suspect utilities

Whatever else will happen in the Bradley Manning trial, it is apparent that the prosecution will be careful to present anything that could possibly be seen as out of order when it comes to his use of equipment – at least, based on this report in The Guardian:

Military computer experts told the hearing that they had found a computer programme called Wget that is used to speed up the transfer of files, and another called Roxio for burning CDs.

So, this may not be news, but possession of standard operating system utilities or the most commonly distributed applications may be regarded as incriminating evidence.  And be reported as such.  I commented on this recently in another place, to which the entirely valid response was made that use of Roxio may have been illicit on a military computer.  Even that may be too broad – it could be that Bradley Manningʼs unit were not allowed to use Roxio or wget on specific computers, or perhaps he was personally banned from using them at all.  But none of these seem likely – or at least, not very sensible.

If thereʼs a need for CD writing (which there may have been in the working environment) you would expect one utility to be more or less as good as another subject to malware scanning and security clearance).  Maybe Roxio failed such clearance where Nero did not (assuming a Windows machine)...  But wget?  It would be surprising, but ... donʼt know...

Out of curiosity I had a gander at the US DoDʼs public LPS distribution, and wget does not seem to be included, though Open SSH and Firefox (both having greater file transfer abilities) are.  (Caveat: this is unlikely to be the same OS & user environment in use by Bradley Manning, as it shouldnʼt (?) run Roxio, but it is likely to have a similar or more stringent level of clearance, and very likely to be a more secure environment than anything he was authorised to use which could run Roxio.)

So – whatʼs a (cleared) version of wget going to do?  Send all the secrets to Wikileaks without the user knowing?  Itʼs a download tool ... unlike Open SSH or Firefox, which can also upload via Tor and so on.

(The US DoD incidentally say of LPS: To get started, download the LPS-Public ISO image and burn it to a CD.  And in case you donʼt know how to burn CDs they have a very informative page which explains how to do so from OSs without extra software, or indeed with it: “Some popular [burning utilities] for Windows are Nero, Roxio, and Alcohol 120%. Roxio Toast is popular on the Mac.”  Hm.)

For both (types of) utilities the security issue (barring hypothetical versions patched with spyware which your security systems should be preventing for all hard/software) is about configuration, and what you do with them.  e.g. not downloading disallowed content, not copying it to CD and not taking media off-site without content checking and authorisation.  Ongoing solutions are in network-level access control and physical security checks.  Both of which there appear to be concerns about in the working environment in this investigation.

Anyhow: wget http://your.url/ is basically a simpler way of writing telnet your.url 80 > file.name^jGET / HTTP/1.1^jhost: your.url^j^j, with various options appendable to both; while using Roxio is just a visually packaged way of doing other things a modern OS also does anyway.  Or if you need to prevent your personnel doing these things, you have to either disable the underlying OS functions or just not install CD writers and network connections.

Anyone other than a prosecutor might as well just say “defendant was using a computer!”.  It may sound more incriminating to the uninformed to talk about scary command line utilities; but while most people, including most members of military tribunals, probably donʼt know they have wget (or similar) on board (if they have), most PC users now probably know they have Roxio or a similar package, even if they donʼt use it, ‘free’ with their CD drive.  Itʼs stretching average usersʼ credibility to suggest Roxio is a specific threat to any competent security system.  Supposing you use it to write illicit material?  How do you hide CDs? [1]  Right, A&E departments have certainly found stranger things in peopleʼs internal cavities, but possibly not ‘ordinary’ 120mm media. [2]  But you donʼt need Roxio or wget to write leakworthy material to a USB chip once youʼve got hold of it by other means, and Iʼve certainly had more awkward things than USB chips in my internal cavities [3].

Neither Roxio nor wget appear to be more than incidental in this case – even if they were used by the defendant to carry out culpable acts.  They are only more-or-less convenient substitutes for normally permitted software, and are not unique in their convenience.  Normally I would suspect poor reporting, but in this case I suspect hopelessly tendentious prosecuting and poor reporting.  Which may not be surprising on either count, but the more prosecutors or reporters get away with it, the more likely it is to spread to other trials for less popular defendants with less actual knowledge and ability to make these points themselves, and less access to minimally competent lawyers and PR to do it for them.


  1. In this case, perhaps amongst other CDs (licit or not) scattered all over the office in obvious contravention of required security practices, and probably scattered not only by the defendant.  
  2. Of course, I had to check that.  Google returns a surprisingly large number of hits for “CD found in rectum” – but CD here mostly means Cröhnʼs Disease or CD* chemical markers.  No relevant references to 120mm diameter digital media [4], though Iʼm not betting on credit-card CDs; still, MicroSD cards are less obvious, and USB chips need no unusual hardware or software.  
  3. Iʼm told this is for medical purposes. ;-)  
  4. Though there appear to be CDs by the unattractively named bands Solar Anus and Bleeding Rectum.  I think there needs to be a new rule (no.37?) of the internet:  If you can imagine it, thereʼs a band called it.