Day 14: Julian Assange's extradition hearing. Today we expect testimony from Patrick Eller, digital forensics expert, on the computer crime charge and the alleged agreement between Assange & Chelsea Manning to crack a password in 2010. #AssangeCase
Mark Summers for the defense says the prosecution provided its bundle for Eller, challenging claims in his statements, at 11:30pm last night. He has gotten up at 5:00am to testify and has had about 5 minutes to review these documents... Defense asks for an hour for him to review.
Patrick Ellers will argue, Summers says, that the allegation against Assange regarding the password cracking issue is not possible, and if it were it was not used for the purpose the government alleges.

Judge grants 50 more minutes for Ellers to review.
Discussion over whether to release Assange's medical report (includes his family's history) to the press. Defense and prosecution agree that they should be withheld for privacy but are making the case to the judge. Judge speaking to a member of Press Association in court.
Will decide that issue at the end of today's proceedings. Now discussing defense request for time between the end of testimony and closing arguments. Would be willing to not make oral arguments and just submit in writing if they get more time to prepare.
The other option, the judge says, is to make oral arguments on the Thurs and Fri of the 5th week (2 weeks from now). Prosecution says it would be fine with just written arguments, would ask for just 1 or 2 weeks.
Judge says this case has already gone 18 months, the defense can't ask for so much time, and your client is in confinement.

Ed Fitzgerald: if the court were to grant him bail that would solve that problem
Defense notes an initial option was to resume this hearing in November but the defense asked for September, so we are still within that timeframe. Defense also notes the surprise 2nd superseding indictment (>4 months after the hearing began)
Judge notes this would mean closing arguments at the end of October, and a ruling wouldn't come until 2021.
Judge also picks up a prosecution argument that the defense can't bring up more evidence. Fitzgerald says it would have to be something quite dramatic, "if President Trump says he's going to execute all journalists" we would have to make comment on that
Judge: what impact would the U.S. presidential election have on your case?

Fitzgerald: There could be some impact. (cont'd)
Fitzgerald: Much of what we say about Mr Trump personally goes to why this was initiated, that will all remain. Much of what we say about the US prison systems will remain because it's systemic. But we do feel the situation would be worse if Trump were to win.
Judge grants the defense the 4 weeks to give written closing arguments, the prosecution 2 weeks to then reply with theirs, and a final 72 hours for limited defense reply.
Defense now reading a statement from Jakob Augstein, journalist at Der Freitag in Sept 2011, when the German weekly published the article indicating that the Guardian book releasing the password + mirrored encrypted files could be put together to find the unredacted cables.
Augstein: the encrypted Cablegate file published online came from Daniel Domscheit-berg's trove that he had taken away from Assange/WikiLeaks' control when he left and started OpenLeaks

It was Domscheit-berg's copy of the encrypted file that appears to have been mirrored.
Now discussing prospective evidence from US prison psychologist. Prosecution "strongly objects" to these 2 reports on the same issues already addressed by other witnesses. If the judge accepts them, prosecution would request adjournment to prepare.
Prosecution complaining about late evidence, "enough is enough." [Yes the same prosecution which brought a 2nd superseding indictment halfway through the case.]
Defense says they haven't been able to cross-examine prosecution affidavits from Gordon Kromberg, others, so the prosecution shouldn't complain about this. Defense just wants its witnesses to be allowed to referred to these reports.
Includes report from Dr Thomas Kucharski which defense says directly contradicts prosecution arguments on US prison conditions
Judge saying she received files from defense last night, she's warned both parties previously about late evidence. "A line must be drawn" judge says on filing timing, these issues (US prison conditions) have already been covered, so the defense submissions will not be accepted.
Patrick Eller now taking the stand by remote video. #AssangeCase
Eller, who served in the US Army for 20 years as a criminal investigator, is president of Metadata Forensics, which provides digital investigation and forensic examination in both civil and criminal cases.
Eller has been asked to examine a jabber chat regarding a password hash from March 2010
Eller: the chat didn't tell him anything about the computer to which it related, or even whether it related to a government computer.

