contact | about | archive | Official Record of Trial (Manning) | usvmanning.org | charges (Manning) | verdict (Manning) | usvwikileaks.org |

Witness | US v Pfc. Manning, Captain Thomas Cherepko, Assistant S6, Information Assurance Security Officer, 2nd Brigade Combat Team, 10th Mountain Division

|

US v. Pfc. Bradley Manning is being conducted in de facto secrecy. This page is a work in progress and may contain errors. The page is developing and may be updated. All updates and amendments will be noted.

For more information on the lack of public and press access to United States v. Pfc. Bradley Manning, visit the Center for Constitutional Rights, which filed a petition requesting the Army Court of Criminal Appeals (ACCA) "to order the Judge to grant the public and press access to the government's motion papers, the court's own orders, and transcripts of proceedings, none of which have been made public to date."

cherepko.png*Image from Captain Thomas Cherepko's LinkedIn profile.

General Description

Individuals named in the testimony of Captain Thomas Cherepko:

  • General Robert L. Caslen
  • Unnamed supervisors whom Captain Thomas Cherepko notified about unauthorized music and games on the shared SIPRNet T-Drive
  • Unnamed people on Special Agent Calder Robertson CCIU team who instructed Captain Thomas Cherepko on how to obtain server logs from the network and shared drive as well as email logs and how to conduct forensic analysis
  • Captain Thomas Cherepko tasked of his solders with doing the forensic imaging either Sergeant Joseph Benthal or Private Dodley He could not remember which
  • unnamed Army Criminal Investigation Commande (CID) agent who said to Captain Thomas Cherepko when he was concerned about his ability to create forensically sound images "that it was OK because the devices hadn't been seized yet and it's already been so long that they are already tainted"

Other Information

No. 20 on December 2, 2011 Defense Request for Article 32 Witnesses, December 2, 2011

XXXXXXXXXX [ CPT Thomas Cherepko, Information Assurance Security Officer, 2nd Brigade Combat Team, 10th Mountain Division ] He was the assistant S-6 for the 2BCT. He will testify that the information assurance procedures were not being followed by the brigade. He knew that Soldiers would go to the local market and buy movies, music and games and place the information on their SIPR and NIPR computers. He tried to address the issue but could not get any support from the leadership to enforce the standards. He raised the movie and music concern to the S6, XXXXXXXXXX [ UNIDENTIFIED BRIGADE S6 ] and the Brigade XO [ Brigade Executive Officer ], XXXXXXXXXX [ Lt. Col. Brian Kerns ], but that nothing was done. When the mood struck him, he would scan the shared drive for music, movies, and games and will testify that he would find it every day. Every time that he found unauthorized material on the SIPRNet, he would delete it. Occasionally, he would find a Soldier that would have a huge amount of unauthorized material on their computer -in one instance it was 500 Gigabytes of information, but nothing was done. He will testify that as the IASO [Information Assurance Security Officer] he did not know that he needed to prepare a DoD Information Assurance Certification and Accreditation Process (DIACAP) packet for certification and accreditation of the brigade network. He will also testify that due to this failure, it was later determined that the brigade did not have an Approval to Operate (ATO) or an Interim Approval to Operate (IATO) for their network. Additionally, the brigade did not receive a formal IA [Information Assurance] certification and accreditation inspection during its tour, contrary to the guidance in MNF-I [Multi-National Force - Iraq] Directives. Finally, he will testify that he knew about personal software being loaded on the SIPRNet and he would remove the software when he came across it. XXXXXXXXXX [WHAT IS THIS?]

Additional Article 32 Pretrial, 12/18/11 (by an anonymous journalist, ed. by Alexa O'Brien)

See Transcript of US v Pfc. Bradley Manning, Article 32 Pretrial Hearing, 12/18/11 (Additional)

NEXT WITNESS CAPTAIN THOMAS CHEREPKO, U.S. FORCES, N.A.T.O via TELEPHONE

Prosecution: Current position?

