Bradley Manning Informant Reported Second Person for Aiding WikiLeaks

Adrian Lamo at the home of his parents in Carmichael, California in spring 2010. Photo: Ariel Zambelich/Wired.com

FT. MEADE, Maryland – Accused WikiLeaks source Bradley Manning wasn’t the only person that convicted hacker Adrian Lamo reported to the authorities for allegedly helping WikiLeaks, according to testimony in a Saturday military hearing concerning Manning’s alleged leaking.

In May 2010, Lamo gave the FBI incriminating chat logs with Bradley Manning, leading to Manning’s arrest on charges that he aided the country’s enemies when he leaked classified and sensitive documents. When Wired reported his actions, Lamo instantly became persona non grata among a large swath of the hacker community, which largely supports WikiLeaks and almost uniformly detests those who cooperate with authorities.

In court testimony Saturday, a government witness testifying against Manning said that Lamo subsequently contacted authorities in July 2010 to say that he’d learned through online chats that a person named Jason Katz who worked at a Department of Energy lab had tried to help WikiLeaks decrypt a video of the 2009 Garani incident, in which U.S. warplanes allegedly killed nearly 100 Afghan civilians.

Katz was fired from his job at the DoE’s Brookhaven National Laboratory in March 2010, one month prior to publication of the Collateral Murder video, for engaging in unspecified “inappropriate computer activity,” Special Agent Mark Mander, an investigator with the Army’s Computer Crime Investigative Unit, divulged in court.

After Lamo’s tip, the government searched Katz’s former workstation, and found an encrypted and password-protected file, which investigators opened after the military provided the government password for the Garani video file, according to testimony.

The Brookhaven National Laboratory, which is run by a private company under contract with the Department of Energy, noted the departure of a physicist named Jason Katz in its March 12, 2010 newsletter. The arrival of a physicist named Jason Katz was noted in a February 13, 2009 newsletter.

According to Mander, Katz had allegedly been bragging in an online chat with an unspecified person about trying to decrypt the Garani video. It was unclear from Mander’s testimony if Katz had been chatting directly with Lamo or with another person.

Lamo confirmed Mander’s account of the incident to Wired.com following the witnesses testimony. He clarified that he was never in direct contact with Katz, but would not elaborate on how he became aware of Katz’s chat.

“In the protectcng sources and methods, I am hesitatnt to disclose how I became aware of this individual,” he said in a phone call, adding cryptically that “the means of which I became aware of his activities were not a human interaction.”

Lamo is preparing to testify as a witness at the hearing but has not been told yet when he will be called. “Toward the end of the proceeding,” he said, noting that the government has been preparing him for testimony by explaining the basic procedures of the Article 32 hearing.

WikiLeaks hinted in January 2010 that it had the Garani video and that it was in the process of breaking the encryption.

Instead, WikiLeaks published the so-called Collateral Murder video of a U.S. helicopter attack in Iraq where two Reuters employees were killed, and two children seriously wounded. Manning allegedly told Lamo that he gave that previously unseen footage and the password to unlock it to WikiLeaks. After that video was made public, WikiLeaks founder Julian Assange told reporters that his organization still had the Garani video and would publish it as well, but the video has never been published – presumably because the organization has been unable to break the encryption.

Zeus Spam Changes Tactics

McAfee Labs Messaging Security recently observed a new malicious spam campaign pushing password-stealing Trojans associated with the Zeus/Zbot family. This campaign leverages several notable social engineering techniques.

For admins and netizens familiar with contemporary email-borne threats, a message purporting an undeliverable DHL, FedEx, or USPS package triggers an immediate red flag. Though still prevalent, those themes have begun to run their course. This campaign changes themes to include “Puget Sound Energy Paperless Billing,” “Business Meeting Notes,” and, most recently, “King County Ecommerce Payments.”

 

While still employing familiar elements (for example, filenames of “$malware.pdf.exe” that rely on the default Windows configuration that hides extensions for known file types), these messages are representative of the modern approach to malware delivery: Target the recipient with emails designed to provoke curiosity.

McAfee Customers are protected against these threats from cloud to appliance, and gateway to end point. Remember folks: defense in depth.

Virus Information:

PWS-Zbot.gen.dx!5838BFF382CA

Army Arrested Manning Based on Unconfirmed Chat Logs

FT. MEADE, Maryland – The military arrested alleged WikiLeaks source Bradley Manning last year in Iraq based in large part on unconfirmed information that former hacker Adrian Lamo had gleaned from his chats with Manning, according to the government’s first witness in Manning’s hearing.

Special Agent Toni Graham, an investigator with the Army’s Criminal Investigation Division and the first witness called on Saturday, testified that she relied on information provided by Lamo, identified in court only as a confidential informant, that a video of an Army helicopter attack that Manning allegedly gave to WikiLeaks and that WikiLeaks published in April 2010 was a classified video.

Graham said she did not verify this was true before submitting an affidavit that was the basis for ordering Manning into confinement that lasted more than a year and a half before this week’s hearing.

Manning, who turned 24 Saturday, is charged with 22 violations of military law and faces possible life imprisonment. Manning, who at the time was an Army intelligence analyst, is accused of abusing his access to classified computer systems to leak diplomatic cables, Iraq and Afghanistan action reports and the so-called Collateral Murder video to WikiLeaks. In chat logs published by Wired, Manning allegedly told Lamo that he leaked the documents as an act of political protest against a corrupt system and the he snuck files out of a shared workroom using rewritable CDs labeled with pop stars names, such as Lady Gaga.

Saturday is the second day of Manning’s Article 32 hearing, which is expected to last into next week. The government will lay out some of its evidence against Manning in the hearing, somewhat akin to a civilian grand jury. After the hearing ends, a military officer will decide which charges, if any, will be brought against Manning in a court martial.

Asked by defense attorney Maj. Matthew Kemkes if she was aware that the video was in fact unclassified, Graham responded that she did not know this at the time. She also told the court that the FBI had vouched for the integrity of Lamo, who provided the information that she included in the affidavit that was the basis for placing Manning in pre-trial confinement.

The only information from Lamo that investigators verified before Graham wrote the affidavit was Manning’s background and role in the military, which Graham said investigators verified through a military background check and through an examination of Manning’s Facebook profile.