Well this is grim! The ACIC or Army Counterintelligence Center published in March 2008 a National Security Information Special Report, under the auspices of the Department of Defense Intelligence Analysis Program (DIAP). Michael D Horvath of the Cyver Counterintelligence Assessments Branch does not really believe or understand the First Amendment, apparently, and his mind must be a spooky place. It was a HQ Department of Army Production Requirement C764-97-0005 and ACIC Product ID Number is RB08-0617.
This document indicates that the Pentagon is pretty dangerous. But what else is new?
Source: U.S. Intelligence planned to destroy WikiLeaks, 18 Mar 2008
U.S. Intelligence planned to destroy WikiLeaks
WikiLeaks release: March 15, 2010
keywords: WikiLeaks, U.S. intelligence, U.S. Army, National Ground Intelligence Center, NGIC, classified, SECRET,
restraint: Classified SECRET/NOFORN (US)
title: Wikileaks.org - An Online Reference to Foreign Intelligence Services, Insurgents, Or Terrorist Groups?
date: March 18, 2008
group: United States Army Counterintelligence Center, Cyber Counterintelligence Assessments Branch; Department
of Defence Intelligence Analysis Program
author: Michael D. Horvath
By Julian Assange (firstname.lastname@example.org)
This document is a classifed (SECRET/NOFORN) 32 page U.S. counterintelligence investigation into WikiLeaks.
“The possibility that current employees or moles within DoD or elsewhere in the U.S. government are providing
sensitive or classified information to Wikileaks.org cannot be ruled out”. It concocts a plan to fatally marginalize
the organization. Since WikiLeaks uses “trust as a center of gravity by protecting the anonymity and identity of the
insiders, leakers or whisteblowers”, the report recommends “The identification, exposure, termination of employment,
criminal prosecution, legal action against current or former insiders, leakers, or whistlblowers could potentially damage
or destroy this center of gravity and deter others considering similar actions from using the Wikileaks.org Web site”.
[As two years have passed since the date of the report, with no WikiLeaks’ source exposed, it appears that this plan
was ineffective]. As an odd justificaton for the plan, the report claims that “Several foreign countries including China,
Israel, North Kora, Russia, Vietnam, and Zimbabwe have denounced or blocked access to the Wikileaks.org website”.
The report provides further justification by enumerating embarrassing stories broken by WikiLeaks—U.S. equipment
expenditure in Iraq, probable U.S. violations of the Cemical Warfare Convention Treaty in Iraq, the battle over the
Iraqi town of Fallujah and human rights violations at Guantanmo Bay. Note that the report contains a number of
inaccurances, for instance, the claim that WikiLeaks has no editorial control. The report concludes with 13 items of
intelligence to be answered about WikiLeaks.
(U) Wikileaks.org—An Online Reference to Foreign
Intelligence Services, Insurgents, or Terrorist Groups?
Information Cutoff Date: 28 February 2008
Publication Date: 18 March 2008
National Security Information
Unauthorized Disclosure Subject to Criminal Sanctions
Derived from: Multiple sources
Declassify on: Source documents marked 25X1
Date of source: 20060725
This Counterintelligence Analysis Report is published under the auspices of the Department of
Defense Intelligence Analysis Program (DIAP).
Michael D. Horvath
Cyber Counterintelligence Assessments Branch
Army Counterintelligence Center
External Coordination: National Ground Intelligence Center
This product responds to HQ, Department of Army, production requirement C764-97-0005.
ACIC Product Identification Number is RB08-0617.
(U) This special report assesses the counterintelligence threat posed to the US Army by the
Wikileaks.org Web site.
Page 2 of 32
(U) Executive Summary
(S//NF) Wikileaks.org, a publicly accessible Internet Web site, represents a potential force
protection, counterintelligence, operational security (OPSEC), and information security
(INFOSEC) threat to the US Army. The intentional or unintentional leaking and posting of US
Army sensitive or classified information to Wikileaks.org could result in increased threats to
DoD personnel, equipment, facilities, or installations. The leakage of sensitive and classified
DoD information also calls attention to the insider threat, when a person or persons motivated by
a particular cause or issue wittingly provides information to domestic or foreign personnel or
organizations to be published by the news media or on the Internet. Such information could be of
value to foreign intelligence and security services (FISS), foreign military forces, foreign
insurgents, and foreign terrorist groups for collecting information or for planning attacks against
US force, both within the United States and abroad.
