US government charges that Julian Assange conspired with former soldier Chelsea Manning to crack a password to give Manning anonymous access to government sensitive government documents have been called into question by a computer forensics expert.
Patrick Eller, a former criminal investigator in the US Army, told the Old Bailey that cracking the password was not technically possible and even if it had been, it would not have helped Manning download sensitive documents without being tracked.
Eller was giving evidence on the 13th day of the hearing. Judge Vanessa Baraitser announced that she would not rule on the case until next year – after the US election – following requests from Assange’s defence team for a further four weeks to prepare their closing submissions.
The US accuses Assange of conspiring with Manning in March 2020 to attempt to crack a password hash based on a conversation using the Jabber instant messaging service.
Manning provided WikiLeaks with hundreds of thousands of US State Department cable reports on the wars in Iraq and Afghanistan and reports on the detainees in Guantanamo, marked up to secret level.
The US claims in an indictment that had the attempt to crack the password been successful, Manning may have been able to log on to computers under a different username in an attempt to cover her tracks.
“Such a measure would have made it more difficult for investigators to identify Manning as the source of unauthorised disclosures of classified information,” stated the indictment.
Assange is charged with one count under the US Computer Fraud and Abuse Act (CFFA) and 17 counts under the US Espionage Act, which carry a maximum prison sentence of 175 years.
Any good at hash cracking?
According to a Jabber chat log, Manning asked a person called Nathaniel Frank – alleged to be Assange – whether he was any good at cracking a password hash. Manning sent Assange a hexadecimal string that she had found on her computer network.
The discussion ended after “Frank” passed the hash to an expert to look at and later reported that he had “no luck so far” in decrypting it.
The password hash contained an encrypted hash of half a password.
The US claims that if Manning had been able to crack the encryption and had retrieved the other part of the password, it would have given her access to an ftp user account on the network.
Eller, CEO of Metadata Forensics, said in written submissions to the court that Manning did not need access to the ftp account to access any of the material she passed on to WikiLeaks.
“Manning already had legitimate access to all of the databases from which she downloaded data,” he said. “Logging into another user account would not have provided her with more access than she already possessed.”
The former soldier had authorised access to SIPRNet, a secure government network, air gapped from the internet. She was able to access the network from a sensitive compartmented information facility (SCIF) where she worked with other intelligence analysts.
The network, which Ellis estimated was used by millions of government employees, gave Manning access to databases which included US diplomatic cables and Guantanamo detainee assessment briefs, which she passed to WikiLeaks, without having to log into them.
“She already had authorisation [to access the datasets],” Eller wrote in a 23-page witness statement. “It is unclear to me that any anonymity would be gained by cracking the password to gain access to the ftp user account.”
The army tracked who accessed these databases by recording the IP address of the computer used to access them, he said. Gaining access to the ftp account would not have provided Manning with anonymity when downloading documents to leak to WikiLeaks.
Cracking password not technically possible
Eller said it would have been technically impossible at that time for Assange or Manning to decrypt the password.
He said he had not changed his view in the light of evidence by the prosecution today that security vulnerabilities had previously been found in the Windows passwords software in use at the time.
“No, I don’t change my opinion,” he said, adding that his opinion was shared by a government expert in Manning’s court martial.
Eller told James Lewis for the prosecution that Microsoft issued a patch which fixed the problem in December 1999 to protect against an attack by strongly encrypting the password.
Cracking password would not help Manning access anonymous files
There was no advantage in Manning using the ftp account if she wanted to hide her identity, Eller told the court.
“Even if Manning was in fact logged into the ftp user account rather than her own normal account, this would have no effect on tracking,” he said in his witness statement.
“Merely logging into a different local user account on the computer (such as ftp user) would not anonymise Manning at all because the IP address of the computer would remain the same regardless of what user account is in use.”
If Manning had wanted access from an account that wasn’t her own, she could have done so without cracking any passwords because she had access to the accounts of other soldiers in the SCIF, said Eller.
Eller said that in his view, the allegation that Manning was trying to crack the password to access sensitive data was not tenable.
Before allegedly chatting with Assange on Jabber, Manning had already downloaded and leaked hundreds of thousands of documents using her normal account on two secure computers that she used regularly.
