Tech Forensics Take Center Stage in Manning Pre-Trial

smitty777 writes with some updates from Bradley Manning's Article 32 hearing: "Wired has been reporting all [yester]day on the prosecution's technological evidence against Bradley Manning. The first is on the technology and techniques used by Manning. In the second, the examiners admit they didn't find any matching cables on Manning's computer. And finally, evidence that Manning chatted directly with Assange himself." The prosecution was able to access chat logs and other bits of evidence (which had been deleted, but not scrubbed from the disk) thanks to PFC Manning's use of the same password for his OS login and encryption passphrase. Oops.

Hero

[roman_mir]

You do realize, that unlike your football and basketball stars, you actually have a real hero, don't you? He is in your prison - a political prisoner, because he dared to challenge the government and its illegal activities.

Re:Hero

[AJH16]

Yes, because heroes leak information on what the government considers sensitive sites that could be vulnerable to terrorist attacks. You have a warped and naive view of what a hero is. Certainly some small amount of the information that came out indicated distasteful activity, however a large portion of it had no possible political purpose other than to try to hurt the US or give "bragging rights". The actions of whoever leaked the documents is not that of a hero trying to protect, but of an arrogant child trying to show off what they could do.

Even if the goal had been to see what they saw as atrocities stopped, it was not the correct forum to do so by and even if the correct forums had been taken, bragging about it demonstrates the true motivations. I hate corruption and abuse as much as anyone, but that doesn't even make the beginning of an excuse for the vast majority of the type of information that was leaked. What possible whistle is being blown by exposing that many neighbors and "allies" of Iran are secretly terrified of them getting nukes and begging for it to be stopped. All it does is make the situation more dangerous, less likely to be resolved peacefully and accomplishes nothing. There is no point to it.

The calls to go after Assanage seems foolish to me as he isn't a US citizen and I don't see how US law applies to him, but he could reasonably be considered a person non grata. Whoever leaked the documents however, did so from the US and is an enemy of the US and in fact world peace, whether intentionally or not and should be prosecuted as such. Arguably doing some small amount of good (in the wrong way) does not make up for the huge amount of inexcusable, irresponsible harm which was done.

Not so fast...

[neokushan]

From the first article...

In those chats, Manning told Lamo that he had “zero-filled” his laptops, referring to a way of securely removing data from a disk drive by repeatedly filling all available space with zeros. The implication from Manning was that any evidence of his leaking activity had been erased from his computers. But Shaver’s testimony would seem to indicate that either the laptops weren’t zero-filled after all, or that it had been done incompletely.

So Manning certainly knew about this kind of thing, but either didn't do it or didn't do it correctly. I wonder how difficult it is to mess something like that up?

Re:Not so fast...

[jimicus]

So Manning certainly knew about this kind of thing, but either didn't do it or didn't do it correctly. I wonder how difficult it is to mess something like that up?

Extremely easy.

Any modern operating system uses swap space - and while there's usually a way to ask the OS never to swap a program out, it's seldom exposed to the user. It normally relies on the program itself requesting this, and not everything will. Though a program may be exited later, the area of swapfile it used to use is not necessarily freed from disk.

On top of that, a few programs (eg. Gimp) deal with their own memory management to a certain extent and so operate their own swap independently of the OS - they may also keep other temporary files floating around and don't always delete them. Or they may not save a file in the way you expect - when you hit "save", it's not unusual for a program to:

  - Create a new file.
  - Dump the data into the new file.
  - Rename the old file.
  - Rename the new file so it has the same name as the old one.
  - Delete the old file.

This drastically reduces the risk of the app dying part way through the save process resulting in a corrupted file. It may result in a file that hasn't been saved, so some work may be lost, but it won't lose the lot. Of course this has the side-effect that there's an old file sat on the disk somewhere containing much the same data.