(S//NF) The possibility that a current employee or mole within DoD or elsewhere in the US
government is providing sensitive information or classified information to Wikileaks.org cannot
be ruled out. Wikileaks.org claims that the ―leakers‖ or ―whistleblowers‖ of sensitive or
classified DoD documents are former US government employees. These claims are highly
suspect, however, since Wikileaks.org states that the anonymity and protection of the leakers or
whistleblowers is one of its primary goals. Referencing of leakers using codenames and
providing incorrect employment information, employment status, and other contradictory
information by Wikileaks.org are most likely rudimentary OPSEC measures designed to protect
the identity of the current or former insiders who leaked the information. On the other hand, one
cannot rule out the possibility that some of the contradictions in describing leakers could be
inadvertent OPSEC errors by the authors, contributors, or Wikileaks.org staff personnel with
limited experience in protecting the identity of their sources.
(U) The stated intent of the Wikileaks.org Web site is to expose unethical practices, illegal
behavior, and wrongdoing within corrupt corporations and oppressive regimes in Asia, the
former Soviet bloc, Sub-Saharan Africa, and the Middle East. To do so, the developers of the
Wikileaks.org Web site want to provide a secure forum to where leakers, contributors, or
whistleblowers from any country can anonymously post or send documentation and other
information that exposes corruption or wrongdoing by governments or corporations. The
developers believe that the disclosure of sensitive or classified information involving a foreign
government or corporation will eventually result in the increased accountability of a democratic,
oppressive, or corrupt the government to its citizens.
(S//NF) Anyone can post information to the Wikileaks.org Web site, and there is no editorial
review or oversight to verify the accuracy of any information posted to the Web site. Persons
accessing the Web site can form their own opinions regarding the accuracy of the information
posted, and they are allowed to post comments. This raises the possibility that the Wikileaks.org
Web site could be used to post fabricated information; to post misinformation, disinformation,
and propaganda; or to conduct perception management and influence operations designed to
convey a negative message to those who view or retrieve information from the Web site.
(U) Diverse views exist among private persons, legal experts, advocates for open government
and accountability, law enforcement, and government officials in the United States and other
countries on the stated goals of Wikileaks.org. Some contend that the leaking and posting of
information on Wikileaks.org is constitutionally protected free speech, supports open society and
open government initiatives, and serves the greater public good in such a manner that outweighs
any illegal acts that arise from the posting of sensitive or classified government or business
information. Others believe that the Web site or persons associated with Wikileaks.org will face
legal challenges in some countries over privacy issues, revealing sensitive or classified
government information, or civil lawsuits for posting information that is wrong, false,
slanderous, libelous, or malicious in nature. For example, the Wikileaks.org Web site in the
United States was shutdown on 14 February 2008 for 2 weeks by court order over the publishing
of sensitive documents in a case involving charges of money laundering, grand larceny, and tax
evasion by the Julius Bare Bank in the Cayman Islands and Switzerland. The court case against
Wikileaks.org was dropped by Julius Bare Bank, the US court order was lifted and the Web site
was restored in the United States. Efforts by some domestic and foreign personnel and
organizations to discredit the Wikileaks.org Web site include allegations that it wittingly allows
the posting of uncorroborated information, serves as an instrument of propaganda, and is a front
organization of the US Central Intelligence Agency (CIA).
(S//NF) The governments of China, Israel, North Korea, Russia, Thailand, Zimbabwe, and
several other countries have blocked access to Wikileaks.org-type Web sites, claimed they have
the right to investigate and prosecute Wikileaks.org and associated whistleblowers, or insisted
they remove false, sensitive, or classified government information, propaganda, or malicious
content from the Internet. The governments of China, Israel, and Russia claim the right to
remove objectionable content from, block access to, and investigate crimes related to the posting
of documents or comments to Web sites such as Wikileaks.org. The governments of these
countries most likely have the technical skills to take such action should they choose to do so.
(S//NF) Wikileaks.org uses trust as a center of gravity by assuring insiders, leakers, and
whistleblowers who pass information to Wikileaks.org personnel or who post information to the
Web site that they will remain anonymous. The identification, exposure, or termination of
employment of or legal actions against current or former insiders, leakers, or whistleblowers
could damage or destroy this center of gravity and deter others from using Wikileaks.org to make
such information public.
(U) Key Judgments
(S//NF) Wikileaks.org represents a potential force protection, counterintelligence,
OPSEC, and INFOSEC threat to the US Army.
(S//NF) Recent unauthorized release of DoD sensitive and classified documents provide
FISS, foreign terrorist groups, insurgents, and other foreign adversaries with potentially
actionable information for targeting US forces.
