Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tech Forensics Take Center Stage in Manning Pre-Trial

Posted by Unknown on from the next-time-use-a-better-passphrase dept.

smitty777 writes with some updates from Bradley Manning's Article 32 hearing: "Wired has been reporting all [yester]day on the prosecution's technological evidence against Bradley Manning. The first is on the technology and techniques used by Manning. In the second, the examiners admit they didn't find any matching cables on Manning's computer. And finally, evidence that Manning chatted directly with Assange himself." The prosecution was able to access chat logs and other bits of evidence (which had been deleted, but not scrubbed from the disk) thanks to PFC Manning's use of the same password for his OS login and encryption passphrase. Oops.

12 of 172 comments (clear)

  1. Hero by roman_mir · · Score: 5, Insightful

    You do realize, that unlike your football and basketball stars, you actually have a real hero, don't you? He is in your prison - a political prisoner, because he dared to challenge the government and its illegal activities.

    --
    You can't handle the truth.
    1. Re:Hero by AJH16 · · Score: 3, Insightful

      Yes, because heroes leak information on what the government considers sensitive sites that could be vulnerable to terrorist attacks. You have a warped and naive view of what a hero is. Certainly some small amount of the information that came out indicated distasteful activity, however a large portion of it had no possible political purpose other than to try to hurt the US or give "bragging rights". The actions of whoever leaked the documents is not that of a hero trying to protect, but of an arrogant child trying to show off what they could do.

      Even if the goal had been to see what they saw as atrocities stopped, it was not the correct forum to do so by and even if the correct forums had been taken, bragging about it demonstrates the true motivations. I hate corruption and abuse as much as anyone, but that doesn't even make the beginning of an excuse for the vast majority of the type of information that was leaked. What possible whistle is being blown by exposing that many neighbors and "allies" of Iran are secretly terrified of them getting nukes and begging for it to be stopped. All it does is make the situation more dangerous, less likely to be resolved peacefully and accomplishes nothing. There is no point to it.

      The calls to go after Assanage seems foolish to me as he isn't a US citizen and I don't see how US law applies to him, but he could reasonably be considered a person non grata. Whoever leaked the documents however, did so from the US and is an enemy of the US and in fact world peace, whether intentionally or not and should be prosecuted as such. Arguably doing some small amount of good (in the wrong way) does not make up for the huge amount of inexcusable, irresponsible harm which was done.

      --
      AJ Henderson
  2. Not so fast... by neokushan · · Score: 3, Insightful

    From the first article...

    In those chats, Manning told Lamo that he had “zero-filled” his laptops, referring to a way of securely removing data from a disk drive by repeatedly filling all available space with zeros. The implication from Manning was that any evidence of his leaking activity had been erased from his computers. But Shaver’s testimony would seem to indicate that either the laptops weren’t zero-filled after all, or that it had been done incompletely.

    So Manning certainly knew about this kind of thing, but either didn't do it or didn't do it correctly. I wonder how difficult it is to mess something like that up?

    --
    +1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
    1. Re:Not so fast... by vlm · · Score: 3, Interesting

      Or he most certainly did, or at least he set up an automated system to do it, etc.

      But, no one can/will publicly admit the truth, that either the automated system to do that can be selectively remotely subverted on command (perhaps a routine investigation into him "fishing expedition" found more than expected?) OR the secret truth that cannot be discussed is that classified data recovery operations can read overwritten data much better than public recovery operations.

      Most likely this is one of those "lawyers approach the bench" undocumented moments where both sides were informed that public discussion of these classified projects in this trial will be prosecuted, etc... The less this seemingly important topic is discussed during the trial, the more likely they're covering up some interesting technical means.

      Having worked in a Army reserve unit in the early 90s in an IT-like capacity, we were told if we were overrun, the ammo depot's records had to be wiped by thermite, not "writing zeros" or whatever. This is public knowledge, read the public TMs. There is probably a very good reason when going up against "the bad guys" you only trust thermite, and going up against internal investigators and auditors, "trust us, writing zeros is good enough"

      --
      "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
    2. Re:Not so fast... by jimicus · · Score: 3, Insightful

      So Manning certainly knew about this kind of thing, but either didn't do it or didn't do it correctly. I wonder how difficult it is to mess something like that up?

      Extremely easy.

      Any modern operating system uses swap space - and while there's usually a way to ask the OS never to swap a program out, it's seldom exposed to the user. It normally relies on the program itself requesting this, and not everything will. Though a program may be exited later, the area of swapfile it used to use is not necessarily freed from disk.

      On top of that, a few programs (eg. Gimp) deal with their own memory management to a certain extent and so operate their own swap independently of the OS - they may also keep other temporary files floating around and don't always delete them. Or they may not save a file in the way you expect - when you hit "save", it's not unusual for a program to:

        - Create a new file.
        - Dump the data into the new file.
        - Rename the old file.
        - Rename the new file so it has the same name as the old one.
        - Delete the old file.

      This drastically reduces the risk of the app dying part way through the save process resulting in a corrupted file. It may result in a file that hasn't been saved, so some work may be lost, but it won't lose the lot. Of course this has the side-effect that there's an old file sat on the disk somewhere containing much the same data.

      On top of that, very small files will be stored directly in the MFT on Windows. Now the size of file we're talking about is probably not big enough to contain any serious information, but it may well give a forensic investigator a clue as to what's been done.