These included the Iraq and Afghan war logs, the rules of engagement and “Collateral murder” video, and the Guantanamo detainee assessment briefs.
There was no evidence that Manning had attempted to download these documents anonymously and no indication that she was trying to crack the ftp user account password, said Eller.
“The technical impossibility of using the ftp user account to download data anonymously, combined with Manning’s past behaviour of downloading hundreds of thousands of documents from her own account, indicate that it is highly unlikely that Manning’s attempt to crack the ftp user password had anything to do with leaking documents,” he wrote.
Manning already knew how to access data on her own local computer anonymously by booting it with a Linux CD and reading the files, bypassing the access controls of the Windows operating system.
Soldiers used computers for watching films and playing games
Eller said it was common practice for soldiers working with Manning to take breaks to listen to music or play computer games.
Soldiers had used unauthorised software, stored on the T-drive of the SCIF, or on their work computers to play games, listen to music or conduct chat.
Evidence that emerged from Manning’s court martial showed that soldiers attempted to crack administrator passwords to download unauthorised software.
Manning was regarded as a technical expert and was often asked by other soldiers to help them install unauthorised software.
Eller said there were many potential reasons why Manning would want to crack a password, including installing software for her colleagues.
The case continues.
Read more about Julian Assange’s September extradition hearing at the Old Bailey
- Lawyers for Julian Assange say the US has introduced an 11th hour indictment against the WikiLeaks founder that provides additional grounds for his extradition.
- On the second day of his extradition hearing at the Old Bailey, judge informs the WikiLeaks founder he could be removed and potentially banned from court for interrupting witnesses.
- US journalism historian and investigative journalist Mark Feldstein tells a UK court that use of the Espionage Act against Assange will have wide implications for the press.
- Trevor Timm, co-founder of the Freedom of the Press Foundation, tells a court that if the US prosecutes Julian Assange, every reporter who receives a secret document will be criminalised.
- WikiLeaks founder Julian Assange will be held under special administrative measures if extradited to the US, said Eric Lewis, a US legal expert, effectively placing him in solitary confinement.
- MEPs and NGOs say they have been denied access to observe extradition proceedings against WikiLeaks founder in Central Criminal Court.
- WikiLeaks founder Julian Assange held back 15,000 documents from publication at the request of the US government, a court heard today.
- Daniel Ellsberg, who leaked highly classified documents that changed the course of the Vietnam War in the 1970s, says WikiLeaks exposed a serious pattern of US war crimes.
- WikiLeaks and its media partners used software developed by an independent non-government organisation (NGO) to redact information that could identify individuals from 400,000 classified documents on the Iraq war, a court heard today.
- New Zealand investigative journalist and author Nicky Hager said that WikiLeaks’ publication of a video showing a US helicopter firing on civilians, along with the publication of secret war logs, ‘electrified’ the world to civilian deaths.
- WikiLeaks founder Julian Assange was offered a “win-win” deal that would allow him “to get on with his life” and benefit US president Donald Trump.
- Khalid El-Masri said that disclosures by WikiLeaks showed that the US had intervened in a German judicial investigation into his torture and kidnapping by the CIA.
- Trump supporter, Cassandra Fairbanks was given advanced details of US plans to oust Wikileaks founder Julian Assange from the Ecuadorian Embassy and to arrest him for over documents leaked by former soldier Chelsea Manning.
- WikiLeaks published unredacted cables after password was disclosed in book by Guardian journalist David Leigh.
- Julian Assange is on the autistic spectrum and has a history of depression that would put him at risk of suicide if he is extradited to a US prison
- Nigel Blackwood, NHS consultant psychiatrist, told the Old Bailey court that although WikiLeaks founder Julian Assange had ‘moderate depression’ and autistic traits it was ‘not unjust’ extradite him.
Read more on Hackers and cybercrime prevention
WikiLeaks founder Julian Assange cannot be extradited to face charges in US, court rules
The case of Julian Assange as he faces US extradition bid – Computer Weekly Downtime Upload podcast
WikiLeaks led the way for newsrooms to use encryption to protect sources, says Italian journalist
Judge to give verdict on Julian Assange’s extradition after Christmas