On top of that, very small files will be stored directly in the MFT on Windows. Now the size of file we're talking about is probably not big enough to contain any serious information, but it may well give a forensic investigator a clue as to what's been done.

I can think of a few scenarios in which Manning could easily mess up:

1. Several "secure delete" utilities offer the option to securely delete individual files. Which they will, but as discussed above that may not achieve much.
2. Using a tool to wipe all free space - these usually work by creating a file and filling it with zeroes until the OS eventually returns a disk full error, then deleting the file. I have no idea what - if anything - they'll do with any data still sitting around the MFT. Not to mention the fact that they won't help if there's any incriminating files sitting around that weren't deleted in the first place - and as we've established, it's quite possible for an application to do this totally invisibly to the end user.

Realistically Manning would need to run DBAN or something similar on the entire disk. This will wipe the OS, so the affected computer would need to be reimaged.

Real Heros do not throw the lives of others away

[Shivetya]

and he is no real hero nor the people who dispensed the information. A real hero would have taken the time to scrub names of people who are informants and such in hostile areas. A real hero would always be on the look out for the the little guy, not simply acting out of anger or spite. A real hero does not act as Manning did.

Yes, there were some good outcomes from what he is accused of doing, however we will never know how many lives were lost because of it. Granted we may not know of lives saved, but I am pretty sure those lost are real.

Re:Real Heros do not throw the lives of others awa

[Forty+Two+Tenfold]

A real hero would have taken the time to scrub names of people who are informants and such in hostile areas.

Whoever passed the information did so unto the entity that did the scrubing for him. It's unreasonable to expect that he parsed reams of documents to remove stuff.

A real hero would always be on the look out for the the little guy, not simply acting out of anger or spite.

Whoever leaked the docs, was looking out for the helpless and wanted to defend them from US military assholes acting out of infantile anger, spite and sadism.

A real hero does not act as Manning allegedly did.

FTFY, idiot.

we will never know how many lives were lost because of it. Granted we may not know of lives saved, but I imagine those lost are real.

FTFY. That's just your imagination/wishful thinking/bad will/brainwashing.

Re:Military vs. Civilian Justice

[Hatta]

3. Contrary to what you wish to believe; military court martials aren't show trials. I'd argue that they're ultimately far more fair and impartial than you'll ever find in a civilian courtroom where a DA and/or Judge may have a political agenda to fulfill.

Bradley Manning was held in solitary confinement for almost a year before he was even indicted. How is that consistent with your even handed, non-political picture of military justice?

Re:Real Heros do not throw the lives of others awa

[AdamJS]

In fairness;
-He was assured that the names of sensitive peoples would be scrubbed. Or rather, the truly sensitive cables would not be leaked. And Wikileaks actually did not release many documents purely because of that.
-Wikileaks was using agencies like TheGuardian for the leaks, which assured them that they would properly vet the cables
-The last, drastic and total leak was the result of general incompetence in regards to the total file and the security passcode for it having been posted online by different people, unawares. Oops.

Really, his duty is to the US constitution, and if he believed that there was cause for the leaks - that the army or military or diplomats were treasonous in their duty and that the cables were proof needed to bring this to light - then it's quite understandable that he tried to expose them.

His main mistake was pure naivety or pure dumbassery in trusting a random foreigner with such sensitive data - he had NO way of knowing that this information wasn't going straight into enemy hands - and not trying to bring this data to a local news agency like the NYT (just an example).

BULLSHIT and you of all people should know better

[SuperKendall]

Whoever passed the information did so unto the entity that did the scrubing for him.

That is a BULLSHIT excuse. Perhaps being a Slashdot reader you remember the phrase "information wants to be free". Well that applies for ANY information leaked. No-one Manning leaked to had a security clearance, so why should he trust them to scrub out sensitive information and not feed some in side channel?

Either information is leaked or it is not, just as you cannot be only a little bit pregnant. Manning chose to leak everything without consideration for what information truly should not be released, and now he must face the consequences of what he chose to do.