him via email that he didn’t know who was responsible for the smear campaign. Numerous calls and emails from VOA to Leonie went unanswered, however the company on April 24 posted the following to its corporate blog:

“Leonie condemns the activities described in the article. While Leonie has no reason to believe that any employee was involved in this activity, an internal investigation is being conducted to determine whether any employee was so involved. If that investigation determines that there was such involvement, appropriate action will be taken.”

Graphic image from Leonie Industries webpage

At present, the two bogus websites are blocked, and the fake social media accounts have gone dark. But that doesn’t mean that they haven’t done damage, or that the story ends here. Vanden Brook called the campaign “creepy” and Ray Locker told the Washington Post‘s Erik Wemple it was “something I’ve never experienced in thirty years.” Since last week, the story has gone quiet, but it’s a guarantee that more reporters now are paying attention to “info ops” and online smears, at home or abroad.

In 2011, the Leonie Group won 12 Defense Department contracts for a total of $92, 324, 165.  They won their first DoD contract in 2008, and since then have been awarded a total of $145, 190, 686 dollars. Of the 2011 contracts, funds were spent in three countries: Iraq, Afghanistan and Colombia. For the first two, services provided were listed as “other professional services” while for Colombia they were “training and curriculum development.”

Leonie describes itself as a “strategic communication and mission support” firm with offices in Washington, Los Angeles, Tampa, Baghdad and Kabul. Among the services offered:

“Consulting with our clients to understand your messaging goals and objectives, we research and analyze how we can best reach your target audience, maximizing effectiveness by intrinsically understanding the environment before coordinating, integrating and disseminating your communications campaign via TV, radio, print, digital media and other creative channels.”

In corporate terms, “strategic communication.” In military terms, “information operations.” In plain English, propaganda.

The Pentagon, like every other military organization, has long used various forms of propaganda, at home and overseas. However, early in the 20th Century, Congress and the White House sought to curb or eliminate any U.S. government propaganda that might be aimed at U.S. citizens.

For example, 5 U.S.C., Section 3107, passed in late 1913, states: “Appropriated funds may not be used to pay a publicity expert unless specifically appropriated for that purpose.” The Smith-Mundt Act of 1948 further defined what types of communications the U.S. government could have with those overseas, and within the United States. [Full disclosure: the Voice of America and its parent organization, the Broadcasting Board of Governors, are also bound by this measure not to actively distribute any material to a U.S. audience.] And further various appropriations measures through the years, like 2004′s omnibus spending bill, prohibit funds to be used “…for publicity or propaganda purposes within the United States not heretofor authorized by Congress.”

This means that if any U.S. tax funds, equipment or personnel were used, knowingly or not, in constructing the smear against the two USA Today journalists, it would very likely constitute a violation of federal law. Both the Pentagon and Leonie say investigations are underway. In any event, the smear appears to have backfired badly.

So here’s the ironic bow on the package: what began as a story about the questionable effectiveness of propaganda overseas is turning now into questions about its use at home. And what started as an effort to tarnish the public image of two journalists may end up dimming the reputation of those firms that try to control it.

The Whens, Hows and Whys of Digital Conflict

This is the first of a series of Digital Frontiers features, exploring how international tensions translate to the online world.

Doug Bernard | Washington DC

On January 17th, 1991, as the 34-nation coalition of Operation Desert Storm prepared for its first aerial bombardment of targets in Iraq, the U.S. military sprung a surprise.

Iraqi radar screens suddenly blinked and went dark, momentarily blinding Saddam Hussein’s military. The “Kari” radar control system had been infected with a computer virus, planted and controlled by the Pentagon. “It was a French system,” notes intelligence historian Matthew Aid of the Iraqi radar control. “They gave us the schematics and we found a way to insert some buggies into their system as the first wave of American bombers streaked toward Baghdad.”

It worked brilliantly. Iraq’s defenses were paralyzed, allied bombers faced no serious opposition, and the U.S. became the first-ever nation to launch a documented cyber-attack.

Since then, war and conflict – like many other things – have increasingly moved online. In Kosovo, Lebanon, Estonia, Georgia and elsewhere, digital weapons have been deployed to create mischief, havoc and damage. Now, as tensions rise between Iran and the U.S. and Israel, serious questions are being asked about whether the coming months may bring a new cyberwar, and what it may mean for the world.

A Departmenf of Homeland Security official at work at the cyber defense command center (AP Photo/Mark J. Terrill)

Cyber-Doom or Cyber-Hype?

“The term cyberwar is really just a marketing gimmick,” says Aid, whose book “The Secret Sentry” is considered the definitive history of the super-secret National Security Agency, or NSA. Aid says there’s no clear definition of what online war is because, by its very nature, it defies clear definition:

“There’s offensive war, which runs the gamut from hackers trying to steal your banking information, but also the use of intelligence agencies such as the NSA hacking into the governments of foreign nations and terrorist organizations to find out what their intentions and capabilities are. Then there’s the defensive side, with varying government agencies squabbling about who has the authority to defend American corporations and citizens from cyber-attacks from abroad. There was no one term, so they slapped the label ‘cyberwar’ on it.”

Among those who have embraced the term is Richard Clarke, former counter-terrorism adviser on the National Security Council and author of the best-selling “Cyber War.” Since its publication in 2010, Clarke has popularized the phrase and warned the public about the risks of online warfare with a series of worrisome predictions. “A cyber-attack could disable trains all over the country,” he recently told Fresh Air radio host Terry Gross:

“It could blow up pipelines. It could cause blackouts and damage electrical power grids so that the blackouts would go on for a long time. It could wipe out and confuse financial records, so that we would not know who owned what, and the financial system would be badly damaged. It could do things like disrupt traffic in urban areas by knocking out control computers. It could, in nefarious ways, do things like wipe out medical records.”

Planes could fall from the skies, says Clarke; water systems could be flooded with sewage and panicked mobs could run riot. More alarmingly, he claims all this could happen in just 15 minutes.

