Why the Air Force is investigating a cyber attack from the Navy
The Air Force is investigating the Navy for a cyber intrusion into its network, according to a memo obtained by Military Times.
The bizarre turn of events stems from a decision by a Navy prosecutor to embed hidden tracking software into emails sent to defense attorneys, including one Air Force lawyer, involved in a high-profile war-crimes case of a Navy SEAL in San Diego.
The tracking device was an attempt to find out who was leaking information to the editor of Navy Times, a sister publication. A similar tracking device was also sent to Carl Prine, the Navy Times editor, who has written numerous stories about the case.
Navy Capt. David Wilson, chief of staff for the Navy’s Defense Service Offices, wrote in the May 19 memo that an Air Force attorney was among the defense lawyers who had received emails with the hidden tracking software, which he described as “malware.”
The Air Force defense lawyer reported the tracking device to his information security manager, who concluded the malware was a “splunk tool,” which allowed the sender of the malware to gain “full access to his computer and all files on his computer,” Wilson wrote in the memo, which he sent to the chief of staff for the Navy’s Region Legal Service Offices.
“In fact, I’ve learned that the Air Force is treating this malware as a cyber-intrusion on their network and have seized the Air Force Individual Military Counsel’s computer and phone for review,” he wrote.
Wilson declined to comment further to Military Times.
The Air Force has not yet responded to a request for comment.
Serious questions about the Navy’s use of secret digital tracking devices have emerged since the Navy Criminal Investigative Service launched its investigation into media leaks regarding the separate courts-martial of Special Operations Chief Edward Gallagher, a Navy SEAL, and Lt. Jacob Portier, the commander of Gallagher’s platoon.
Gallagher is accused of stabbing to death an injured teenage Islamic State fighter in Iraq in 2017. Portier is charged with conduct unbecoming an officer for allegedly conducting Gallagher’s re-enlistment ceremony next to the corpse of the dead fighter.
Wilson wrote that he learned May 10 that the lead prosecutor in both cases, Navy Cmdr. Christopher Czaplak, “inserted or caused to be inserted” the tracking software, which then found its way into private or commercial email networks, the Navy-Marine Corps Intranet email network and the Air Force’s email network.
“An unintended consequence of the Government’s action and lack of transparency is a lack of confidence and trust in NMCI and other Government-provided networks used by defense counsel to provide Sixth Amendment right to counsel services to the Navy, Marine Corps and Coast Guardsmen,” Wilson wrote.
Navy Capt. Greg Hicks, the service’s top spokesman, last week declined to comment on the email device targeting Navy Times. But Hicks confirmed that NCIS is conducting “an ongoing investigation into the unauthorized disclosure of information covered by a judge’s protective order.”
The email received by Navy Times contained hidden computer coding designed to extract the IP address of the Navy Times computer network and to send that information back to a server located in San Diego. Under U.S. criminal law, authorities typically must obtain a subpoena or court order to acquire IP addresses or other metadata. Not obtaining one could be a violation of existing privacy laws, including the Electronic Communications Privacy Act.
The discovery of the tracking devices has roiled the cases. Critics of the Navy’s decision to hide tracking software in emails — including Wilson — have sounded the alarm that such government surveillance could amount to illegally spying on journalists and defense attorneys, undermining both the freedom of the press and defendants’ ability to receive a fair trial.
In his memo, Wilson worried that the hidden tracking software could undermine confidence and trust in the military’s electronic communication systems and their ability to protect attorney-client privilege for military defendants.
“I will defer to the trial and appellate judicial process to determine the appropriateness of the Government’s action in [the Gallagher and Portier] cases,” Wilson wrote. ”However, in my capacity as the Chief of Staff, I have grave ethical concerns regarding the impact of the Government’s action for all services provided worldwide by the Defense Service Offices. … The commanding officers of the 4 Defense Service Offices (DSO) and I have no confidence that our defense counsel attorney-client communications on NMCI and other Government-provided networks are protected from unauthorized disclosure as a result of this introduction of malware.”
Wilson said the Navy’s actions have “troubling reverberations that reach every defense counsel representing every client within Naval Legal Service Command.”
“As of now, the Navy’s defense bar cannot be certain that the malware unleashed in these cases has been contained rather than passed through-out the Navy and Coast Guard defense services systems — a possibility now under direct investigation by the Air Force,” he wrote.
“As our clients learn about these extraordinary events in the media, we are left unarmed with any facts to answer their understandable concerns about our ability to secure the information they must trust us to maintain,” he wrote. “The situation has become untenable.”
Military Times Managing Editor Howard Altman contributed to this report.