The young Army Pfc. suspected of stealing the diplomatic memos and feeding them to WikiLeaks may have defeated Pentagon security systems using little more than a Lady Gaga CD and a portable computer memory stick.
The soldier, Bradley Manning has not been charged in the latest release of internal U.S. government documents. But officials said he is the prime suspect partly because of his own description of how he pulled off a staggering heist of classified and restricted material.
"No one suspected a thing," Manning told a confidant afterward, according to a log of his computer chat published by Wired.com. "I didn't even have to hide anything."
Secretary of State Hillary Rodham Clinton asserted Monday that WikiLeaks acted illegally in posting the material. She said the administration was taking "aggressive steps to hold responsible those who stole this information."
Attorney General Eric Holder said the government was mounting a criminal investigation, and the Pentagon was tightening access to information, including restricting the use of computer storage devices such as CDs and flash drives.
"This is not saber-rattling," Holder said. Anyone found to have broken American law "will be held responsible."
Holder said the latest disclosure, involving classified and sensitive State Department documents, jeopardized the security of the nation, its diplomats, intelligence assets and relationships with foreign governments.
A weary-looking Clinton agreed.
"I want you to know that we are taking aggressive steps to hold responsible those who stole this information," Clinton said. She spoke in between calls to foreign capitals to make amends for scathing and gossipy memos never meant for foreign eyes.
Manning is charged in military court with taking other classified material later published by the online clearinghouse WikiLeaks. It is not clear whether others such as WikiLeaks executives might be charged separately in civilian courts.
Clinton said the State Department was adding security protections to prevent another breach. The Pentagon, embarrassed by the apparent ease with which secret documents were passed to WikiLeaks, had detailed some of its new precautions Sunday.
Col. Dave Lapan, a Pentagon spokesman, said it was possible that many people could be held accountable if they were found to have ignored security protocols or somehow enabled the download without authorization.
A senior Defense Department official, speaking on condition of anonymity because the criminal case against Manning is pending, said he was unaware of any firings or other discipline over the security conditions at Manning's post in Iraq.
In his Internet chat, Manning described the conditions as lax to the point that he could bring a homemade music CD to work with him, erase the music and replace it with secrets. He told the computer hacker who would turn him in that he lip-synched along with pop singer Lady Gaga's hit "Telephone" while making off with "possibly the largest data spillage in American history."
Wired.com published a partial log of Manning's discussions with hacker R. Adrian Lamo in June.
"Weak servers, weak logging, weak physical security, weak counterintelligence, inattentive signal analysis," Manning wrote. "A perfect storm."
His motive, according to the chat logs: "I want people to see the truth ... because without information, you cannot make informed decisions as a public."
By his own admission, Manning was apparently able to pull material from outside the Pentagon, including documents he had little obvious reason to see. He was arrested shortly after those chats last spring. He was moved in July to the Quantico Marine Corps Base in Virginia to await trial on the earlier charges and could face up to 52 years in a military prison if convicted.
There are no new charges, and none are likely at least until after a panel evaluates Manning's mental fitness early next year, said Lt. Col. Rob Manning, spokesman for the Military District of Washington. He is no relation to Bradley Manning.
Manning's civilian lawyer, David E. Combs, declined comment.
Lapan, the Pentagon spokesman, said the WikiLeaks experience has encouraged discussion within the military about how better to strike a balance between sharing information with those who need it and protecting it from disclosure.
So far, he said, Pentagon officials are not reviewing who has access to data but focusing instead on installing technical safeguards.
Since summer, when WikiLeaks first published stolen war logs from the conflicts in Iraq and Afghanistan, the Defense Department has made it harder for one person acting alone to download material from a classified network and place it on an unclassified one.
Such transfers generally take two people now, what Pentagon officials call a "two-man carry." Users also leave clearer electronic footprints by entering a computer "kiosk," or central hub, en route to downloading the classified material.
Pentagon spokesman Bryan Whitman said the WikiLeaks case revealed vulnerable seams in the information-sharing systems used by multiple government agencies. Some of those joint systems were designed to answer another problem: the failure of government agencies to share what they knew before the Sept. 11, 2001, attacks.
"These efforts to give diplomatic, military, law enforcement and intelligence specialists quicker and easier access to greater amounts of data have had unintended consequences," Whitman said.
Agencies across the U.S. government have installed safeguards around the use of flash drives and computer network operations, said Navy Rear Adm. Michael Brown, the Department of Homeland Security's director for cybersecurity coordination.
Like the Pentagon, Homeland Security has laid out policies to ensure that employees are using the networks correctly, that the classified and unclassified networks are properly identified, and that there are detailed procedures for moving information from one network to another.
Dale Meyerrose, former chief information officer for the U.S. intelligence community, said Monday that it will never be possible to completely stop such breaches.
"This is a personnel security issue, more than it is a technical issue," said Meyerrose, now a vice president at Harris Corp. "How can you prevent a pilot from flying the airplane into the ground? You can't. Anybody you give access to can become a disgruntled employee or an ideologue that goes bad."
One official in contact with U.S. military and diplomatic staff in Iraq said they already were seeing the effect of a tighter collar on information.
The State Department and other agencies are restricting access among the Army and nonmilitary agencies, the official said. The official spoke on condition of anonymity to discuss the sharing of classified information.
Former CIA director Michael Hayden warned the latest leak will affect what other governments are willing to share with the U.S. as well as change the way U.S. officials share information among themselves.
"You're going to put a lot less in cables now," he said.