Pretty scary stuff.  So scary, in fact, that Clarke’s 15 minute claim has led the University of Utah’s Sean Lawson to coin his own somewhat mocking term: “cyber-doom.”

“Things are exploding, planes are crashing, thousands of people die,” says Lawson of predictions of digital apocalypse. “And of course in reality we haven’t seen any cyber-attacks that come anywhere close to causing these kinds of impacts.” Lawson chides those like Clarke who frighten the public with a combination of worst-case events and a mish-mash of Internet jargon. War is war, he says, and no nation has ever yet launched a digital war on another:

“The conflation of lots of very different kinds of threats into one sort of umbrella term of cyberwar is actually a rhetorical tactic that’s used to try to help motivate a response. We get very ambiguous in our use of language.  But also we’re getting sloppy with our use of terms like war and attack. In this way of thinking, it’s not just physical damage against property or damage or injury caused to people or death and destruction that are the key components of war, but now stealing information or taking down a website or defacing a website gets lumped under the term war. Which really cheapens what the word war means.”

To be certain, everyone we spoke with for this piece, Lawson included, agrees that digital weapons exist and have been used. Nearly all observers now believe that Russian authorities, working unofficially with crime rings and patriotic youth groups like the Nashi, launched significant attacks on Estonia and Georgia, crashing computer systems and creating short-term Internet mayhem. The hacker-hive Anonymous targeted various autocratic Arab regimes, most recently stealing a cache of private emails and embarrassing documents from Syrian President Bashar al-Assad. And of course in 2010, Iranian centrifuges, used in nuclear fuel processing, were damaged by the “Stuxnet” virus – an attack that no-one has yet claimed responsibility for.

But scenarios of full blown digital disasters, like Clarke’s, can make for jumpy nerves. And that can lead to bad assumptions.

Notoriously Interconnected…and Wrong

Consider the case of a water treatment plant in Springfield, Illinois. On November 8th last year, a critical water pump at the plant failed, temporarily shutting down operations (the name of the plant has not been released publicly.) Little more than a week later, state officials blamed cyberterrorists and warned of more Stuxnet-like attacks.

“This is a big deal,” blogged Joe Weiss, president of Applied Control Solutions and a self-identified control-system security expert. “It’s arguably the first case where we’ve had critical infrastructure targeted by people outside the US and equipment damaged as a result. But the really big issue is that someone hacked…just to get at the user-IDs and passwords for the utilities that were its customers.” Illinois officials pointed the finger at Russia.

Except Weiss and the terror officials were wrong. It turns out the pump just failed, and that by coincidence a contract worker at the plant logged into its control system while traveling in Russia. The error was quickly pointed out, but consider for a moment: even if true, Illinois couldn’t retaliate against a foreign nation. The United States can. If the same thing happened amid heightened public jitters, with officials blaming Iran and an increasingly bellicose Persian Gulf, the U.S. military could possibly have responded – with either digital bombs or real ones.

The lesson: industrial, financial and communications digital systems are notoriously interconnected on the Internet; often in ways that aren’t apparent. And tracking down those responsible for attacks is even more complicated.

“You just may never know,” says Stewart Baker. “One of the problems with our industrial control systems is there’s no forensic, look-back capability. If it blows up, pretty much all you know is it blew up.”

Baker is a former Asst. Secretary of Homeland Security and currently a partner at the legal firm Steptoe and Johnson. Baker says a large-scale attack on the U.S. could be devastating (although probably not reaching “cyber-doom” levels.) But, he says, such an attack is unlikely since the Department of Defense announced its new cyberwar policies in 2011, giving itself a free hand to respond to an Internet attack in any way it sees fit, including blowing things up for real.

Cover of The Economist, warning of digital doom

Just this week The Washington Post‘s Ellen Nakashima had the eye-opening story “Pentagon Ups Ante on Cyber Front.” Nakashima reports that the Pentagon is “accelerating efforts to develop a new generation of cyberweapons,” that could disrupt adversaries in a variety of ways. However few specific weapons are discussed in the story, which is not surprising considering the nature of Internet combat.

“You pretty much only get to use these weapons once,” says Baker, noting that after a specific device like Stuxnet is deployed, it’s quickly countered by computer engineers. For his part, Baker likens cyberweapons to the first airplanes used in the First World War – as instruments primarily of surveillance:

“In order to plant a cyber-weapon you have to break into somebody’s electronic systems. If you’re in their systems, you might as well gather intelligence about them first. I hope we’re breaking into the systems of nations we think are likely to be adversaries, and I would think it would make sense for us to try to take over those systems and make them work for us. Iraqi generals got messages over their secure networks telling them how to surrender. That has a profound psychological impact. I’m not sure that’s a weapon, but it sure works. Whether we go beyond that and start breaking things, as we’ve realized the shoe can be on the other foot; we’ve gotten much more cautious about that idea.”

Iran and the Online Battlefield

Debate about what it actually looks like aside, digital battle has its limits. For example, in 2001, when the U.S. military was preparing to battle the Taliban, cyberwar was considered. However, says Matthew Aid, “We tried to use it in Afghanistan but we found the Taliban’s computer systems were so antique that cyberwar didn’t work.”

Or take 2003, when the U.S. invaded Iraq. While the radar-bug trick had worked in 1991, it didn’t work this time. Nor would other possible options, writes Charles Smith:

“Military officials had planned to attack the Iraqi banking and financial network during the opening phase of the USAF campaign against Saddam Hussein. However, planners later rejected the idea because the Iraqi banking network is linked to a financial communications network located in France. According to Pentagon sources, an information warfare attack on the Iraqi financial network might also bring down banks and ATM machines in Europe as well.”

