A Data Science Central Community
Accused WikiLeaks source Pfc. Bradley Manning installed and used unauthorized “data-mining software” on his SIPRnet workstation during the time he allegedly siphoned hundreds of thousands of documents off that classified network, the Army said Friday in response to inquiries from Threat Level.
Manning’s use of unauthorized software was the basis of two allegations filed against him this year in his pending court martial, but the charge sheet listing those allegations was silent on the nature of that software.
On Friday, an Army spokeswoman clarified the charges. “The allegations … refer to data-mining software,” spokeswoman Shaunteh Kelly wrote in an e-mail. “Identifying at this point the specific software program used may potentially compromise the ongoing criminal investigation.”
She added that the two allegations relate to “the same data-mining software used on two different dates.”
Manning’s attorney, David Coombs, did not respond to telephone and e-mail inquiries.
Manning allegedly installed the software twice on Army computers connected to SIPRnet, the Secret Internet Protocol Router Network that’s been identified as the original source of WikiLeaks’ large-scale U.S. releases. Those releases included 250,000 State Department diplomatic cables and 500,000 classified field reports from the wars in Iraq and Afghanistan.
Manning allegedly installed the code the first time between Feb. 11, 2010 and April 3, 2010. The second time was around May 4, the day he was demoted from Specialist to Private First Class and given a new job assignment following an altercation with another soldier.
If Manning installed data-mining software on his SIPRnet workstation, that could potentially strengthen the government’s case against the alleged leaker. Two of the 22 allegations against Manning are for exceeding authorized computer access in violation of the Computer Fraud and Abuse Act –- the federal anti-hacking statute.
Manning exceeded his authorized access to SIPRnet, the charge sheet says, when he obtained and leaked classified U.S. State Department cables to an unauthorized third party. According to a former federal prosecutor, the data-mining software could aggravate the unauthorized access crime by showing premeditation to obtain the documents.
“Generally, people who engage in unauthorized access — many of them anyway — are thrill seekers who do it without any specific plan in mind,” said Scott Christie, a former federal prosecutor who specialized in computer crime and is now a partner at the private firm McCarter & English.
“But to upload a data-mining suite of software suggests you have a plan in mind, you’re sophisticated enough to use the software and to configure it to find what you want, and that you have given this plan a great deal of attention.”
Christie said that prosecutors wouldn’t have to show definitive evidence that the software was used to obtain or sort the purloined documents; just the fact that it was installed on Manning’s computer during the time the documents were taken would allow prosecutors to draw reasonable inferences that it was used to commit the crime.
The charges also suggest that the United States has recovered evidence from Manning’s machines, despite Manning’s apparent confidence that no investigator would be able to uncover forensic evidence against him.
Read full story at http://www.wired.com/threatlevel/2011/04/manning-data-mining/
(note: I believe that what they mean by data mining is actually web scraping software with search capabilities - in my opinion this is not "data mining" but "data harvesting")