The conspiracy to commit computer intrusion charge levied against Julian Assange by the US government is not based on a reliable set of presumptions, the Old Bailey heard on Friday.
Mr Patrick Eller, who served 20 years in the US Army, was Command Digital Forensic Examiner at the US Army Criminal Investigation Command headquarters in Quantico, Virginia. He has reviewed the computer intrusion allegations against Mr Assange and supporting documents submitted by the US government as well as the transcripts of the trial of US Army whistleblower Chelsea Manning and provided an expert report to the court on his findings.
— Kevin Gosztola (@kgosztola) September 25, 2020
Mr Eller reviewed transcripts of electronic conversations in 2010 between Ms Manning and a person who is alleged to be Mr Assange. Based upon that conversation Mr Eller concluded that it is impossible to determine what the purpose of the cracking of the password hash would be. The US government alleges that the purpose would have been to assist to anonymise Ms Manning so that she could obtain the classified documents that she ultimately leaked to WikiLeaks.
Mr Eller's analysis made clear that in his opinion it would have been impossible to crack the hash at that time.
"Manning only retrieved the encrypted hash value from the SAM file. She did not have the System file or the portions of the SAM file that are required to reconstruct the decryption key for the hash. This decryption step is necessary before the hash can be cracked and it is a separate process from cracking the hash by guessing difference [sic] password values with rainbow tables. At the time , it would not have been possible to crack an encrypted password hash such as the one Manning obtained", Mr Eller stated conclusively in his expert report.
He also confirmed that wouldn't have been necessary for Ms Manning to crack the password hash because Ms Manning already had access to the classified documents that she leaked via the militaries intranet system. Access which is estimated to include millions of other people in the military, Mr Eller told the court.
Furthermore, Ms Manning had already used a Linux CD to anonymise herself and therefore did not require further assistance to do so thereafter, Mr Eller told the court.
Mr Eller found: "strong support for the proposition that the interpretation placed by the prosecution on the conversation with Manning and Assange could not be reliably or safely construed to be for the purpose of obtaining anonymity for Manning so that classified information could be extracted without personal anonymity being compromised."
— Kevin Gosztola (@kgosztola) September 25, 2020
The defence has argued that the discussion of breaking through the password hash was about affording Ms Manning the ability to view computer games and movies which otherwise would have been restricted within the computer system. Mr Eller states in his report that Ms Manning was known in her unit as the "go to" person for technical matters. Ms Manning faced a court martial in the US, where she was convicted of leaking classified documents to WikiLeaks, and was sentenced to 35 years in prison. Her sentence was later commuted by President Barack Obama.
Mr Eller told the court that the attempt to crack the password hash was consistent with an attempt to access materials such as movies and video games which would otherwise be blocked to US Army personnel.
The expert's report says that the transcripts of the court martial make clear that:
- Soldiers regularly put unauthorized files and programs on computers in the T-SCIF;
- other soldiers cracked the administrator password in order to install programs;
- Manning’s colleagues viewed her as a technical expert (a view enjoyed by Manning);
- Manning’s colleagues regularly asked her to install programs on their computers.
Mr Lewis presented Mr Eller with a warning from Microsoft in 1999 that suggested the password hash was in fact vulnerable to being cracked, this evidence was only served on the defence at 11:30pm the night before the hearing and Mr Eller is based in the US. The judge granted Mr Eller an hour to view the additional evidence before he was cross-examined on it on Friday (at 6am his time).
But Mr Eller pointed out to Mr Lewis that on 16 December 1999 Microsoft also posted a patch for that vulnerability and it stated that it "strongly encrypts the hash information in the database in order to protect from offline password attacks" and that it "eliminates and makes it computationally infeasible" to apply brute force in order to break it.
"Rather than debate the issue can we agree with this" Mr Lewis asked, changing the subject, "In any event the participants in the chat [Ms Manning and Mr Assange] thought they could crack the pass and agreed to attempt to crack the password hash?"
Mr Eller responded noting that "a hash was provided and they said they had rainbow tables for it", but the chat never states where the hash was from. The expert added that the US government's "own expert witness in the court martial" stated that "it was not enough for them to actually be able to crack the password hash".
Upon re-examination by Mark Summers QC, Mr Eller confirmed that he stood by his assessment of the lack of feasibility that the password hash was crackable at that time. He again confirmed that even if it were possible it would not have provided access to any more classified documents than that which Ms Manning already had access to and was not necessary in order to hide her identity. The expert also confirmed that we do not actually know who Ms Manning was communicating with, or even if it was the same person each time, when it came to the discussion of the password hash.
Mr Assange faces up to 175 years in prison in the US if he is convicted on all of the charges. The US government has argued that such a sentence is unlikely, but defence experts have already testified that an effective life sentence (eg somewhere between 30 - 40 years) is realistic given the nature of the charges and past practice in prior cases.