Different theaters of war require different weapons, and potentially different rules, says former Department of Homeland Security Asst. Secretary Stewart Baker. “There are people today who believe that war is evolving in such a way as to allow very detailed rules as to what warriors can do,” he says. However:

“The real law of war, putting aside political constraints, tends to be much more ad hoc. It is the things that both sides decide they are not prepared to do. And usually that’s a mix of humanity, basic morality, and hard-headed assessment that it won’t do much good but will cause massive pain if the enemy does it to you. I’m sure there are plenty of international law professors who would be appalled at what I just said, but I do think when you’re in an existential struggle, the ‘law of war’ is very much based on what did the other guy do to me, and am I willing to do that back to him.”

So what weapons might Iran, Israel and the U.S. possess, and what could a battle look like? Answering that is one part intuition, one part experience, and a whole lot of guess work.

“The Iranians…have a fairly robust cyberwar capability,” says Matthew Aid. “If they think the threat is real, they could unleash the weapons that they have available to them in sort of a preemptive mode, or in a post-attack retaliatory mode. There are a couple universities outside Tehran that specialize in real-time research into cyberwar, offensive and defensive. My concern is that if the Iranians think the balloon is about to go up they could launch that capability.”

Listening devices at Fort Meade, with the NSA headquarters in the far right background

In small-level hacks, both Iran and Israel have demonstrated skill at fouling up each others online activities. But Baker and Aid agree both nations probably possess far more potent “logic bombs” and other digital weaponry they haven’t yet used. A genuine online war between the two could get ugly very quickly.

That said, the battles might actually begin small. Think online skirmishes between angry bands of nationalist hackers, busting into systems and defacing websites, but doing no serious long-term damage. Or perhaps, says Matthew Aid, should Israel decide to strike Iranian targets, it might begin with online operations to knock out crucial defense systems, “…like the artillery barrage before the cavalry goes up the hill.” That, cautions professor Sean Lawson, would probably elicit a response from Iran, and soon after from allies like Hezbollah, Syria and possibly even North Korea. And if that were to happen, hacker havens like Russia, China and those in Europe and North America might soon join the fray. One genuine danger of cyberwar, says Lawson, is how quickly it could spread around the globe.

Another possibility is that the U.S. may then punch first, yet most agree that’s unlikely. More probable is a punch back with undetermined weaponry, followed up with proxy attacks on a wide range of targets. Or perhaps, if a more severe conflict were in the offing, digital warriors might try to disable the FALCON and Gulf Bridge International submarine communications cables – the primary links between Iran and the rest of the digital world. That, however, could also affect Kuwait, Bahrain and other Persian Gulf nations. Like we said, everything on the Internet is connected to something else.

Whatever the tools at hand, everyone agrees the U.S. has the most sophisticated digital weaponry available. And if the Pentagon were to hit Iran online, it would probably start from Fort Meade, Maryland – home to the U.S. Cyber Command and the NSA. If the past holds true, any digital weapons launched from there would serve mostly as a support function for other military activities – much like blinding Iraq’s radar before aerial bombardment. “Like all weapons, you use the mix of whatever you have available to you in order to ensure maximal effect,” says intelligence historian Matthew Aid. “If you put a little bug into someone’s air defense system, it makes a big difference. If the computer tells the radar systems to suddenly drop, take a nap, that makes the job of the bombers that much easier.” But then again, the world has yet to see the full arsenal of computer bombs and digital missiles on display.

The University of Utah’s Sean Lawson agrees that online combat, in any of its many forms, could deliver a hard blow to the U.S. or its adversaries. But those, like Richard Clarke, who warn of a “cyber Pearl Harbor” or “digital September 11th” are missing the mark, he says.

“We’ve heard this story before, we’ve heard it for a long time. When you add in the fact that a lot of people who are trumpeting cyber-war the loudest also have a bureaucratic, institutional or economic stake in getting us to believe these things. That’s not to say there aren’t threats; we seen a lot of instances of private intellectual property being stolen, we’ve seen instances of espionage. What I’m concerned about is the use of doom scenarios and inflated hype that might cause us to over react, or under react, because we’re focusing on the worst possible cases.”

An Internet Pirate Sinks His Comrades

Doug Bernard | Washington DC

For a while, it seemed that the hacker group with the silly name was running rings around the FBI. In the end, however, it appears it was the FBI running the show.

The Lulzsec mascot, in his salad days

In the summer of 2011, LulzSec – supposedly short for “Lulz Security” – erupted out of nowhere and began a flashy string of hack attacks. They successfully went after major targets such as the Sony Corporation (which was forced into a public apology,) the U.S. Senate, PBS, and even the CIA. Their targets seemed to pop up randomly and their boastful Twitter feed became a must read for anyone interested in cyber security. For about two months, LulzSec was the “It” girl of hackers.

Then came the public questions as to whether LulzSec was a group of disgruntled Anonymous hackers, and whether the two groups were fighting with each other.  Unlike Anonymous, which tended to target opponents more for ideological reasons, LulzSec seemed happy to embarrass anyone, releasing reams of private information and generally making a lot of mischief on the web for, in their words, “…the lulz.”

Yet before anyone could answer these questions, LulzSec disappeared. “It’s time to say bon voyage,” they posted on their website (now removed.) “Our planned 50 day cruise has expired, and we must now sail into the distance, leaving behind – we hope – inspiration, fear, denial, happiness, approval, disapproval, mockery, embarrassment, thoughtfulness, jealousy, hate, even love.”

And just like that, LulzSec was gone. Or were they?

In late July, “AnonymousSabu”, thought to be one of LulzSec’s founders, threatened more hacks and new collaborations, either with unnamed media outlets or, possibly, with other hacker offshoots like AntiSec or AnonOps. A week later, once again, LulzSec seemed to disappear, but this time with no public flourish or smart-mouthed braying. Now we may know the reason why.

