WikiLeaks: One Analyst, So Many Documents

To date, Bradley Manning stands accused only of providing a classified video of U.S. operations in Iraq to WikiLeaks. But U.S. government officials say they consider Manning the prime suspect behind the flood of documents that have wound up being promulgated by the group determined to bust U.S. secrecy.

Manning, 23, seems like an unlikely culprit. Trained as an intelligence analyst, awarded a Top Secret clearance, deployed to Iraq with the 2nd Brigade Combat Team of the Army's 10th Mountain Division in 2007, he's a mere PFC, or Private First Class, not an Aldrich Ames, the elite spy who leaked to the Soviets. Instead of working at CIA headquarters in Langley, Va., or doing secret drops in Vienna, Manning's days were spent in an air-conditioned shack inside a small forward-deployed compound in Iraq.

Skeptics of the government's case against Manning wonder how one young soldier, operating with a couple of computers in the middle of desert, could access and download so much classified information and do so undetected for so long. Indeed, it appears Manning might not have come under suspicion at all had he not confided in a reformed hacker named Adrian Lamo, and had Lamo, a civilian, not reported Manning's musings to the U.S. Army.

But in the modern military, which relies on information as much as bullets and bunkers, it's more easy than one might think to gain access to classified material and to disseminate it, according to interviews with numerous officials.

Manning's job was to make sure that other intelligence analysts in his group had access to everything that they were entitled to see. That included incoming intelligence streams from across the world on something called the Joint Worldwide Intelligence Communications System (JWICS), the Department of Defense's computer network for Top Secret information. Manning also had access to another information stream dubbed the Secure Internet Protocol Router Network (SIPRNet), the Pentagon's server for information classified as Secret. (Secret and Top Secret are differing levels of classifications for materials.)

Using keyword searches and a knowledge of routing nomenclature, any intelligence analyst -- even if he's sitting in a shack in Iraq -- can access pretty much any piece of data classified at the level of access he has. Analysts are given updated documents like this unclassified list of every military operating unit and its e-mail designator. The lists can be accessed through an unsecure and unpublicized Joint Chiefs of Staff file transfer network. Another document lists every single mail routing address by location, even for unacknowledged locations like the Air Force test site in "Area 51" near Las Vegas.

Information and intelligence at the Top Secret level can't be transferred off of those computers easily. To transfer information from the SIPRNet to unclassified networks, analysts like Manning use proprietary computers called SNAP. About 1,500 are deployed in Iraq and Afghanistan, according to TeleCommunications Systems, the company that builds them. SNAP, which stands for SIPR-NIPR Access Point, "allows you to bring stuff from the low side to the high side and vice versa, securely," one current user of the program said. The user asked to remain anonymous in order to share sensitive but unclassified insights into how analysts perform their work. Information on an unclassified computer can be transferred to a stick drive, burned onto a CD or simply e-mailed away.

The important thing to know is that diplomatic cables are no longer transmitted over wires to clattering teletype machines. They're sent via e-mail over secured networks, and they are also stored on servers until they're erased. Cables and incident reports from the field are stored on servers in the form of PST files -- PS stands for "personal storage" -- e-mail archives that Microsoft's Outlook program uses to compress and store data.

So how did Manning allegedly manage to get access to the diplomatic cables? They're transmitted via e-mail in PDF form on a State Department network called ClassNet, but they're stored in PST form on servers and are searchable. If Manning's unit needed to know whether Iranian proxies had acquired some new weapon, the information might be contained within a diplomatic cable. All any analyst has to do is to download a PST file with the cables, unpack them, SNAP them up or down to a computer that is capable of interacting with a thumb drive or a burnable CD, and then erase the server logs that would have provided investigators with a road map of the analyst's activities. But analysts routinely download and access large files, so such behavior would not have been seen as unusual.

Manning is alleged to have started to provide WikiLeaks with the information in the fall of 2009. His access to computer systems was cut off in late May of 2010. The Army's charging document accuses him of downloading "more than" 50 classified State Department cables to his personal computer.

The Department of Defense has tried to make sure that analysts don't abuse the privilege of all-source access while ensuring that they don't operate under an umbrella of constant fear and suspicion or suffer from the kind of stovepiping or compartmentalization that led to pre-9/11 intelligence failures when one agency wouldn't talk with another.

About 60 percent of DoD computers now are monitored by a Host-Based Security System that detects unusual patterns of download and access activity on SIPRNet, according to Bryan Whitman, a Pentagon spokesman. SNAP tools have also been modified. Analysts seeking to upgrade or downgrade information must do so in a supervised setting, Whitman said in an e-mail to defense reporters on Sunday.

The U.S. Central Command has begun security reviews of protocols at forward-deployed settings like Hammer in Iraq, where Manning spent several years. "Insider threat working groups" have been established, and commanding officers are being trained to detect behavioral changes in their young analysts.

And the Office of Management and Budget has ordered "each department or agency that handles classified information" to establish a security assessment team that would make sure that users don't have "broader access than is necessary to do their jobs effectively."

But the tension between access, which is critical for tactical intelligence, and operational security, which is critical for protecting secrets, is tight. In wartime, the number of young, fresh-out-of-school analysts granted security clearances skyrockets as demand for intelligence increases exponentially. In this instance, if Manning is indeed the culprit, all it took was one disaffected young man with a rudimentary knowledge of computer systems to bring down an entire edifice of code names, secret networks, compartmented channels, and protected information.