Cherepko: Deputy C.I.S. [Communications and Information Systems] officer for Madrid. My duties: to assist primary CIS officer in planning, executing for training officers for multinational N.A.T.O. operations. I'm a Functional [Area] 53, Information Systems Manager.

Prosecution: What do you do for the army?

Cherepko: Depends. Ranges from cyber defense to... [Cherepko mentions other things]. I've been in the Army 16 years. For 2.5 years - since Summer 2009 - I've been a C.I.S. officer. Previously Engineer Officer, 4 years.

Prosecution: What type of training do you receive?

Cherepko: Went through Functional Area 53 training at Fort Gordon in Georgia. Brigade Automation Officer responsible for overseeing NIPRnet and SIPRnet. NIPRnet System, unclassified network that allows you access to world wide web, Google, Yahoo, ESPN if you like. Only used for unclassified information. SIPRnet is a global Intranet for the Department of Defense. Closed network, classified up to SECRET.

Prosecution: What were qualifications in order to have SIPRnet account?

Cherepko: You had to have approval of your first-line supervisor; had to complete required paperwork, which included a request for access document; and an A.U.P. - Acceptable Use Policy.

Prosecution: When completing steps for access, you had to prove you had security clearing. Why did you need a security clearance to get on network?

Cherepko: Because SIPRnet can contain up to SECRET information.

Prosecution: A.U.P. - Acceptable Use Policy - tells you what you can and cannot do on network. You have to read and sign. Explain...?

Cherepko: It's online training giving you basic security proceedings. Gives examples of what to do and what not to do.

Prosecution: Give examples of different types information in training?

Cherepko: Perfect example: the use of I.D. cards to get into buildings. You're supposed to use I.D. card to get into buildings. If someone goes to a door without ID, there's a protocol on what you're supposed to do.

Prosecution: Sharing passwords?

Cherepko: You're not authorized to share.

Prosecution: Conduct yourself while using classified information?

Cherepko: Can't remember if there's anything specific to classified. But even to get a NIPRnet account, you have to go through this training.

Prosecution: Focusing just on SIPRnet, what is network administrator's function?

Cherepko: Monitor and maintain upkeep of network. Ensure that there are communications 24 hours per day. Security, upgrades, troubleshooting of users' problems.

Prosecution: Soldiers: authorized to install programs on 2-10 Mountain [2nd Brigade Combat Team, 10th Mountain Division (Light Infantry)] SIPRnet program?

Cherepko: No.

Prosecution: Who was authorized?

Cherepko: Program administrators.

Prosecution: Have you heard of WGET?

Cherepko: Yes.

Prosecution: Was it authorized?

Cherepko: No. To my knowledge, doesn't have specific [Missed] of net worthiness.

Prosecution: mIRC Chat? What is it?

Cherepko: Chat system.

Prosecution: Similar to I.M. [Instant Message]?

Cherepko: Yes.

Prosecution: Was there an operational need to have?

Cherepko: Yes.

Prosecution: What?

Cherepko: Used to communicate between Division [10th Mountain Division (Light Infantry)] and Brigade [2nd Brigade Combat Team - BCT]. Brigade aviation cells used to communicate with aviation community.

Prosecution: Authorized to be installed on your computer?

Cherepko: We had to have it in order to communicate with the aviation community.

Prosecution: Was it authorized, though?

Cherepko: To my knowledge, yes - it was on systems when I got there.

Prosecution: Did you install?

Cherepko: Yes, part of the package we installed.

Prosecution: Was WGET part of that?

Cherepko: No.

Prosecution: A.U.P. - Acceptable Use Policy. Soldiers required to sign before deployment?

Cherepko: Don't know.

Prosecution: Requirement to have A.U.P.'s [Acceptable Use Policy]?

Cherepko: Yes.

Prosecution: When you were Systems Officer, did you require soldiers to sign?

Cherepko: I did, Sir. Can only assume it was done before I arrived - I had to sign when I got there.

Prosecution: Manning there when you arrived in theater?

Cherepko: Yes.

Prosecution: Did you maintain Manning's A.U.P. when you were there?