Any indication to 'Nathaniel Frank' that the password hash they were told about referred to a government computer?

No
Explaining hash values: encryption programs "hashes the password", turning plaintext into hash value and stores it.

To change it back to plaintext, in this instance, you would need both the SAM file and the system file.
Based on this chat and the Manning court transcripts: Manning did not have the entire portion required, could not obtain the password
2010, computer was running Windows XP.

Defense: Assume that what you just said is not the case, hypothetically if the hash cracking *was* successful -- want to talk about what intent was if it was successful
Manning had a username on this government computer. Had a local account specific to the computer, not the domain, no access to the wider network within the SCIF (Sensitive Compartmented Information Facility)
By March 2010, Manning had used her own domain to access and download materials later leaked and in this case -- the GTMO detainee assessment briefs, the war diaries, the rules of engagement
This is important ^ -- the government alleges a conspiracy to access and download more information, but Manning had already sent most of the releases to WikiLeaks by the time of this conversation.
If the hash cracking was successful, it would have given 'FTP access', local computer account. No access to the T-drive.
Eller: "govt allegation that there was an attempt to gain anonymity is greatly undermined by the tracking system which identified users. Databases like the Net Centric Diplomacy database & Intelink could be accessed from any account on the computer, including local user accounts"
"But the account on the computer that the user logged into was not used in any way to identify the user to the database. Instead, access was tracked using IP addresses."
"Firstly, many databases were accessible to anyone with a SIPRNet connection. These databases did not require any additional log in information or account based access control. Access was not controlled with accounts."
The Cables and the Detainee Assessment Briefs "were databases that anyone with SIPRNet access could use without any further authentication or login at that time."
If Manning had been able to access the ftpuser account, it would not have given her access to the CIDNE database (where the war logs were held)
If you were trying not to be traced, there were other means available to Chelsea Manning. Defense wants to unpack this - again establishes even with the 'ftp username' (instead of her own personal login), downloading docs would've been traceable by IP address
Manning booted a Linux CD to access the SAM file in the first place, before this jabber chat, to actually be anonymous. So she knew of ways to use computer anonymously that did not require hash cracking (which she knew wouldn't anonymize her)
Films/music files/computer games were on the T-drive. These were unauthorized programs. Users did not have local access to this drive (this is why Manning would want to crack a password, to download programs like *this* from an account other than her own)
Defense established Manning's computer was reimaged: "The consequences of reimaging would be that unauthorized files and programs may have been lost. Soldiers would have to go through the same processes again in order to reinstall them.
It may be notable that this reimaging took place a few days before the portion of the Jabber chat log in which Manning sent a password hash."
End of defense questioning, now James Lewis cross-examining for the prosecution.
Lewis challenges Eller's claim that the password was not cracked -- Eller deduces that from the conversations he's seen, saw no evidence that it was. Lewis says but you don't have evidence that it wasn't
Lewis reading from jabber chats:

Manning "any good at lm hash cracking?"

He replied “we have rainbow tables for lm”.

Manning sent hexadecimal string she found in SAM file

Assange: “passed it on to our lm guy”, “any more hints about this lm hash?”, “no luck so far”.
Lewis is running through complex technical background of LM hashes and how encrypted passwords work
Lewis picks up on phrase "at the time" from Eller sentence: "At the time, it would not have been possible to crack an encrypted password hash such as the one Manning obtained." Lewis wants to show him evidence to see if he changes his mind
Lewis reads from a Microsoft announcement about hashes, "LM hash is an old and weak" system because password length is only 14-characters, breaks into 2 separate files "so if your password is less than 7 characters it should be a breeze" to crack by penetrative attacks
Asks Eller about his sentence "at the time" would have been impossible. Better to say "very difficult" or "might not have been possible" or still say "impossible"?
Eller: In 1999 (time of Microsoft announcement) there was a patch this vulnerability, makes it computationally impossible to use brute force when Sys key has been applied.

Lewis: Right. Well rather than debate the issue with you on this...
Lewis (cont'd): Manning and Assange *thought* they could crack the password and agreed to try to password?