On Monday, March 6, the FBI arrested five individuals (one in the US, two in Britain and two in Ireland) that it says were involved in the LulzSec hacks. Further, according to documents unsealed in court, 28-year-old Hector Xavier Monsegur, a.k.a. “AnonymousSabu,” and LulzSec leader, has been cooperating with the FBI since August, turning over evidence and setting traps to snare his former LulzSec conspirators.

“As a result of Monsegur’s cooperation, which was confirmed by numerous senior-level officials,” reports Fox News, “the remaining top-ranking members of LulzSec were arrested or hit with additional charges Tuesday morning.” Jana Winter of Foxnews.com, in a sidebar feature, writes that Monsegur pleaded guilty August 15, 2011 to ten charges related to his hacking activities. In a plea deal, she writes, Monsegur agreed to turn evidence on his colleagues:

“Flipping Monsegur wasn’t easy. But with a charge of aggravated identity theft and a two-year prison sentence to hang over his head, the FBI forced Monsegur to weigh the political beliefs that drove him and his allegiance to cohorts around the world against his desire to be with his kids—he is the guardian of two children—and his extended family.

‘He didn’t go easy,’ a law enforcement official involved in flipping Sabu told FoxNews.com. ‘It was because of his kids. He didn’t want to go away to prison and leave them. That’s how we got him.’”

It’s unclear at this point what Monsegur’s fate may be. As for LulzSec, however, that seems much clearer. Writes Sam Biddle over at Gizmodo:
“Though LulzSec proper has been dormant since last summer, Sabu has remained a hugely influential character atop a vast cult of personality. The revelation that he’s sold out the movement he professed to love so much will deal as much a psychological as logistical blow to Anon(ymous.)”
A Coda: One of @AnoymousSabu’s last tweets, sent the day of the arrests of his fellow Lulzers, reads:

“Without informants or companies bending over+giving up their customer data the feds would be further behind than they are now. Ride up.”

Who’s got lulz now?

An Old Hack Technique Gets A New Twist

Doug Bernard | Washington DC

Hackers may not always be the most innovative group. But as a rule, they are sneaky.

That’s exactly how the latest hack target, Cryptome.org, summed up the recent hit on its website: “sneaky.”

One version of a black hole (Creative Commons: Gallery of Space Time Travel)

A well known anti-secrecy site, Cryptome tends more to be a repository of information that others have obtained using various computer hacks, rather than the victim of a hack itself. But this week thousands of visitors who thought they were visiting the Cryptome website instead found themselves redirected to malicious websites. At the root of the attack is a rapidly growing technique that some are calling “malvertising.”

It works like this. A hacker creates a legitimate-looking ad that has malware hidden deep inside. Now a Trojan horse, that ad is submitted to the large online advertising networks, which then distributes the harmless-looking ad to specific websites. When a visitor clicks on the bad ad, they launch the attack and their computer is compromised.

In and of itself, this is hardly a new technique. However, the Cryptome attack is just the most recent in a growing string of attacks using something called the Blackhole Exploit Kit.  This can get a little geeky, so we’ll try and keep it basic.

Created by Russian hackers, Blackhole is essentially a bag of bad computer code, all designed to target vulnerabilities in a target computer’s operating system. A recent report from M86 Security notes the Blackhole Exploit Kit has become the tool of choice for many hackers, in part because of its “capability to update frequently and rapidly to take advantage of application vulnerabilities.” Driving the point home, a Sophos Corporation analysis of 2012 Internet security trends says these redirect ploys account for 67% of all computer hacks, with Blackhole accounting for a full 31% all by itself.

What was new in the Cryptome hack was security analysts are calling “drive-by” technology. In other words, a visitor to a website with an infected Blackhole ad no longer has to click on the ad; just viewing the page can be enough to inject malware onto your computer. Additionally, as Fahmida Rashid of eWeek.com reports, the Cryptome attack “specifically avoided targeting IP addresses from Google to prevent the search engine from blacklisting the site.” Meaning users were unlikely to know they were under attack until it was too late, and the bad bug was created to avoid being targeted by the world’s largest search engine.

In a word: sneaky.

Cyber security analyst Brian Krebs has a good piece exploring how users of Blackhole malware specifically profit from their misdeeds, while writers at the Imperva Corp’s “Security Blog” have a highly detailed dissection of Blackhole and how it works. Neither are light reading, so we’ll skip to the point: no matter how careful you are on the Internet, it’s becoming harder not to fall into a black hole.

Pushing Bounds And Tempting A Fight

Doug Bernard | Washington DC

If one could speak about Anonymous as a singular entity, then it’s clear that Anonymous is spoiling for a fight.

But of course, Anonymous is anything but a singular thing. It’s been called a hive of numberless drones, an amorphous hidden collective of computer hackers and even “The Borg.” By definition it’s a group that has no boundaries, and thus no members. Officially, at least.

“We are not a group. You cannot join us.  We are an idea,” taunts the computer-generated voice in one of their many online videos.

OK, “Anonymous.”  But for a group with no members, you sure have been busy of late. Consider that in just the last week or two, some tentacle of Anonymous has claimed responsibility for hacking the following people or groups:

“Ultimate Champion.” After feuding with anti-SOPA activists via Twitter, Dan White, founder of the lucrative “Ultimate Fighting Championship” found his website cracked and his personal information published online and shared via his own Twitter account. White has since gone silent on the web.

The FBI and Scotland Yard. Following the recent seizing (and freezing) of the Megaupload.com website and the arrest of its flashy owner Kim Dotcom in New Zealand, Anonymous brazenly recorded an entire conversation between FBI and Scotland Yard agents discussing last year’s arrest and prosecution of seven individuals believed connected to an earlier Anonymous hack. While the call wasn’t on a secure line, they were able to record without detection, and likely with help of cracked email files either at the FBI or Scotland Yard.