      I can think of a few scenarios in which Manning could easily mess up:

      1. Several "secure delete" utilities offer the option to securely delete individual files. Which they will, but as discussed above that may not achieve much.
      2. Using a tool to wipe all free space - these usually work by creating a file and filling it with zeroes until the OS eventually returns a disk full error, then deleting the file. I have no idea what - if anything - they'll do with any data still sitting around the MFT. Not to mention the fact that they won't help if there's any incriminating files sitting around that weren't deleted in the first place - and as we've established, it's quite possible for an application to do this totally invisibly to the end user.

      Realistically Manning would need to run DBAN or something similar on the entire disk. This will wipe the OS, so the affected computer would need to be reimaged.

    3. Re:Not so fast... by Alranor · · Score: 3, Interesting

      Having worked in a Army reserve unit in the early 90s in an IT-like capacity, we were told if we were overrun, the ammo depot's records had to be wiped by thermite, not "writing zeros" or whatever. This is public knowledge, read the public TMs. There is probably a very good reason when going up against "the bad guys" you only trust thermite, and going up against internal investigators and auditors, "trust us, writing zeros is good enough"

      Of course, that might have something to do with the fact that zeroing out the hard drives takes a not insignificant amount of time compared with just blowing them up. I've never been in the military myself, but I would hazard a guess that you might be under some time pressures if your base is being overrun by the enemy.

    4. Re:Not so fast... by Sloppy · · Score: 3, Informative

      Any modern operating system uses swap space - and while there's usually a way to ask the OS never to swap a program out, it's seldom exposed to the user. It normally relies on the program itself requesting this, and not everything will. Though a program may be exited later, the area of swapfile it used to use is not necessarily freed from disk.

      Yeah, there are lots of ways to screw up, but swap is one of the easiest things to get right. Since the user doesn't need to know a key, the machine can pick a totally random one (256 real bits, no guessable passphrase with less actual entropy) for it at every boot. Swap can be as solid as your best symmetric cipher, and that's pretty damn good. All the PK used on the internet will fail long before this level of tech does. Set things up right and swap may be the #1 safest place on your disks, the catch being that your lose it every time your reboot. ;-)

      --
      As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
  3. Re:Military vs. Civilian Justice by blizz017 · · Score: 5, Informative

    1. He's not at trial yet; this is an Article 32 hearing.. basically a grand jury hearing/pre-trial. 2. At Trial, he would have a jury of his peers; far more so than you'd find in a civilian courtroom. He's and enlisted soldier, so if his defense team opted, they can have a jury full of enlisted soldiers. 3. Contrary to what you wish to believe; military court martials aren't show trials. I'd argue that they're ultimately far more fair and impartial than you'll ever find in a civilian courtroom where a DA and/or Judge may have a political agenda to fulfill.

  4. Re:Info Doesn't Add Up by Alranor · · Score: 3, Informative

    Somehow you missed the very next line of the article ....

    All the data that Johnson was able to retrieve from un-allocated space came after that overwrite, he said.

  5. Re:Real Heros do not throw the lives of others awa by Forty+Two+Tenfold · · Score: 5, Insightful

    A real hero would have taken the time to scrub names of people who are informants and such in hostile areas.

    Whoever passed the information did so unto the entity that did the scrubing for him. It's unreasonable to expect that he parsed reams of documents to remove stuff.

    A real hero would always be on the look out for the the little guy, not simply acting out of anger or spite.

    Whoever leaked the docs, was looking out for the helpless and wanted to defend them from US military assholes acting out of infantile anger, spite and sadism.

    A real hero does not act as Manning allegedly did.

    FTFY, idiot.

    we will never know how many lives were lost because of it. Granted we may not know of lives saved, but I imagine those lost are real.

    FTFY. That's just your imagination/wishful thinking/bad will/brainwashing.

    --
    Upward mobility is a slippery slope - the higher you climb the more you show your ass.
  6. Re:Military vs. Civilian Justice by Hatta · · Score: 5, Insightful

    3. Contrary to what you wish to believe; military court martials aren't show trials. I'd argue that they're ultimately far more fair and impartial than you'll ever find in a civilian courtroom where a DA and/or Judge may have a political agenda to fulfill.

    Bradley Manning was held in solitary confinement for almost a year before he was even indicted. How is that consistent with your even handed, non-political picture of military justice?

    --
    Give me Classic Slashdot or give me death!
  7. Re:Real Heros do not throw the lives of others awa by AdamJS · · Score: 3, Insightful

    In fairness;
    -He was assured that the names of sensitive peoples would be scrubbed. Or rather, the truly sensitive cables would not be leaked. And Wikileaks actually did not release many documents purely because of that.
    -Wikileaks was using agencies like TheGuardian for the leaks, which assured them that they would properly vet the cables
    -The last, drastic and total leak was the result of general incompetence in regards to the total file and the security passcode for it having been posted online by different people, unawares. Oops.

    Really, his duty is to the US constitution, and if he believed that there was cause for the leaks - that the army or military or diplomats were treasonous in their duty and that the cables were proof needed to bring this to light - then it's quite understandable that he tried to expose them.

    His main mistake was pure naivety or pure dumbassery in trusting a random foreigner with such sensitive data - he had NO way of knowing that this information wasn't going straight into enemy hands - and not trying to bring this data to a local news agency like the NYT (just an example).