By examining the case of Private First Class (PFC) Bradley Manning, one can learn more about the insider threat and in turn identify methods to protect data from loss to an insider. How did PFC Manning secretly acquire a vast amount of classified data without being caught and were there indicators that he was an insider threat? It is not the intent of this document to examine his guilt or innocence, argue his status as a whistleblower, criminal, or champion of truth, but to identify lessons learned from the information security lapses that allowed PFC Manning to obtain the data.
Manning’s Background
In order to understand Bradley Manning’s characterization as an insider threat, one must understand a bit of biological background. Bradley…show more content… Manning has yet to proclaim his motive for his actions, but indications point to an incident where Manning reported what he believed to be an improper detention of local Iraqis. His leadership dismissed his analysis and directed him to continue with his duties. Shortly thereafter, Manning downloaded, compressed, and encrypted approximately 90,000 field logs from Afghanistan, 392,000 field logs from Iraq operations, and over 250,000 State Department files, he also downloaded files on the detainees in Guantanamo Bay (Madar, 2013). All of which he had authorized and authenticated access, he did not hack into sites to obtain the date but gained access as part of his routine duties. Nevertheless, how did Manning get all this data out and into the hands of members of the WikiLeaks organization? One may presume he had to undertake some highly secretive or clandestine method to acquire copies of the data. The reality of the situation is that information security measures at that time in combat operations were extremely lax. Bradley Manning simply inserted a bland CD into his workstation, downloaded, copied, and subsequently encrypted the files. He then marked the CD as “Lady Gaga” and walked out of his work area with nearly 700,000 national defense files (Madar, 2013). A blank CD-ROM, a sharpie marker and almost nonexistent information security protocol enforcement enabled one of the largest security breaches in Department of Defense history. Manning began providing the documents to members of the WikiLeaks media outlet while he was on leave in Fort Meade, Maryland (Madar 2013) Manning began bragging to Adrian Lamo, a former hacker, on internet chat logs about downloading military documents and threatening to release them to WikiLeaks and other media outlets (Rothe & Steinmetz, 2013). Lamo reported Manning to US Army