Puckett & Faraj. One of the more prestigious (and expensive) legal firms in the United States, Puckett & Farai represented U.S. marine Frank Wuterich, who was charged with dereliction of duty and convicted in a court-martial relating to the 2005 killings of 24 Iraqis in Haditha.  Segments of Anonymous felt the conviction wasn’t enough, so promptly released 2 gigabytes of private information from the law firm for public view. So thorough was the data grab that Puckett & Faraj’s business manager is on record as saying “this may completely destroy the law firm.” (The Puckett & Faraj website is still nothing but a blank screen.)

Syrian President Bashar al-Assad.  Yet another offshoot of Anonymous obtained what it calls the email addresses and passwords of hundreds of Syrian government officials, among many other documents, and predictably posted them all online, amid much smirking and self-congratulation. (As of 1900 UTC, Feb. 7, the list at Pastebin is still publicly viewable.)*

They hacked Polish government websites after that nation’s parliament passed the Anti-Counterfeiting Trade Act, as well as government websites in Italy, the Czech Republic and those of the EU.  They released personal information about top city officials in Oakland, California, after that city’s confrontation with the “Occupy Oakland” protest group. They redirected online customers of CBS and Universal to dummy sites following their support of SOPA/PIPA. They even hacked Symantec, the firm whose software is supposed to protect computers against invasion and hacking, and released its source code (albeit old code, says the company.)

All this, not even counting the 100-odd small credit card hits along the way, spells a lot of busy little hacker hands, all calling themselves “Anonymous.”

Different Names, Same Result

As we’ve noted, Anonymous calls itself a group with no membership or leadership; that’s what it says, at least. But in reality, there are leaders and core members. There must be.

In truth there may actually be many competing leaders and subgroups all operating under the umbrella cover of “Anonymous.” AnonOps, AntiSec, LulzSec, AnonymousIRC, Anon_Sexy: these and many others look and sound like separate groups, with separate messages and pet causes. They even speak with different voices: a tweet or a posting by the now disbanded LulzSec reads like that of a cocksure 12 year-old boy, while videos and “news releases” from AnonOps have what you might almost call a seriousness about them.

Swarm attacks like DDoS hacks don’t just happen, they have to be planned and timed. While no one may be leading any particular hack, every one of them must get rolling at someone’s suggestion or instigation. And the more sophisticated multipronged attacks – like those that humiliated cyber-security firm HB Gary last year – require coordinated resources and actions. By definition, someone (or a group of someones) must be orchestrating the whole affair.

Take, for example, this week’s news of a new search engine for felons. Called “MegaSearch.cc” it coordinates the many separate lists of stolen credit card numbers held by various criminals around the world into one searchable database. That kind of coordination requires someone to register the site, maintain the data set and pay the bills, even if by theft.  (By the way, a quick search of Megasearch’s registration suggests, unsurprisingly, that it is connected to a noted malware server, so readers are encouraged not to go exploring without protection.)

Part of the problem may also be the success of the Anonymous brand itself. As hacks have grown bolder and grabbed bigger headlines, unaffiliated hackers have no doubt been tempted to test their abilities for mischief and advertise their misdeeds under the “Anonymous” shadow, thus creating a new round of headlines, and on and on.  Thus it seems like the “group” is constantly growing, but in fact it’s merely getting credit for the work of others it inspired.

Either way, the end result is the same. More hacker hands mean more hacks.

How Far Is Too Far?

Anonymous has its admirers, but it also has enemies, and not just those whose websites it has broken. One of them is “th3j35t3r” – code for “The Jester” – who self-describes as a”hacktivist for good” and has frequently taken shots at Anonymous (which has shot back). As generalizations go, it’s fairly true that hackers tend not to always play well with each other, and infighting among those who claim some Anonymous connection is common.

And there are missteps as well. Earlier this year someone claiming to be Anonymous released a video threatening to take down the servers of major international banks, the United Nations, Microsoft, YouTube, Twitter, and Facebook. “Operation Global Blackout” was billed as punishment for the megaupload.com seizure, and the voice warned that unless megaupload’s servers weren’t released within 72 hours, Anonymous would darken the web.

72 hours came…and went, with no serious activity. Shortly after, in a second video release, a voice claiming to be Anonymous explained:

“Why haven’t any of the things stated in the initial video happened yet? Simple. Because this proposed idea doesn’t have a set period of time when it will go into effect, as it is an on-g0ing operation. Like I said…I explained what we can do, not what we will do.”

Critics are unconvinced. Apart from the backtracking, the two statements have a different tone. Anonymous videos almost never use “I” or its variants, but the updated video is filled with them. Was it a mistake? Or are different hacker groups within or near Anonymous fighting again?

We’ve said before and say again that the safest bet is that Anonymous will soon be linked to another high profile, highly embarrassing hack attack. Private data will be released, faces will redden and Anonymous will gloat. But is that it? Nobody has ever been physically hurt, or worse, because of an Anonymous hack; no government has fallen and no commerce has been permanently disrupted. Which begs the question: is Anonymous little more than an embarrassment machine? Will anything seriously consequential ever result from their efforts?

How far will Anonymous go before it goes too far?

The answer may come sometime soon.

*Ed. Note: beyond the seriousness of any individual or group hacking and publishing government officials pass codes, we couldn’t help but note that nearly every password used wouldn’t even pass the most basic security analysis.  “12345″ is never, ever, a smart pass word; a drunken bear could probably crack that.

Conflicting Claims About Terrorists’ Use of the Internet

Doug Bernard | Washington DC

The recent headlines were enough to concern even the most cynical reader. “Terrorist groups recruiting through social media,” blared the headline at the CBC’s website.  “Social Media Gave Terrorist Groups Second Wind,” read the report at pixelsandpolicy.com. “Terrorists making ‘friends’ on Facebook,” topped the Digital Journal story, underscored by an image of a masked person brandishing an automatic weapon.

Why all the alarm? It turns out these and many similar stories were all prompted by a new study by University of Haifa communications professor Gabriel Weimann. In it, Wiemann asserts that “…90% of terrorist activity on the Internet takes place using social networking tools,” a claim also previously made by researcher Evan Kholmann.  That terrorists were using the Internet took no one by surprise; that nearly all of their activity takes place in the relative open of social networking did.