(S//NF) The possibility that current employees or moles within DoD or elsewhere in the
US government are providing sensitive or classified information to Wikileaks.org cannot
be ruled out. The claim made by Wikileaks.org that former US government employees
leaked sensitive and classified information is highly suspect, however, since
Wikileaks.org states that the anonymity of the whistleblowers or leakers is one of its
(U//FOUO) The Wikileaks.org Web site could be used to post fabricated information,
misinformation, disinformation, or propaganda and could be used in perception
management and influence operations to convey a positive or negative message to
specific target audiences that view or retrieve information from the Web site.
(U//FOUO) Several countries have blocked access to the Wikileaks.org Web site and
claim the right to investigate and prosecute Wikileaks.org members and whistleblowers
or to block access to or remove false, sensitive, or classified government information,
propaganda, or other malicious content from the Internet.
(U//FOUO) Wikileaks.org most likely has other DoD sensitive and classified information
in its possession and will continue to post the information to the Wikileaks.org Web site.
(U//FOUO) Web sites such as Wikileaks.org use trust as a center of gravity by protecting
the anonymity and identity of the insiders, leakers, or whistleblowers. The identification,
exposure, termination of employment, criminal prosecution, legal action against current
or former insiders, leakers, or whistleblowers could potentially damage or destroy this
center of gravity and deter others considering similar actions from using the
Wikileaks.org Web site.
(U) Table of Contents
(U) Executive Summary
(U) Key Judgments
(U) Intelligence Gaps
(U) Point of Contact
(U) Appendix A: Glossary
(U) Appendix B: Methodology Used by Authors for Analysis of Leaked Tables of
Equipment for US Forces in Iraq and Afghanistan
(U) Table 1. Abbreviated Listing of the Iraq Transition Team (UIC - M94216) Table of
(U) Table 2. Descriptive Entry of the File and How it is Catalogued by Wikileaks.org for
the NGIC Report Entitled ―(U) Complex Environments: Battle of Fallujah I, April 2004‖
[NGIC-1127-7138-06] posted on its Web site
(U) Figure 1. M33A1 Bulk CS Chemical Dispenser
(S//NF) Figure 2. Map from Page 4 of NGIC Report Entitled ―(U) Complex
Environments: Battle of Fallujah I, April 2004‖ As Published in a Wikileaks.org Article.
(U//FOUO) Wikileaks.org was founded by Chinese dissidents, journalists, mathematicians, and
technologists from the United States, China, Taiwan, Europe, Australia, and South Africa. Its
Web site became operational in early 2007. The advisory board for Wikileaks.org includes
journalists, cryptographers, a ―former US intelligence analyst,‖ and expatriates from Chinese,
Russian, and Tibetan refugee communities. The ACIC does not have any information to
associate or link the ―former US intelligence analyst‖ on the Wikileaks.org advisory board with
the leakage of sensitive or classified DoD documents posted to the Web site.
(U) Wikileaks.org claims to have developed an uncensorable version of the publicly available
Wikipedia interface that is intended for mass leakage of sensitive documents that expose
wrongdoing and for allowing users to comment on the documents posted to the Web site.
Through its Web site, Wikileaks.org encourages large-scale anonymous leaking and posting of
sensitive and confidential government and business documents on the Internet. Wikileaks.org
claims to have received more than 1.2 million documents from dissident communities and
anonymous sources throughout the world. If true, additional articles involving sensitive or
classified DoD will most likely be posted to the Wikileaks.org Web site in the future.
(S//NF) Wikileaks.org uses its own coded software combined with Wiki, MediaWiki, OpenSSL,
FreeNet, TOR, and PGP to make it difficult for foreign governments, FISS, law enforcement
agencies, and foreign businesses to determine where a leaked document originated from and who
was responsible for leaking the document. The goal of Wikileaks.org is to ensure that leaked
information is distributed across many jurisdictions, organizations, and individual users because
once a leaked document is placed on the Internet it is extremely difficult to remove the document
(S//NF) The obscurification technology used by Wikileaks.org has exploitable vulnerabilities.
Organizations with properly trained cyber technicians, the proper equipment, and the proper
technical software could most likely conduct computer network exploitation (CNE) operations or
use cyber tradecraft to obtain access to Wikileaks.org‘s Web site, information systems, or
networks that may assist in identifying those persons supplying the data and the means by which
they transmitted the data to Wikileaks.org. Forensic analysis of DoD unclassified and classified
networks may reveal the location of the information systems used to download the leaked
documents. The metadata, MD5 hash marks, and other unique identifying information within
digital documents may assist in identifying the parties responsible for leaking the information. In
addition, patterns involving the types of leaked information, classification levels of the leaked
information, development of psychological profiles, and inadvertent attribution of an insider
through poor OPSEC could also assist in the identification of insiders.