Eller: it never said where the hash if from, and I didn't get to finish my previous answer
Eller (cont'd): The government witness in the Manning court martial said it was not feasible
Aware Assange described himself as a 'fantastic hacker'? (allegedly said this as a teenager)

No

And agree even the strongest encryption can be cracked by an expert hacker?

Yes - Eller wants to add a comment but Lewis moves on
Lewis: we agree an IP address will only identify a computer, not a user?

Yes

And on computer you can log on as a domain user or a local user?

Yes
Evidence at Manning's trial was she logged on as a user in her name?

Yes

In fact the user profile contained forensic evidence used against her at her trial?

That is correct
(Lewis reading from Manning trial transcript, working to establish the above. Cites page 8,300 within the appendix, shows massive scale of the material in the case)
Lewis on program 'wget' found in Manning's profile, scripted to automate downloading. Lots of discussion of wget in Manning trial
Lewis: use of Manning's profile was used to prove what she had done?

Yes

If you use the same computer with a ftpuser account, you could hide all that activity from your domain user account?

That is correct
Can access SIPRNet from ftp user account?

Yes (his statement says didn't require any log in details)

Any forensic evidence from a ftp user account would not be available on an image of the bradley.manning user account?

No, it would be available on the computer
Lewis: the defense argument is one reason she'd want to access ftp account is to download video games/similar programs?

Yes
Lewis: You said it could be assumed that an ftp account had administrative privileges, but how do you know that?

Eller: Local accounts tend to have admin privileges

Lewis: But you don't know, and we'd say it didn't

Eller: Don't see how you could say it didn't
Lewis: If it did not have local admin privileges, it could not be used to install programs/computer games?

Eller: That is correct

Lewis: So it's essential to know that

End of cross-examination, 10-minute recess to see if the defense has more questions
They'll need more time to confer about defense re-examination questioning, so we'll start the lunch break now and return at 2:00pm London time. #AssangeCase
Back from recess. Mark Summers for the defense re-examining Patrick Eller.
The jabber chat has one user as 'Nobody', we know that's Manning because she said so at her trial, right?

Yes

Were you asked to determine who 'Nathaniel Frank' is?

No

So why attribute that name to 'Assange' in your statement?

That was just assumed
So can't know whether that's Assange?

No

Or whether multiple users were behind that username?

Can't know that
Do you stand by your assessment that cracking the hash as alleged would have been impossible?

Yes I do
Microsoft's assessment was that it was computationally infeasible for a password hash to be cracked as such?

That is correct

Because of a patch on that vulnerability?

Yes

That software remained in place on all MS Windows applications for the next 2 decades?

Correct
Would a skilled hacker be able to achieve something that is computationally infeasible?

I would assume no.
Do you resile [deviate] from your opinion that this would have been impossible?

No, and I note this is in line with the government's own expert in Manning's trial
Confirmed that SIPRNet is an intranet, not 'the internet'?

Yes

How many people had access to SIPRNet?

Anyone tasked with using a secret government database/computer

Can you give a number?

Probably in the millions
(Judge seems surprised, "in the millions?" Mark Summers: yes)
Establishing that wget is a common program. If she'd logged in with ftp user account she wouldn't access any domain (like the T-drive, CIDNE database)?

Correct

Access to wget?

Not the wget in her bradley.manning profile
Summers: Lewis confirmed, and everyone agreed, accessing Intellink and the like -- that's tracked by IP address?

Yes

Would ID the specific computer being used?

That is correct

How many people used each SCIF computer terminal?

Day shift and night shift, so 2 on each computer
So it would specify the computer and the time, from which one could work out who was on shift.
Linux CD provided anonymity -- so the benefit that Kromberg suggests (from using ftpuser account) was already available to Chelsea Manning because she already had the Linux CD
Would ftpuser benefits achieve anything by disguising activity of accessing documents from the databases originally?