“As we know from marketing, there’s a distinction between push and pull,” Dr. Weimann tells us:

“The pull strategy means you wait in your store and wait for the customers to come, and the push strategy means that you start pushing your product to the customers by knocking on their doors. When it comes to terrorism online, they used to apply a pull strategy; waiting in chat rooms for supporters, interested people, and members of the group to join in. Today, using the social networks, they can actually come to you. That is, using the social nature of Facebook, a page opens to another page, and so on. Friends and friends of friends, like widening circles, all become a huge social web.  They can use all that by getting only the first to post the messages they want.”

In Weimann’s view, terror groups have three goals for using the web: communication, coordination, and recruitment. And it’s this last goal – finding new members willing to take arms for their cause – that causes him the most alarm.

“If you’re a student, or you’re a journalist preparing an article related to a terrorist group, and you use Google search in a very naive way, you may very likely hit on a website which was posted or created by terrorists, without even knowing it. If you’re an alienated Arab or Muslim living in Europe or North America, and you’re just looking for companion, someone who shares your loneliness and you’re looking for social bonding, you may end up with terrorists online without even knowing it. This spread of online propaganda is done in a very smart, concealed way so that sometimes very naive populations may be seduced and tempted.”

“That is not a well-founded fear,” counters Dr. William McCants, a Middle East and terror researcher at the Center for Naval Analysis (CNA) outside Washington. “The most they’ve been able to do is perhaps steal some credit cards and blackmail some people, which would definitely be a concern, but it’s not as if they’re going to shut down a power grid anytime soon,” he says. “It’s really a coordination tool, and much less a recruitment tool.”

McCants readily admits that terror groups are trying to use the web for propaganda purposes. The problem, he says, is that they’re just not reaching their target audience.

“If you look at the (the Somali Islamist group) Shabab’s Twitter feed, most of their followers are DC area analysts.  They’re not youth that are interested in the movement. We haven’t seen the numbers that would substantiate people saying there are wide swathes of youth who are joining up as a result of reading propaganda online. The numbers of recruits are quite small, estimates both by militants aligned by Al Qaeda and by outside researchers (are) that only .00001 % of people who look at propaganda actually decide to take up arms on behalf of Al Qaeda. That’s a vanishingly small number.”

So are terrorists winning or losing their wars in the social networking realm? Many researchers say that’s simply the wrong question. “Terrorists use the Internet just like anyone else. They use it to communicate, to share ideas, to share tactics and seek out new followers,” says McCants. “I think the Internet is particularly effective for finding like-minded people and coordinating with them. But I am very skeptical about its utility in generating new recruits.”

Former CIA case officer, and now author, Marc Sageman, sees a landscape composed of fewer disciplined organizations like al Qaida, and more “self-recruited wannabees (hopefuls)” operating alone with only one or two other trusted associates. These solo actors may then likely turn to the Internet primarily for information: how to construct bombs, monitor security force movements or other tactics honed by jihadists in Afghanistan and Iraq. But this would only happen once the individual had decided on a terrorist course.

Researcher Kholmann, however, sees the web becoming an ever more potent tool for “soft” psychological warfare – militants boasting of accomplishments and creating the aura of a successful group that others may want to join. For example, while he was alive, American cleric Anwar Al-Awlaki preached heated inducements to jihad from his base in Yemen. His sermons were fiery, exciting, and in English, the language of Colleen LaRose of Pennsburg, Pennsylvania. In time, Colleen became infamous by her new adopted character “Jihad Jane,” and was eventually charged with conspiracy to commit murder and support of terrorists.

It’s those stories, even as few as there are now, that Gabriel Weimann focuses on.

“We have to react. We can’t leave the stage open to the bad guys. There are many ways to fight back but first of all we must be aware of it. We must be aware that online we are now fighting a new type of terrorism. It’s a new type of arena, a new type of war in cyber-space. For this type of war we need a new type of soldiers and weapons. It’s not tanks and it’s not explosives and airplanes and so on. What we need are experienced people who can…either block access to those websites, and can penetrate social networks and post alternative messages and try to compete with the terrorist scenarios of doom, death and destruction with a message of hope, peace and togetherness.”

But CNA’s William McCants says it’s less about war and weapons, and more about understanding the limitations of the Internet:

“I think those terms are the wrong way to think about it. They are not using the Internet as a weapon, that just has not been borne out anywhere. The most they’ve been able to do is perhaps steal some credit cards and blackmail some people, which would definitely be a concern, but it’s not as if they’re going to shut down a power grid anytime soon. It’s really a coordination tool, and much less a recruitment tool.”

Whatever the most accurate view, it’s a fair bet that as long as we have terrorists operating in the real world, they will find their way to cyber-space as well.

Conflicts in the Gulf and Arabian Peninsula Heat Up The Web

Doug Bernard | Washington DC

UPDATE Jan. 13, 2012: While 0xOmar seems to have submerged, at least for the moment, he’s inspired a little like-minded payback from Israel. Tel Aviv’s Ma’Ariv newspaper is reporting that an hacker named “0xOmer“, believed to be Israeli citizen Omer Cohen, has hacked the personal credit card data of at least hundreds of Saudi citizens, perhaps more, and published them online as retribution of 0xOmar’s attack of a week ago.

The first Saudi hack that compromised at the accounts of at least 14,000 Israelis, was one of the largest ever for the region. Officials now worry about a growing tit-for-tat escalation that could move beyond just credit cards.  Writes Ma’Ariv: “Digital terror” attacks, between Israelis and Arabs and others, are not a new phenomenon, although until today the man battlefield pertained to defacing Israeli web sites. Credit card theft is also a fairly routine occurrence, but until today this was done for profit. The latest hackings have turned the theft of personal information into a media war in which the hackers try to draw attention to themselves.”