(U) Wikileaks.org supports the US Supreme Court ruling regarding the unauthorized release of
the Pentagon Papers by Daniel Ellsberg, which stated that ―only a free and unrestrained press can
effectively expose deception in government.‖ The Wikileaks.org Web site further states the
―We aim for maximum political impact. We believe that transparency in
government activities leads to reduced corruption, better government, and
stronger democracies. All governments can benefit from increased scrutiny by the
world community, as well as their own people. We believe this scrutiny requires
information. Historically that information has been costly—in terms of human life
and human rights. But with technological advances—the Internet, and
cryptography—the risks of conveying important information can be lowered.‖
(U) The OPSEC measures used in the submission of leaked information to Wikileaks using the
Internet are designed to protect the identity and personal security of the persons or entities
sending or posting information to the Web site. Wikileaks.org claims that any attempt at trace
routing of IP addresses, MAC addresses, and other identifying information of a home computer
submissions (as opposed to cyber café submissions) through Wikileaks.org‘s Internet submission
system would require a knowledge of information available only to Wikileaks.org programmers
and to a rights organization serving the electronic community, or would require specialized
ubiquitous traffic analysis of Internet messages and routing systems. Nevertheless, it remains
technically feasible for FISS, law enforcement organizations, and foreign businesses that have
the motivation, intentions, capability, and opportunity to gain online access or physical access to
Wikileaks.org information systems to identify and trace whistleblowers through cyber
investigations, advanced cyber tools, and forensics.
(U) Another method of posting leaked information to the Web site anonymously is for leakers to
use postal mail to send the information to volunteers in various countries who have agreed to
receive encrypted CDs and DVDs from leakers. These volunteers then forward the information
to designated personnel, who then upload the data on the CDs and DVDs to the Wikileaks.org
Web servers. To protect or mask the sender, leakers can take OPSEC measures such as using
Wikileaks.org encryption protocols when writing CDs and DVDs; using gloves while wrapping,
taping, handling, and mailing packages; and not including a return address or including a fake
return address on packages containing leaked information. Such measures are designed to protect
the identity of the leakers and prevent FISS, law enforcement, and postal inspectors from
intercepting the mail and decoding the information on the data storage devices in transit.
Wikileaks.org also claims that it is developing easy-to-use software to encrypt the CDs and
DVDs. Use of such methods also protects facilitators or intermediaries from harm because they
would not know the content of the encrypted submissions.
(U) A Wikileaks.org spokesperson stated in early January 2007 that about 22 persons are
involved in the Open Society Initiative to make governments and corporations more accountable
to the citizens of the world. Wikileaks intends to seek funding from individual persons and
groups such as humanitarian organizations that fund sociopolitical activity intended to promote
democracy and human rights around the world through open access to government and business
(S//NF) Several foreign countries including China, Israel, North Korea, Russia, Vietnam, and
Zimbabwe have denounced or blocked access to the Wikileaks.org Web site to prevent citizens
or adversaries from accessing sensitive information, embarrassing information, or alleged
propaganda. The governments of China, Israel, and Russia have asserted that they have a right to
remove from the Internet protected government information, disinformation, and propaganda that
is intended to embarrass or make false allegations against their governments. China, Israel, North
Korea, and Russia are assessed to have state-sponsored CNE, computer network attack (CNA),
and cyber forensics capabilities that would most likely allow penetration or disrupt viewing of
the Wikileaks.org Web site. China, Israel, and Russia have used or are suspected of having used
CNA to target terrorist or dissident Web sites that have posted objectionable material intended to
embarrass, harm, or encourage terrorism or opposition to the government.
(U//FOUO) An insider could present a potential force protection, counterintelligence, OPSEC, or
INFOSEC threat to the US Army through deliberate unauthorized release of official DoD
documents and posting of sensitive or classified information to the Internet. Several recent
postings to the Wikileaks.org Web site in November 2007 of sensitive US Army information
marked UNCLASSIFIED//FOR OFFICIAL USE ONLY and in December 2007 of US Army
information classified SECRET//NOFORN highlight the insider threat to DoD. The actual
perpetrators responsible for the unauthorized released of such documents could be subject to
administrative action, nonjudicial punishment, or criminal charges and prosecution if they are