Iraq battle plan leak sparks overhaul of cybercrime-fighting techniques
The DOD probe involved combing through 60TB of data
January 31, 2005 12:00 PM ETIDG News Service -
The U.S. Department of Defense seized hundreds of computers and around 60TB of data as part of an investigation into how details of the U.S. invasion plan for Operation Iraqi Freedom were leaked to The New York Times, a Defense Department official said.
The investigation ended in 2003 without finding the source of the leak. But it has prompted changes within the department, which is developing software tools and investigative strategies for computer crime cases that involve large amounts of data, said Lt.Col. Ken Zatyko, director of the DOD's Computer Forensics Laboratory.
The investigation was prompted after details of the U.S.'s planned invasion of Iraq appeared in a series of newspaper articles in the Times beginning in July 2002. The articles revealed various details of the planned invasion and options that were being considered by military planners. Operation Iraqi Freedom was launched in March 2003.
The Times articles set off an intense effort within the DOD to discover the source of the leak. Hundreds of computer servers and desktop systems were seized at a number of locations, including U.S. Central Command at MacDill Air Force Base in Tampa, Fla., and from military bases in the Persian Gulf region, including the U.S. naval base in Bahrain, Zatyko said.
In all, about 60TB of data, including data stored on computer hard drives and other devices, was collected and brought back to the DOD's computer forensic lab at the Department of Defense Cyber Crime Center (DC3), he said.
One Times reporter was also subpoenaed for information pertaining to the leak, but that subpoena was quashed, according to Catherine Mathis, vice president of corporate communications at The New York Times Co.
At DC3, a team of computer forensics investigators searched through the data looking for evidence -- such as an e-mail message or document transfer -- that would link a particular individual to a Times reporter, Zatyko said. Ultimately, the investigation failed, in part because of the challenge of sifting through the huge volume of data, he said.
"It was a 'needle in the haystack' case," Zatyko said. "The challenge is to reduce all that data and hone in on the document that was sent to the reporter."
The investigators did discover a number of versions of a presentation that contained information linked to the articles, as well as e-mail messages to reporters. However, they couldn't find evidence that the presentation or other sensitive information was sent to the Times, and DC3's investigation ended in late 2003 without finding those responsible for the leaks,
Reprinted with permission from
Story copyright 2009 International Data Group. All rights reserved.
Cybercrime/Hacking
Additional Resources



White Papers & Webcasts
Mastering eDiscovery: The IT Manager's Guide to Preservation, Protection & Production
Get this paper now!
Extending Client Refresh - 11 Steps to Maximize Savings
Register Now!
Not Just Words: Enforce Your Email and Web Acceptable Usage Policies
Get this paper now!
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Email Archiving: A Business-Critical Application
Get this paper now!
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
IBM ISS X-Force Threat and Risk Report
Learn about all aspects of threats that affect Internet security.
Consolidate Your Servers and Storage to Lower Costs with Oracle Database 11g
Register for this webcast!
The New World of eCrime: Targeted Brand Attacks and How to Combat Them
Download This Whitepaper Now!
The Commercialization of ITIL: Lessons Learned
Register for this event today!