Cherepko: Have to say, no - we couldn't find it when asked to find it. Mine was one of the ones we couldn't find too.

Prosecution: Why?

Cherepko: Over 2,000 users; we kept paper copies in file folders; they were misplaced.

Prosecution: Standard language in A.U.P. [Acceptable Use Policy]?

Cherepko: No forwarding of chain emails. Can't use it for personal business. Can only access network for what you have permission to access. You can't install programs, you can't look at porno or racist material.

Prosecution: Whose is the ultimate responsibility?

Cherepko: It's the user's.

Prosecution: Executable code mentioned?

Cherepko: Don't know.

Prosecution: Did you have a shared drive? What is it?

Cherepko: Yes. Not unlike U.S.B. drive, but it's larger and is a server. 11 Terabytes, not all of which was accessible by users. Server on network connected by I.P. address to the main network. Users could map server to their local machine, use as hard drive locally.

Prosecution: Was there a common name for 2nd Brigade Mountain [2nd Brigade Combat Team, 10th Mountain Division (Light Infantry)] shared drive?

Cherepko: T Drive. Classification was SECRET.

Prosecution: Who had access?

Cherepko: Anyone given permission.

Prosecution: Anyone on SIPRnet?

Cherepko: Anyone on SIPRnet who was also given access. I don't know anyone who was not given access.

Prosecution: Just from your Brigade?

Cherepko: Inherited from 82nd Air Brigade. They'd also inherited. Collection of archived documents from the past several years.

Prosecution: Also movies and music on shared drive?

Cherepko: Yes.

Prosecution: Assuming soldier had SIPRnet access, what prevented a soldier from removing information from shared drive and putting on his or her own computer?

Cherepko: Nothing. You could move data back and forth between it.

Prosecution: What prevented a soldier from burning a C.D. of classified information?

Cherepko: No technical restriction from burning a CD.

Prosecution: Why?

Cherepko: There was no requirement to have a restriction; no need to.

Prosecution: Was there an operational requirement needed to allow burning of a C.D.?

Cherepko: Yes. Like I said, there was no technical restriction. Only prevention was trust that a soldier would not do that.

DEFENSE EXAMINES CAPTAIN THOMAS CHEREPKO

[Discussion about him not being there in person. Mr. David Coombs says he sounds like a Sprint commercial.]

Defense (Coombs): How long did you work as the Brigade Automations Officer as 2nd BCT [Brigade Combat Team]?

Cherepko: From 2009 till this past summer [2011]. Primary duty: establish, maintain, secure Brigade communications. Serve as Brigade Information Assurance Manager [I.A.M.].

Defense (Coombs): Typical day?

Cherepko: Day would begin with PTs [Physical Training], go to work. Once I arrived, day had fairly typical rhythm: read through logs to make sure back-ups had occurred. Check emails to see if anything needed to be action'ed on immediately. Checked with soldiers in the Help Desk. Rest of my day, minus meetings, consisted of troubleshooting network and doing everything I could to keep it operational.

Defense (Coombs): FA53 [Functional Area 53] course - you went, correct?

Cherepko: Yes.

Defense (Coombs): Functional area?

Cherepko: Overall, focuses on technical aspects of running a network. Courses are fairly good. Civilian system academy. Prepared us as well as you could in a nine month course. They trained us for Certified Information Security Professional Exam. I wish they would have trained us more on how the Army does things, but you could pick things up pretty quickly.

Defense (Coombs): Would you agree that FA [Functional Area] did not teach you the way Army does things?

Cherepko: Yes.

Defense (Coombs): When did you arrive at F.O.B. Hammer? What time in November?

Cherepko: Would guess around 14th.

Defense (Coombs): Within a few days, RIP/TOA [Relief in Place/Transfer of Authority] took place?

Cherepko: I arrived after.

Defense (Coombs): You are also the Information Assurance Manager for the Brigade? When?

Cherepko: Don't know specific date. After New Year when orders are written and signed.

Defense (Coombs): Responsibility as Information Assurance Manager?

