Feds found Manning-Assange chat logs on laptop..how handy?

http://www.wired.com/threatlevel/2011/12/manning-assange-laptop/

A government digital forensic examiner retrieved communications between accused WikiLeaks source Bradley Manning and an online chat user identified on Manning’s computer as “Julian Assange,” the name of the founder of the secret-spilling site that published hundreds of thousands of U.S. diplomatic cables.

Investigators also found an Icelandic phone number for Assange, and a chat with another hacker located in the U.S., in which Manning says he’s responsible for the leaking of the “Collateral Murder” Apache helicopter video released by WikiLeaks in spring 2010.

Until Monday’s revelation, there’s been no reports that the government had evidence linking the two men, other than chat logs provided to the FBI by hacker Adrian Lamo. Assange is being investigated by a federal grand jury, but has not been charged with any crime, as publishing classified information is not generally considered a crime in the U.S. But if prosecutors could show that Assange directed Manning, that could complicate Assange’s defense that WikiLeaks is simply a journalistic endeavor.

The news of the chat logs came on the fourth day of Manning’s Army hearing being held to determine whether he’ll face court martial on 22 charges of violating military law for allegedly abusing his position as an intelligence analyst in Iraq to feed a treasure trove of classified and sensitive documents to WikiLeaks.

Mark Johnson, a digital forensics contractor for ManTech International who works for the Army’s Computer Crime Investigative Unit, examined an image of Manning’s personal MacBook Pro and said he found 14 to 15 pages of chats in unallocated space on the hard drive that were discussions of unspecified government info, and specifically referred to re-sending info.

While the chat logs were encrypted, Johnson said that he was able to retrieve the MacBook’s login password from the hard drive and found that the same password “TWink1492!!” was also used as the encryption key.

Assange’s name was attached to a chat handle “dawgnetwork@jabber.ccc.de” listed in Manning’s chat buddy list. That Jabber address uses the same domain name allegedly mentioned by Manning in the chat logs that ex-hacker Adrian Lamo gave to the FBI and to Wired.com. In the log, Manning was making reference to a domain that Assange was known to use.

In Manning’s buddy list there was a second handle with two aliases associated with it: Julian Assange and Nathaniel Frank, which were attached to “pressassociation@jabber.ccc.de.” CCC.de is the Chaos Computer Club’s server.

When asked, Johnson said it was odd for a user to assign two different names to an account, implying that some subterfuge might have been at play.

The chat logs mention a request to re-send some unspecified data, showing that the parties had talked before, Johnson said, as well as discussion about using SFTP for uploading data securely to an FTP server.

Johnson testified that he found SSH logs on Manning’s computer that showed an SFTP connection from a Verizon IP address that resolved to Manning’s aunt’s house to an IP address associated a Swedish ISP called PRQ that is known to have links to WikiLeaks.

In a separate chat with Eric Schmiedl, who appears to be a photographer, lock picker and member of the hacker scene who lives in the U.S., Manning confesses that he leaked the Apache attack video, which documented the deaths of two Reuters employees.

Manning: Are you familiar with WikiLeaks?
Schmiedl: Yeah, I am
Manning: I was the source of the 12 Jul 07 video from the Apache Weapons Team which killed two journalists and injured two kids

Johnson testified that he found two attempts to delete data on Manning’s laptop. Sometime in January 2010, the computer’s OS was re-installed, deleting information prior to that time. Then on or around Jan. 31, someone attempted to erase the drive by doing what’s called a “zerofill” — a process of overwriting data with zeroes. Whoever initiated the process chose an option for overwriting the data 35 times — a high-security option that results in thorough deletion — but that operation was canceled. Later, the operation was initiated again, but the person chose the option to overwrite the information only once — a much less secure and thorough option.

All the data that Johnson was able to retrieve from un-allocated space came after that overwrite, he said.

Johnson says he also examined an external hard drive found in Manning’s bunk room in Iraq that contained a text file called wl-press.txt that was created on Nov. 30, 2009, right around the time that Manning told Lamo that he first made contact with WikiLeaks.

The file included the line: “You can currently contact our investigations editor directly in Iceland at 354. 862.3481 : 24 hour service : ask for Julian Assange.”

Special Agent David Shaver testified that he examined an SD card found at Manning’s aunt’s house and found an encrypted zip file that contained three files he was able to open. One contained more than 400,000 action reports from Iraq, pulled from the Combined Information Data Network Exchange, or CIDNE. The other contained about 91,000 action reports from Iraq. The third file, a readme.txt file, appeared to be a message to WikiLeaks.

Items of historical significance of two wars Iraq and Afghanistan Significant Activity, Sigacts, between 00001 January 2004 and 2359 31 Dec 2009 extracts from CSV documents from Department of Defense and CDNE database. These items have already been sanitized of any source identity information.

You might need to sit on this information for 90 to 180 days to best send and distribute such a large amount of data to a large audience and protect the source.

This is one of the most significant documents of our time removing the fog of war and revealing the true nature of 21st century asymmetric warfare.

Have a good day.

Shaver said he was able to open those encrypted files using the same password he extracted from the MacBook.

“You got kind of lucky?” asked the prosecutor.

“Yes, sir,” Shaver replied.

More to come.

———–

‘you got kind of lucky”..yeah no shit..i dont believe anything coming out of this kangaroo court..assange will be connected to manning..count on it..and it will start the wheels in motion to get him to the usa to face possible execution if convicted..

““You can currently contact our investigations editor directly in Iceland at 354. 862.3481 : 24 hour service : ask for Julian Assange.” < — another lucky find..

401

~ by seeker401 on December 21, 2011.