No it would not - because the IP trail would have led back to the same computer anyway
ftpuser account was found on which machine? Both machines, both of Chelsea Manning's computers
Defense establishes: Computer placed on a domain that has local accounts installed on it would have administrative privileges. Also establishes that FTP stands for file transfer protocol.
End of re-examination, end of Patrick Eller's testimony. #AssangeCase
Now returning to discussing potential release of medical report to the press. "Open justice would not be advanced" by the disclosure of this information, Ed Fitzgerald says, we've already had several days of testimony on it
Dialogue b/w representative of Press Association and judge over release of medical records. PA speaking for the press at large, would accept a redacted report, wants to understand this key plank of defense case. Judge says she (PA) needs to show legal basis to release
No more witness statements today -- end of proceedings, adjourned until Monday at 10:00am London time. #AssangeCase

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Assange Defense

Assange Defense Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @DefenseAssange

1 Oct
Day 18: Julian Assange's resumed extradition hearing. Expecting final witness statements today. #AssangeCase
Defense is explaining to the judge that the parties need a little more time to agree to 2 witnesses' statements, then give an update on the Spanish case (Embassy spying), then make a final submission on the additions to the latest indictment.
We'll break for an hour and a half and the parties will give an update on progress on these matters.
Read 29 tweets
30 Sep
Day 17: Julian Assange's resumed extradition hearing. We expect multiple witness statements will be read aloud this morning, and then Guantanamo Bay prison expert @GuantanamoAndy will be called in the afternoon session. #AssangeCase
Defense is reading from/summarizing a witness statement from war reporter Patrick Cockburn. He was in Kabul when the war logs were released and he says they confirmed civilian casualties he and other journalists suspected.
Cockburn's statement includes the importance of the war logs and Collateral Murder video to prove these incidents in the face of official denial.
Read 51 tweets
29 Sep
Day 16 of Julian Assange's extradition hearing thread. Today we'll have more testimony on prison conditions in the U.S. and what it would mean to send Assange there. #AssangeCase
Today we'll first have remote testimony from Maureen Baird, a former warden at the Metropolitan Correctional Center in New York. Baird has testified in other extradition cases about the inhumane conditions of US prisons and the inability to keep prisoners safe.
In the Lauri Love case, the U.K.’s High Court overturned the lower court judge’s ruling because the judge relied too heavily on the assurances that the U.S. Bureau of Prisons could provide adequate mental health care. (See more from day 13 assangedefense.org/live-blog-entr…)
Read 84 tweets
28 Sep
Day 15 of Julian Assange's extradition hearing and the beginning of the last week of testimony. See all of our daily #AssangeCase reports collected here: assangedefense.org/live-blog/
Today we expect testimony from Joel Sickler and Yancey Ellis, on the prison conditions Assange would face pre- and post-trial in the United States if he is extradited.
At issue in their testimony is whether extraditing Assange to the U.S. would be "unjust or oppressive" and whether he would be subjected to "torture" or "inhuman or degrading treatment of punishment". From our report on Dr. Kopelman's testimony on day 11:
Read 107 tweets
24 Sep
Day 13: Julian Assange's extradition hearing. Expecting more medical testimony today, from Dr. Blackwood and Dr. Sondra Crosby. #AssangeCase
The prosecution calls Dr Blackwood to the stand, just sworn in now, consultant forensic psychiatrist with the NHS. He's made a report for this case, prosecutor James Lewis is taking him through it now
Once again we may summarize the proceedings more than provide exact detail out of respect for Assange's privacy. Relevant for the case: Dr Blackwood finds Assange to be moderately depressed and able to manage his risk of suicide. This differs from the findings of defense doctors
Read 69 tweets
23 Sep
Day 12: Julian Assange's extradition hearing thread. We expect more medical testimony today from Australian psychiatrist Paul Mullen. #AssangeCase
Potentially more sensitive material will be discussed today that we may summarize rather than describe in detail for reasons of privacy. Court has commenced, the parties are talking about evidence that goes to Assange's suicidal ideation in Belmarsh.
Now on the stand is Dr Quinton Deeley, National Health Service psychiatrist who specializes in autism, ADHD, & other mental health issues
Read 81 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!