Just because you're paranoid doesn't mean they're not out to get you
March 15, 2010 1:46 PM   Subscribe

From a 2008 document titled "Wikileaks.org—An Online Reference to Foreign Intelligence Services, Insurgents, or Terrorist Groups?" (PDF) produced by the Cyber Counterintelligence Assessments Branch of the Army Counterintelligence Center:
(S//NF) Wikileaks.org uses trust as a center of gravity by assuring insiders, leakers, and whistleblowers who pass information to Wikileaks.org personnel or who post information to the Web site that they will remain anonymous. The identification, exposure, or termination of employment of or legal actions against current or former insiders, leakers, or whistleblowers could damage or destroy this center of gravity and deter others from using Wikileaks.org to make such information public.
posted by scalefree (31 comments total) 2 users marked this as a favorite

 
And we must preserve their anonymity...

Unless, of course, they're hurting our stock value freedoms.

I'm not sure what makes this worthy of an FPP or even our attention. Did I misread it? Was the intent of the document to bust up the operation?
posted by Bathtub Bobsled at 1:49 PM on March 15, 2010


Yeah, so I read everything except for the bold words at the top.

Time for more coffee, I guess.


posted by Bathtub Bobsled at 1:52 PM on March 15, 2010


(S//NF) Wikileaks.org represents a potential force protection, counterintelligence, OPSEC, and INFOSEC threat to the US Army.

(S//NF) Recent unauthorized release of DoD sensitive and classified documents provide FISS, foreign terrorist groups, insurgents, and other foreign adversaries with potentially actionable information for targeting US forces.

posted by mecran01 at 1:59 PM on March 15, 2010


(S//NF) Recent unauthorized release of DoD sensitive and classified documents provide
FISS, foreign terrorist groups, insurgents, and other foreign adversaries with potentially
actionable information for targeting US forces.


Cite, anyone?
posted by ZenMasterThis at 2:00 PM on March 15, 2010


Yeah, so I read everything except for the bold words at the top.

Although that is from the wikileaks summary which is a bit much.
posted by smackfu at 2:02 PM on March 15, 2010


It's strange, because the most immediately obvious counterstrategy to WikiLeaks is to inundate it with false leaks which they cannot identify as false. Security through obscurity, of a sort. (For bonus points, encode watermark information into the false leaks to allow you to trace the source.)

Instead they have made a list of all the leaks that were genuine and perceived as harmful, which only further weakens their position. Master straertegists?
posted by mek at 2:08 PM on March 15, 2010


Another counterstrategy would be to produce a classified document about wikileaks that you know they would post, then use that to trace the leaker.
posted by smackfu at 2:09 PM on March 15, 2010 [4 favorites]


The quote I used in the post is from the report itself not the Wikileaks coversheet.
posted by scalefree at 2:09 PM on March 15, 2010


More strategizing would involve not torturing human beings. Then there wouldn't be anything to leak about it.
posted by Blazecock Pileon at 2:12 PM on March 15, 2010 [3 favorites]


I just don't see that as "It concocts a plan to fatally marginalize the organization." This plan is literally that one sentence in the summary. Which says the Army wants to bust the leakers of classified info, and that should deter future leakers. This is not a shocking plan of action.
posted by smackfu at 2:18 PM on March 15, 2010


The report provides further justification by enumerating embarrassing stories broken by WikiLeaks—U.S. equipment expenditure in Iraq, probable U.S. violations of the Cemical Warfare Convention Treaty in Iraq, the battle over the Iraqi town of Fallujah and human rights violations at Guantanmo Bay. Note that the report contains a number of inaccurances, for instance, the claim that WikiLeaks has no editorial control.

Well, there's certainly no copyediting control going on.
posted by stefanie at 2:19 PM on March 15, 2010 [5 favorites]


I wonder if, somewhere out there, there's a contingency plan to undermine the credibility of Metafilter.
posted by grobstein at 2:33 PM on March 15, 2010


I wonder if, somewhere out there, there's a contingency plan to undermine the credibility of Metafilter.

1. Start a MeTa thread titled "Let's talk about the troubling and disturbing discussion of [group] in this thread."

2. ????

3. UNDERMINE
posted by sallybrown at 2:38 PM on March 15, 2010 [3 favorites]


1. Start a MeTa thread titled "Let's talk about the troubling and disturbing discussion of [group] in this thread."

You just need to find the perfect group that perfectly splits the MeFi audience in half on the pro and con side.
posted by smackfu at 3:03 PM on March 15, 2010


stefanie > Note that the report contains a number of inaccurances, for instance, the claim that WikiLeaks has no editorial control.

Well, there's certainly no copyediting control going on


I've always wondered if that could be used to trace a leak: Take a perfectly proofread document and insert typos into individual poeple's copies.
posted by Decimask at 3:09 PM on March 15, 2010 [5 favorites]


I've always wondered if that could be used to trace a leak: Take a perfectly proofread document and insert typos into individual poeple's copies.