There’s nothing new about a hacker who steals credit card data and publishes it online. There’s also little new about a hack attack being launched from one nation against another.

What’s new is when one of those targeted nations labels the attack “terrorism,” or when one belligerent swipes a secret military asset of the other – all through hacking.

There are two stories here, and they may or may not be connected. But they both point to a larger fact: as tensions increase in the Middle East, the Internet is increasingly being drawn into the battles.

“A Terrorist Operation”

The first story involves continuing fallout and finger-pointing following last week’s hack of thousands of Israeli credit card holders. At least 14,000 card numbers and associated data were published Thursday and Friday on a variety of hacker-friendly sites like Pastebin. In one posting, someone called “0xOmar” took credit: “It’s 0xOmar from group-xp, greatest Saudi Arabian hacker team,” read the note, going on to boast of more than 400,000 personal accounts it had stolen from 80 Israeli websites. The credit card firm Isracard says only 25,000 accounts have been compromised, while the Israeli newspaper Haaretz reports that much of the data was outdated or redundant, leaving only around 14,000 Israelis at risk.

Screen-grab from 0xOmar's online claim of an Israeli hack attack

Even still, that’s a significant hack for a nation as security focused as Israel, and officials are taking it, and 0xOmar, very seriously. Israeli Deputy Foreign Minister Danny Ayalon Saturday described the attack as a “…breach of sovereignty comparable to a terrorist operation, and must be treated as such.” Of course, first they have to find the hacker.

While there are clearly hacker groups and radical organizations operating within the Saudi kingdom, it’s highly unusual for such groups to launch large scale attacks on foreign entities. Some analysts suggest this may have been an Iranian operation, others say Russian and North Korean elements participated, while an Israeli teenager says he’s found the real 0xOmar – a UAE citizen named Omar Habib living in Mexico (0xOmar rejects this, dismissing the teenager as “a stupid student”).

It’s also very unusual for a state to compare such an attack to terrorism. While clearly malicious, it’s not at all clear how a hack of citizen’s credit cards threatens national sovereignty or security. The United States, among other nations, is working on policies on valid responses to hack attacks, but as yet there’s no clear international standard. “The U.S. has announced that any attack on its cybernetic space would be considered a declaration of war and that it would go as far as firing missiles to respond to such an attack,” said Ayalon. “This is a good criterion for us all.”

Did Iran Just Hack the CIA?

The second story has been around for nearly a month, but has only grown less clear with time. In December, Iranian authorities announced they had captured a U.S. military drone in perfect working condition. While the U.S. was silent, Iran’s Revolutionary Guards released photos of gloating Iranians next to the RQ-170 drone (curiously with its underside and landing gear hidden.)

Soon the Christian Science Monitor had an exclusive interview with an Iranian engineer who claims he and his colleagues hacked into the drone’s navigation system and tricked it into landing in Iran without the CIA’s knowledge. (Both the CIA and the Department of Defense operate a variety of drones, depending on the mission and the plane’s capabilities).  “The GPS navigation is the weakest point,” the Monitor quotes the engineer as saying. “By putting noise [jamming] on the communications, you force the bird into autopilot. This is where the bird loses its brain.”

“I think it’s ridiculous,” says Fredrick Fleitz. “I think it’s in keeping with the Iranian authorities to tell tall tales about their technological know how.”

Photo released by Iran's Revolutionary Guards showing the captured U.S. drone (AP via Sepahnews)

Fleitz has worked in the intelligence field for 25 years, with tours at the CIA, State Department and House Intelligence Committee. He’s currently managing editor at Lignet.com, a private global intelligence service. Before the U.S. even admitted that the drone was real, Fleitz and others were already casting doubt on the Iranian hacking claim:

“We’ve seen this repeatedly with their nuclear program. It’s almost silly to think that the Iranians could, almost as if they’re piloting a toy plane, bring down one of our UAVs (Unmanned Aerial Vehicles). I think what happened is the vehicle had mechanical problems; but from what I know about these things, the sophistication of the electronics and the encryption on it is far beyond Iran’s capability, or that of many other nations. I just think this is something that couldn’t happen.”

At a December 12 press conference, President Barack Obama put questions over the drone’s authenticity to rest when he admitted that it was, in fact, U.S. property. “We’ve asked for it back. We’ll see how the Iranians respond,” he told reporters.

“That was what was most absurd about this,” says Fredrick Fleitz. “First of all, we shouldn’t have acknowledged that the Iranians had it because it was an intelligence asset.  But to ask them to return it; that just made our country look so foolish.”

Iran is no stranger to employing hyperbole, or outright lies, in its military claims. For example, when the U.S.S. John Stennis aircraft carrier group steamed out of the Persian Gulf recently, Tehran said it was being “chased by Iranian warships” and was fleeing to the safety of open water – an unlikely claim to say the least. For Fleitz, the engineers’ claim of hacking the drone’s GPS navigation system, or the even less likely Russia Today report that the Revolutionary Guards had actually hacked the CIA’s drone command centers in Langley, Virginia, are all part of an awkward propaganda campaign aimed mostly at the Iranian public.

That, however, doesn’t mean that Iran isn’t capable of large scale cyber attacks, or that the U.S. isn’t vulnerable. Fredrick Fleitz:

“This is basically the poor man’s method of wreaking havoc against the developed world. It doesn’t take a great investment, and this is something I fully expect the Iranians will invest in. The U.S. government has to increase its defenses…but U.S. defense contractors are taking very few steps to protect themselves. This is a weak link where our enemies can obtain information – classified or close to being classified – from companies that do business with the government. They really do not understand how sophisticated and aggressive the foreign cyber threat is. The U.S. government has a lot of vulnerabilities, and it’s vulnerable too, but I think private enterprise has really underestimated this threat.”

