I realize that readers may be surprised to see a news story with that headline linked from this blog, but if you read the report by Maggie O’Kane, Chavala Madlena and Guy Grandjean, you’ll see that as much as it reports on Manning’s mental health before and during deployment, it also reveals a lot of reportedly very sloppy security when it came to access to computers connected to SIPRNet:
A Guardian investigation focusing on soldiers who worked with Manning in Iraq has also discovered there was virtually no computer and intelligence security at Manning’s station in Iraq, Forward Operating Base Hammer. According to eyewitnesses, the security was so lax that many of the 300 soldiers on the base had access to the computer room where Manning worked, and passwords to access the intelligence computers were stuck on “sticky notes” on the laptop screens.
Read more in The Guardian.
The video on their investigation is more focused on Manning’s mental, emotional, and social history and strikes me as yet another case where the military made a poor decision or ignored the warning bells sounded by those who had concerns about Manning’s fitness to serve. In the context of data breaches, how many reports have we seen about disgruntled employees or insiders being a serious threat to data security? Despite that common knowledge, the military reportedly left access to the network relatively wide open in terms of number of individuals authorized to access it and then failed to even ensure that login credentials were secure. That, of course, would not excuse what Manning did – if he did it – but it should raise serious questions about whether the government really took info security seriously until the data were leaked.