The publication by WikiLeaks of more than 250,000 diplomatic cables were reportedly downloaded from a classified database belonging to the US Department of Defence network. This network it is known as the Secret Internet Protocol Router Network (SIPRNet).
Introduction to SIPRNet – The beggining
After the 9/11 terrorist attacks the US Congress and the White House ordered to break down the barriers that prevented sharing of information across the different intelligence services. At the time there was more than a dozen different US intelligence agencies across the U.S. government and around the world.
In order to facilitate these security agencies the sharing of information, the Net-Centric Diplomacy database (NCD) was created, classified information up to the top secret level would be stored there and government agencies could access that database through their own secure networks.
The US Department of Defence network created in 1995 was called the Secure Internet Protocol Router Network, or SIPRNet.
Over the past decade, access to SIPRNet has sky rocketed to around half a million people. US staff having access to SIPRNet includes embassy personnel, army officials from other countries, state National Guard officials and Department of Homeland Security personnel.
SIPRNet security specifications
SIPRNet supports the Global Command and Control System (GCCS), the Defense Message System (DMS), collaborative planning and numerous classified war fighter applications. Direct connection data rates range from 56 kbps to 155Mbps. Remote dial-up services are available up to 115.2kbps.
SIPRNet acts like a closed network using packet switching over the TCP/IP protocols and it has dedicated and encrypted lines that are separate from all other communication systems.
There are no special SIPRNet computers but every authorized user must be approved by his chain of command, then he or she will receive a user identifier and will have to set up a strong password at least 10 characters long including two upper case letters, two lower case letters, two numbers, and two special characters and it must be changed at least every 150 days, the rules also specify that the user must not leave the computer while logged-in, not even for a cup of coffee.
Linking a computer with access to the SIPRNet to the Internet or to any other computer or media storage device that has not been approved for use with secret information is a serious security violation.
Once any media storage device has been plugged into a computer with access to SIPRNet it becomes classified at the secret level and can not be used in insecure networks such as the Internet, although after the Wikileaks scandal all SIPRNet computers have been blocked from downloading data to removable media.
The Secret Internet Protocol Router Network maintains an audit trail of all users, including, but not limited to, the identity of everyone accessing or attempting to access the SIPRNet, date and time of logon/logoff, and any noteworthy activities that might indicate an attempt to modify, bypass, or negate security safeguards.
Regular military precautions for using classified material also require that the computer’s random access memory must be erased and laptop computers with access to SIPRNet must be stored at a secure approved location when not in use.
How the Secret IP Router Network got busted
The following text below is partial chat transcript of private Bradley Manning with Adrian Lamo. Bradley Manning was a 22 year old US army private with access to SIPRNet and allegedly responsible for leaking thousands of secret US documents to Wikileaks.
(01:54:42 PM) Bradley Manning: i would come in with music on a CD-RW
(01:55:21 PM) Bradley Manning: labeled with something like “Lady Gaga”… erase the music… then write a compressed split file
(01:55:46 PM) Bradley Manning: no-one suspected a thing
(01:55:48 PM) Bradley Manning: =L kind of sad
(01:56:04 PM) Adrian Lamo: and odds are, they never will
(01:56:07 PM) Bradley Manning: i didnt even have to hide anything
(02:15:03 PM) Bradley Manning: pretty simple, and unglamorous
(02:17:56 PM) Bradley Manning: weak servers, weak logging, weak physical security, weak counter-intelligence, inattentive signal analysis… a perfect storm
(02:44:47 PM) Bradley Manning: the network was upgraded, and patched up so many times… and systems would go down, logs would be lost… and when moved or upgraded… hard drives were zeroed
(02:45:12 PM) Bradley Manning: its impossible to trace much on these field networks…
(02:46:10 PM) Bradley Manning: and who would honestly expect so much information to be exfiltrated from a field network?