Bradley Manning’s chats and emails; authorized access: trial report, day 6

Several more government witnesses testified today about Bradley Manning’s online activity, access to various programs, and what the Apache video revealed. Court is in recess until Monday, June 17.

By Nathan Fuller, Bradley Manning Support Network. June 12, 2013.

Special Agent Mark Johnson. Sketch by Clark Stoeckley, BMSN.

Special Agent Mark Johnson. Sketch by Clark Stoeckley, BMSN.

Another long, witness-packed Wednesday made room for another long weekend in Bradley Manning’s trial: after today’s session, court is in recess again until Monday morning.

Army CCIU special agent Mark Johnson testified for the entire morning session at Ft. Meade, discussing his forensic examination of Bradley Manning’s personal MacBook Pro and his search for connections to WikiLeaks. 

On the unallocated (deleted) portion of the laptop, he discovered chats between an account associated with Bradley Manning and an account with the handle ‘pressassociation,’ which the government contends is connected to Julian Assange (along with the alias Nathaniel Frank), ranging from March 5, 2010, and March 18, 2010.

The two discussed government information, and prosecutors focused on ‘pressassociation’s comment about the United States’ Open Source Center, “that’s something we want to mine entirely.”

But on cross-examination, Johnson confirmed that ‘pressassociation’ never actually asked Manning for anything, and never asked him about his direct access to any information.

Johnson also found emails, encrypted and un-, between Bradley and Eric Schmiedel, discussing State Department cables, the Iraq War Logs, the Collateral Murder video, and on the unallocated portion, WikiLeaks. The defense established that Bradley never looked at websites associated with terrorism or anti-American beliefs – more testimony going against the government’s claim that Bradley had knowledge that WikiLeaks releases would end up in the hands of the enemy.

Defense lawyers also gleaned that the only evidence of a connection between Bradley and WikiLeaks’ submission page can be found for April 10-12, 2010. They also confirmed that files referencing Farah (see yesterday’s revelation on that video) on his MacBook Pro would have to have arrived after January 31, 2010, because that’s when Bradley wiped his computer, including its free space, and everything predating that would be gone. This lends itself further to the defense claim that Bradley sent the Farah video to WikiLeaks in April 2010, not November 2009.

Collateral Murder reveals Apache techniques

The government read stipulated testimony from Jon LaRue, a former Apache helicopter pilot who reviewed the infamous ‘Collateral Murder’ Apache video after its release. He said the release of the video, which is unclassified, revealed TTPs, or Techniques, Tactics, and Procedures. TTPs, he said, are “pieces of a puzzle,” so with other pieces, a potential adversary could put together that puzzle and be able to learn about how U.S. Apaches operate. 

Manning and password decryption 

The government recalled its forensic expert David Shaver to talk about Bradley’s ability to access the administrative privileges on his computer, which are more broad than his user rights and which he’d need a password to access. That password is broken up, for security’s sake, into a SAM file and a system file. While the government spent significant time proving Bradley’s installation of a Linux operating system, which allowed him to access the SAM file, the defense quickly showed on cross-examination that he never accessed the system file and therefore couldn’t have accessed any passwords.

Wget and Bradley’s “authorized access”

More and more testimony on Wget didn’t provide the final word on whether Bradley “exceeded authorized access” by adding programs to his SIPRNet computer. He added software called Wget to rapidly increase downloading of files from the network, and Wget wasn’t on a list of pre-authorized programs that soldiers could have on their work computers. However, soldiers frequently added movies, music, and (more importantly, since they’re similar to Wget in file type) video games to the shared drive. Captain Thomas Cherepko, who managed Information Assurance for Bradley’s unit, testified that even after he deleted those unauthorized files from the shared drive, soldiers would re-add them, due to a “command laxity” about enforcing those rules.

Court resumes Monday, June 17, at 9:30 AM.

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>