U.S. Cyber Command Blocking Public Intelligence and Nearly 2,500 “WikiLeaks-Related” Websites

public-intelligence-blocked

A block page displayed when users on military networks attempt to access this website.

U.S. Cyber Command (CYBERCOM) has blocked access to the Public Intelligence website (publicintelligence.net) as well as at least 2,484 other “WIKILEAKS-related websites” on their unclassified network.

The block was first reported in June 2012 by a regular contributor to Phibetaiota.net, a website run by former CIA officer and longtime proponent of open-source intelligence Robert David Steele.  An anonymous contributor to the blog reported that CYBERCOM had “blocked access to www.publicintelligence.net from DoD computers” for unstated “operational reasons.”  The article described the contents of the notice that is displayed when users attempt to access the site and stated that the “block category” was listed as: “USCC_WIKILEAKS_BLOCK.”  According to other individuals who have experienced the block, a message is displayed indicating that you have “attempted to access a blocked website” and that access has been denied for unstated “operational reasons by the DOD Enterprise-Level Protection System.”  The notice also instructs the user to “contact your local Network Control Center” to gain access to blocked websites that are “mission essential.”

public-intelligence-blocked-2

An email from an intelligence analyst with the U.S. Army TRADOC G2 Intelligence Support Activity (TRISA) requesting access to this website.

In March 2013, a U.S. Army intelligence analyst did just that: she requested that an exception be made for her unit to access the site in order to conduct official research.  The analyst’s request is contained in a 15-page document from the U.S. Army’s Network Enterprise Technology Command (NETCOM) that was released following a request under the Freedom of Information Act (FOIA).  The document contains a chain of emails between members of the U.S. Army TRADOC G2 Intelligence Support Activity (TRISA) and IT Specialists with NETCOM.  In an email dated March 7, 2013, an analyst with the Contemporary Operational Environment and Threat Integration Directorate (CTID) within TRISA states that “CTID requests access to this website http://publicintelligence.net/” and adds that “we all use this website for official open source research to support [REDACTED].”

The request was referred to members of the 106th Signal Brigade under NETCOM who requested a memorandum for record stating that access was required for official business and had been approved by the unit’s information assurance manager.  The request appeared to be moving along until late April 2013 when the 106th Signal Brigade informed the IT personnel at TRISA that the block was a CYBERCOM block related to WikiLeaks.  In an email from April 23, 2013, NETCOM informed all parties involved in the effort to unblock the site that “TRISA has withdrawn their request for access to the site” after being informed by IT personnel at TRISA that “this was considered a wiki leak [sic] type site so this can be closed with no further action and if she needs access to this site she can use [REDACTED].”  In another email regarding the retraction of the request, NETCOM personnel discussed how “once the user requesting the unblock realized the site was a wiki leaks block, they decided they would use the [REDACTED].”

A response from the 106th Signal Brigade stated that “info.publicintelligence.net is blocked by the United States Cyber Command under the category of wikileaks” and cites several tasking orders and all army activities (ALARACT) messages distributed in support of the WikiLeaks block.  Two of those ALARACTs were previously obtained by Public Intelligence and discuss preventative measures taken to limit the unauthorized dissemination of information and protect “sensitive information in the public domain.”  ALARACT 245-2010 explicitly forbids Army personnel from viewing any classified information released by WikiLeaks because it would introduce classified material onto unclassified networks where it may not be properly safeguarded:

ARMY PERSONNEL MUST BE VIGILANT WITH REGARD TO THE INFORMATION POSTED ON THE WIKILEAKS WEBSITE AND ANY OTHER WEBSITE THAT PURPORTS TO PUBLISH CLASSIFIED INFORMATION. VIEWING, DOWNLOADING OR PRINTING INFORMATION FROM THE WEBSITE COULD POTENTIALLY EXPOSE ARMY NETWORKS TO SENSITIVE DATA OR CREATE SITUATIONS IN WHICH DATA IS IMPROPERLY SAFEGUARDED THUS HARMING OUR ABILITY TO CONDUCT MISSIONS VITAL TO OUR NATIONAL DEFENSE. INFORMATION MARKED AS CLASSIFIED BUT IN THE PUBLIC DOMAIN IS NOT CONSIDERED DECLASSIFIED UNTIL ASSESSED BY THE APPROPRIATE ORIGINAL CLASSIFICATION AUTHORITY AND A DETERMINATION ON ITS DISPOSITION AND CONTINUED CLASSIFICATION IS RENDERED.

Similar notices were disseminated by the Air Force, Navy, White House and a number of other government agencies in 2010 following the release of hundreds of thousands of U.S. diplomatic cables by WikiLeaks.

In response to a FOIA request for records related to the WikiLeaks block, CYBERCOM confirmed that in November 2013 there were 2,484 “WIKILEAKS-related websites” blocked on “their unclassified network.”  However, the release of a forty-six page document listing these websites was denied on the grounds that the information was properly classified and its release could “risk circumvention of the law.”

A Pattern of Blocking

In June 2013, it was revealed that the DoD has been blocking access to news stories regarding the disclosure of classified NSA documents by Edward Snowden.  According to Pentagon spokesman Lt. Col. Damien Pickart, any website that chooses to “post information the department deems classified” will have that content “filtered” rendering it “inaccessible from DoD networks so long as it remains classified.”  Public Intelligence has not posted any of the material revealed by Snowden or WikiLeaks and hosts only a small number of previously classified documents that have been publicly revealed in media reports.  Lt. Col. Pickart told U.S. News & World Report that the DoD “does not determine what sites its personnel can choose to visit while on a DoD system, but instead relies on automated filters that restrict access based on content concerns or malware threats.”

Pickart also made clear that DoD is not “going to block websites from the American public in general, and to do so would violate our highest-held principle of upholding and defending the Constitution and respecting civil liberties and privacy.”  However, Pickart’s statements are contradicted by the experiences of individuals who have encountered the CYBERCOM block.  Users report encountering the block on documents that are unclassified and, in some cases, have no control markings at all.

In addition to the CYBERCOM block, the army’s Continental U.S. (CONUS) Network Operations and Security Center (C-TNOSC) has also previously blocked portions of the Public Intelligence website from being accessed on army computers.  Visitors report that attempts to access information on the site have been met with the following notice:

“The site you have requested has been blocked by Team CONUS (C-TNOSC/RCERT-CONUS) due to malware being hosted on the site”

The U.S. Army block has apparently been in effect since at least February 2012.  A number of forum postings and comments on a variety of websites make reference to the block.  There are no independent reports of malware being hosted on the Public Intelligence website and all public security directories list the site as safe.  When contacted for comment, U.S. Network Enterprise Technology Command spokesperson Gordon Van Vleet told Public Intelligence that he was unable to provide any information on the block.

Share this:

Facebooktwitterredditlinkedinmail