It will take time before we will know with any certainty whether ’0xOmar’ actually breached online security at Israeli credit firms, or if Iranian engineers were able to commandeer the drone by hacking. But for Fleitz and many others in the Internet security field, these stories demonstrate what they’ve feared for a long time: that as the geopolitics of any particular region become increasingly tense, the Internet will reflect and perhaps even amplify those stresses.

The Alleged Wikileaks Leaker Is Arraigned

Doug Bernard | Washington DC

For the last year and a half, U.S. Army Private Bradley Manning has sat alone in a prison cell. A variety of prison cells, to be exact.

Pvt. Bradley Manning, shortly before his arrest in Baghdad, 2010

In Spring 2010, the military identified Manning as the source of several high profile leaks on the Wikileaks website. Among the classified leaks Manning is said to have provided: the “Collateral Murder” video of a Army helicopter strike in Iraq in 2007, the “Iraq War Logs” and the massive release of State Department diplomatic cables. (Manning has never confessed to these charges, and Wikileaks founder Julian Assange has refused to identify his source for the documents.)

The shy, some say troubled, young Army private was first taken into military custody May 26 in Baghdad and held in an undisclosed location, widely reported to be Camp Arifjan in Kuwait. In July of that year, Manning was transferred to a maximum security military brig at the Marine Corps’ base in Quantico, Virginia, on charges of copying secure documents to his computer and transferring them to unauthorized sources.

For eight months, little happened while Manning sat in solitary confinement in his 6′ by 12′ cell, unable to see anyone including his defense team. Then in March 2011, he was charged with 22 specific crimes, including theft, fraud and “aiding the enemy.” One month later, the group Amnesty International and several legal scholars labeled Manning’s isolation “harsh, punitive,” and in violation of the U.S. Constitution’s ban on cruel and unusual punishment. That same month, the military moved Manning to Fort Leavenworth, Kansas, where he has remained until today when he was brought to Fort Meade, outside Washington DC, for formal arraignment.

It was his first day in public view for 18 months.

Manning, Wikileaks, And The Price of Secrecy

Friday’s hearing,technically an “Article 32 Inquest,” is the military’s equivalent of a preliminary hearing, where the military court determines if there is enough evidence to proceed with a full court martial proceeding. (VOA’s Bill Ide has our report on the proceedings here, and Nico Columbant has this report on Manning’s supporters.) It’s a long and sometimes grueling process, but it’s only the start of Manning’s legal woes. The Justice Department has also brought a case against him in civilian court, and several other governments are considering charging him with national security violations.

And he’s not the only one.

While Bradley Manning has never formally admitted guilt to passing documents to Wikileaks, a series of email chats in 2010 with hacker-journalist Adrian Lam0 seem to be both confession and accusation:

12:15:11 PM Manning: hypothetical question: if you had free reign over classified networks for long periods of time … say, 8-9 months … and you saw incredible things, awful things … things that belonged in the public domain, and not on some server stored in a dark room in Washington DC … what would you do? …
12:26:09 PM Manning: lets just say *someone* i know intimately well, has been penetrating US classified networks, mining data like the ones described … and been transferring that data from the classified networks over the “air gap” onto a commercial network computer … sorting the data, compressing it, encrypting it, and uploading it to a crazy white haired aussie who can’t seem to stay in one country very long =L …
12:31:43 PM Manning: crazy white haired dude = Julian Assange …

“Treat this as a confession or an interview,” Lamo wrote. Manning continued to text the next day:

02:22:47 PM, Manning: i mean what if i were someone more malicious
02:23:25 PM, Manning: i could’ve sold to russia or china, and made bank?
02:23:36 PM, Lamo: why didn’t you?
02:23:58 PM, Manning: because it’s public data …

Since he launched the Wikileaks website in 2006, Julian Assange – the “crazy white haired dude” – has been giving governments around the world fits. Starting as an international whistle-blower site, Wikileaks published leaked documents on Icelandic banking, Kenyan corruption and celebrity misdeeds. But along the way it became largely focused on the Iraq and Afghanistan wars; and by extension, the U.S. government.

The Obama administration has been trying to make the case that Assange and others actively assisted Manning in his leaking. The Justice Department has subpoened Twitter records from Wikileaks supporters – including Icelandic member of parliament Birgitta Jónsdóttir – and Assange’s U.S. attorney, Mark Stephens, has alleged there is a secret grand jury seated to charge Assange with violating the Espionage Act. (U.S. Attorney General Eric Holder neither confirms or denies this, saying only that “significant actions” have been authorized.)

But as Raffi Khatchadourian documented in The New Yorker, such efforts have produced few results. Assange has steadfastly denied any conspiracy with Manning, and despite his own legal troubles with Swedish and British authorities, the U.S. has not been able to get any charges to stick to Assange.

Not that it hasn’t cost him, or Wikileaks. Under pressure from Washington, major credit card companies have suspended all supporter donations to the group. Although it continues to publish, just last week launching the so-called “Spy Files” project, Wikileaks’ leadership has begun to fray. As for Assange, he’s spent over one year largely confined to house arrest in Britain, and in his rare public appearances seems noticeably worn.

A Confined Future

Considering the unprecedented size of the secrecy breach, and the significant embarrassment caused to the U.S. government, it’s a sure bet that Bradley Manning will spend the rest of life behind bars. The larger issues remain untested: who is a journalist, what constitutes a secret, and how can they be stopped once they’re out there on the Internet?

The Pentagon and State Department have tightened access and constricted their use of the SIPRnet computer network Manning used to access military logs and diplomatic cables. And the Defense Department has launched several initiatives, one of them called “PRODIGAL,” to catch would-be snoops and leakers.

But leaks are unavoidable, as the Pentagon well knows. And in the Internet era, plugging the leak once it has begun can be next to impossible.

Bradley Manning’s military trial is expected to begin in earnest sometime in the Spring. Until then, he will make his home back in his prison cell at Fort Leavenworth.

Our complete Wikileaks coverage can be found here.