Cherepko: I was the person in charge of insuring information practices are followed, training as required is conducted, and to insure information work force is appointed and trained.

Defense (Coombs): Conduct additional training?

Cherepko: Not for the staff or Brigade as whole; just for my soldiers.

Defense (Coombs): As I.A.M. [Information Assurance Manager], are you required to conduct security scans?

Cherepko: Don't know.

Defense (Coombs): Do anything other than I.A. [Information Assurance] scans?

Cherepko: Yes. Coordinated through [Missed] Brigade and through Corps to do security assessment of network.

Defense (Coombs): Anything besides that?

Cherepko: No sir.

[Missed a couple things.]

Defense (Coombs): What's a DIACAP [Department of Defense Information Assurance Certification and Accreditation Process] package?

[Cherepko explains - something that ensures something you're trying to accredit meets requirements.]

Defense (Coombs): Did you do a DIACAP [Department of Defense Information Assurance Certification and Accreditation Process] package for the Brigade? Were you trained? Did you know how to submit?

Cherepko: [Answers, "No" to all questions.]

Defense (Coombs): Would have provided insurance regarding vulnerabilities, correct?

Cherepko: Yes.

Defense (Coombs): Have you ever submitted?

Cherepko: No.

Defense (Coombs): March of 2011 - you received a letter of admonishment? For failure to ensure brigade was properly certified? From General Robert L. Caslen?

Cherepko: [Answers, "Yes" to all questions.]

Defense (Coombs): Ever go into the Brigade T-S.C.I.F?

Cherepko: Yes.

Defense (Coombs): Why?

Cherepko: Troubleshooting and occasionally to pick up officers to go to lunch.

Defense (Coombs): Now - normal S.C.I.F operations still apply to in theater S.C.I.F, right?

Cherepko: Don't know if rules apply.

PROSECUTION OBJECTION: SUBJECT MATTER OUT OF RANGE

OVERRULED

Defense (Coombs): Did you ever receive any DAIG [Department of the Army Inspector General] inspections while you were there? Know why not?

Cherepko: No. Was never told why.

Defense (Coombs): What is it?

Cherepko: Department of the Army Inspector General. Brigade went through one well after we were deployed. FORSCOM agents went through a checklist to make sure we met requirements.

Defense (Coombs): Did you view inspecting T-S.C.I.F. part of your job as information Assurance Manager?

Cherepko: I didn't treat it any differently than any other Brigade. To me, S2 [Intelligence] offices were same as S3 [Training and Operations] or anything else.

Defense (Coombs): Did you view inspecting T-S.C.I.F as part of your job?

Cherepko: Yes, Sir. Inspections...they don't rule out specific places because of their job. So if I did an inspection, I would include T-S.C.I.F., yes.

Defense (Coombs): Know if T-S.C.I.F. was inspected?

Cherepko: I believe it was inspected. [Missed the rest of his answer.]

Defense (Coombs): S.C.I.F Security Officer installed? Why not?

Cherepko: No.

Defense (Coombs): SSR - S.C.I.F. Security Representative, was there one?

Cherepko: Don't even know what that is.

Defense (Coombs): Did you ever see music on the T-Drive?

Cherepko: Yes.

Defense (Coombs): How was it stored?

Cherepko: Like everybody else's documents - people had music in their folders.

[Indecipherable from transcribers transcript.]

Defense (Coombs): You did not have an authorized music folder, right?

Cherepko: Right.

Defense (Coombs): When you saw music, you would delete?

Cherepko: Yes.

Defense (Coombs): And apparently it would go back on T-Drive?

Cherepko: Yes because it kept reappearing.

Defense (Coombs): Was anyone ever punished?

Cherepko: No.

Defense (Coombs): Did you recommend that anyone ever be punished?

Cherepko: Wouldn't say anyone was punished.

[END OF TRANSCRIPT BUT NOT END OF DAY]

MISSED COMPLETE CAPTAIN THOMAS CHEREPKO

Other Resources:

Donate via WePay

Donate Bitcoins

Categories