Map companies use fake towns to catch copyright thieves: cf. copyright trap.
posted by Blazecock Pileon at 3:16 PM on March 15, 2010 [3 favorites]


Can I just mention that, if I were the admin of a site that dealt with secret / top secret info, I'd be hugely annoyed by this post (and the ones on reddit and digg and etc). See, now I'd have to (if I were such an admin) go through my logs and figure out who downloaded what, or which systems / caches were exposed to the bits starting with S//NF and then I'd have to start sanitizing all these systems to the letter of whatever law the agencies handling my site security certification held us accountable for. Myself and the ISSO would then have to spend the night sorting all of this out. If, ya know, I were a cleared admin. Hypothetically speaking. That hypothetical me would be getting some serious overtime, though.
posted by blixco at 3:38 PM on March 15, 2010 [1 favorite]


If you have a site that has S//NF data on it & it's reachable & indexed by any Internet search engine, you have much bigger problems than people Googledorking for "S//NF". Material classified at SECRET belongs on SIPRNET which mandates physical airgap to non-SIPRNET machines, TEMPEST shielding & power line conditioning, NONSTOP & HIJACK secondary device EMSEC protection, inert gas pressurized network cable pipes & other extensive measures to keep it from getting out.
posted by scalefree at 4:01 PM on March 15, 2010 [1 favorite]


Decimask - it is called a "canary trap". The first time I saw the term was in one of Buckley's Blackford Oakes novels.
posted by jet_silver at 4:10 PM on March 15, 2010


Yes, scalefree, it does belong on SIPRNET. I should have prefaced what I said with 1) THE LINK (which clearly isn't on SIPR since we're here) and 2) my hypothetical admin is in a mixed-mode facility with all sorts of networks. So, when the info spills and it isn't on SIPRNET but is instead on the internet, and down the line someone audits a machine on your unclass network (which is not at all connected to your other nets) and they see S//NF then what happens? Who gets fired?

Spills have happened in the past. Proving that this particular S//NF string isn't from your own protected network (in a mixed-mode facility) is difficult at best. The solution to proving that it ain't your spill? You clean it off your unclass net (caches and clients and proxies and whatnot), block wikileaks (already blocked, thanks!) and mefi and digg and reddit and etc from your unclass net, and document the crap out of how the S//NF string got onto your unclass network, so when they audit your unclass network, you aren't held liable. Thus the overtime. For my hypothetical admin and his ISSO. Who need a beer at this point.
posted by blixco at 4:33 PM on March 15, 2010


I've always wondered if that could be used to trace a leak: Take a perfectly proofread document and insert typos into individual poeple's copies.

I've heard of people using that to track businesses that sell/divulge personal information - write your name/address slightly differently, then see what the spam you get is addressed to. I don't do that, but did find out that some "extended warranty" spammer got my info from the WA DOL (which had the wrong middle initial in my car registration).
posted by qvantamon at 4:33 PM on March 15, 2010


I've heard of people using that to track businesses that sell/divulge personal information

Tesla motors tried to do that recently with a company wide 'private' email. Except one did a reply to all, so everyone who got a 'custom' version also got a sanitized version.
posted by delmoi at 4:56 PM on March 15, 2010 [1 favorite]


Wasn't there a story recently about how Iceland wants to sorta become the new Free Speech Zone of the world? Like a Switzerland for data/speech? And how it could become a haven for things like Wikileaks?

Is Iceland now going to become our enemy?
posted by symbioid at 5:39 PM on March 15, 2010


Yeah WikiLeaks is in talks with Icelandic MPs to pass something called the Icelandic Modern Media Initiative which would create protections for whistleblowers & journalists alike.
posted by scalefree at 5:54 PM on March 15, 2010 [2 favorites]


delmoi > Except one did a reply to all, so everyone who got a 'custom' version also got a sanitized version

I could see someone catching that in an email (but who the f*** bothers to read the copy someone forwards when you already have your own?), but what about in an 80-page report?

Hell, if you set it up as a scanned document (admittedly suspicious), all you'd need is 1 pixel of noise variation. OCR wouldn't even notice it.
posted by Decimask at 8:58 PM on March 15, 2010


Can someone explain what Blixco just said?
posted by stratastar at 8:59 PM on March 15, 2010 [1 favorite]


stratastar: What he's saying is that he runs a "mixed mode" facility that includes SECRET & UNCLASS networks. When this story broke, it leaked into the Unclassified networks through their connection to the Internet, leaving "S//NF" (SECRET/No Foreigners) droppings behind. Periodically auditors from various security outfits (usually DISA, the Defense Information Systems Agency) perform audits to make sure that no data is leaking ("info spills") from the SECRET nets to the UNCLASS ones. One simple way to do that is to search for text like "S//NF". So what he & his ISSO (Information System Security Officer) are doing is purging the Internet-connected systems of all references to the story & documenting what they did as a preemptive defensive measure against their next audit. Even though the leak came from the Internet & not the Classified networks, its mere presence on his systems could cause him significant trouble.

It's a difficult place to be, at the interface between a free society & a secret-keeping organization. When it comes to security information is a lot like water; it finds any crack no matter how small. Managing all that water without spilling even a drop is a really tough job.
posted by scalefree at 9:54 PM on March 15, 2010 [4 favorites]


I've always wondered if that could be used to trace a leak: Take a perfectly proofread document and insert typos into individual people's copies.

Except that pedants like me compulsively fix those errors, like I just did :-)

Many formats like doc or pdf have hidden areas that can contain unique information for that sort of tracking, so in the case of complete documents, it can be easy to "mark" them.

I believe Hollywood producers do this now with the review DVDs they send out, so that if a film is leaked, they can figure out whose DVD was the source.
posted by Artful Codger at 6:32 AM on March 16, 2010


Can someone explain what Blixco just said?

We could, but then we'd have to...

Um, scalefree, Number One wants to see you in his office. NOW.
posted by Artful Codger at 6:36 AM on March 16, 2010


Um, scalefree, Number One wants to see you in his office. NOW.

Like I've never heard that before. Hey, I've come to my understanding of the Dark Arts honestly, through patient study of obscure & arcane but still open source material. I'm beholden to nobody for how I get to share it.
posted by scalefree at 8:11 AM on March 16, 2010 [1 favorite]


Glenn Greenwald: The war on WikiLeaks and why it matters
posted by homunculus at 9:55 AM on March 27, 2010


« Older Irrespective of whether you exercise vigorously, s...  |  People have been upset about P... Newer »


This thread has been archived and is closed to new comments