55 thoughts on “Wikileaks

1 2
  • Jon

    Heard about this from the Guardian, and not sure what to make of it. Looks like they are there on the main site as well (http://wikileaks.ch/cablegate.html), but all the volunteer mirrors have been deliberately abandoned. Why that is, I also don’t know.
    .
    I suspect there are some underlying machinations that we are not party to – and from what I can tell there has been no word from WikiLeaks or Assange as to why they are doing this. On the surface, I would be inclined to join in the condemnation, even though I strongly support WikiLeaks generally. But there is sure to be something else going on, as this surely would not have been done for no reason at all.
    .
    Firstly, revenge for under-the-radar operations against WikiLeaks? Or, revenge for the continued incarceration of the alleged leaker, Bradley Manning? Perhaps WL set a deadline for the cessation of either, and when the US system failed to meet it, they carried out their threat. But in my view this would only antagonise the US giant, and so is unlikely.
    .
    Or, something to do with the high-profile falling out with the Guardian in particular? Or could it be to remove the corporate media as a “middle man” for the leaks, given that the MSM might be seen as part of the global machine in the first place? Again, both are just conjecture.
    .
    Perhaps it has more to do with Assange’s writings on the disruption of organised criminal conspiracies (look them up if you’ve not read them). Perhaps it is judged that the impact of the leak will be to short-circuit the ongoing operation of the military industrial complex even at the risk of injuring third parties (a strategy as morally questionable as NATO asserting that “collateral damage” is acceptable during its avoidable wars).
    .
    I do hope we get a full statement from Wikileaks on this; until then, I reserve judgement.

  • Clark

    Craig, I won’t put the link here in public – pointless, I know, but it’s a matter of conscience. I’ll e-mail instead; please let me know what you receive.
    .
    Wikileaks didn’t publish the unredacted versions. The publication was a malicious strike against Wikileaks.

  • Jon

    Hmm, Monbiot on Twitter has sided with the Guardian, though I guess that is to be expected. Short version: Assange may be responsible for re-using a password, Leigh may be responsible for publishing that password in a book! Both are bad, if true; the latter is considerably worse. My early judgement is: what a mess.

  • Paul Johnston

    @Jon
    Working in IT as I do I would say re-using a password is far far worse than publishing it.
    It’s not rocket science to put expiry dates on passwords and quarantine old passwords, (and ones similar) for a set period of time.
    Stops people being forced to change passwords monthly and doing it by just adding 1, then 2 then 3 to the end of it (Seen that :-)).
    Assange is suppose to be a computer wizz/ex hacker so to suggest he would reuse a password is pushing it a bit (IMHO)

  • Jon

    @Paul, I’m in IT too. You’re right about temporary passwords in general, but it doesn’t apply in this case. Wikileaks have been at pains to stress this, but I don’t think that message is being heard.
    .
    Once a file that has been encrypted has been released “into the wild”, then the password cannot be changed. It is precisely the same problem that the US Government have: unpublishing a file once it has been published.
    .
    But if Assange has reused a password due to laziness, then yes he doesn’t get off the hook. I am just surprised that the Guardian would knowingly publish a password in their book – I mean, you don’t do that by accident 🙂

  • Jon

    So yeah, using a temporary a password in this case is harder than rocket science: it’s impossible!

  • Quelcrime

    Is this the ‘Insurance’ file that was released some time back? If so, perhaps the Grauniad’s purpose was to render it unusable for insurance purposes. Rusbridger being a neocon stooge with a liberal disguise even less convincing than his wig.

  • Paul Johnston

    @Jon, I have no axe to grind here but from a professional point of view I’m thinking if this stuff is so “Hot” I would have it nailed down tighter than the proverbial. Also I would have it broken into small packets each individually protected. Is it true that this involves about a quarter of a million cables? Hubris seems to have got the better of someone here. If I had information I would never send it to a group which appear so inept that it got into the wild in such large amounts.

  • Jon

    Yes, certainly the encryption used was definitely “nailed down” – very strong indeed. The weak point was giving the password to someone who has not protected it. That said, it would have been harmless if the encrypted file had been specifically encoded for the Guardian (i.e. it would not have unlocked copies in the wild). This relies on my assumption that the large encrypted file given to the Guardian was not also leaked by the Guardian.

  • mary

    Glenn Greenwald
    .

    ‘The Guardian, that generally produces very good and responsible journalism…’
    .
    http://www.salon.com/news/opinion/glenn_greenwald/2011/09/02/wikileaks/index.html
    .
    However:
    .
    ‘What happened here was that their hand was forced by the reckless acts of The Guardian’s Leigh and Domscheit-Berg. One key reason access to these unredacted cables was so widely distributed is that Leigh — in his December, 2010, book about the work he did with WikiLeaks — published the password to these files, which was given to him by Julian Assange to enable his reporting on the cables. Leigh claims — and there’s no reason to doubt him — that he believed the password was only valid for a few days and would have expired by the time his book was published.

    ‘That belief turned out to be false because the files had been disseminated on the BitTorrent file sharing network, with that password embedded in them; Leigh’s publication of the WikiLeaks password in his book thus enabled widespread access to the full set of cables. But the key point is this: even if Leigh believed that that particular password would no longer be valid, what possible point is there in publishing to the world the specific password used by WikiLeaks or divulging the types of passwords it uses to safeguard its data? It is reckless for an investigative reporter to gratuitously publish that type of information, and he absolutely deserves a large chunk of the blame for what happened here; read this superb analysis by Nigel Parry to see the full scope of Leigh’s culpability.’

  • Jon

    @g33kThug, why Assange didn’t discuss this with Leigh et al is a good question. But it may be that the professional bridges were very burnt by that stage, and discussing it after publication would have had no effect anyway. My view is that if Assange had seen a draft, he would have objected to the inclusion of the password – but of course even by then its security depends on how many people handled the draft, and how it was transmitted between reviewers. (Once it has been emailed, for example, it can be considered as good as leaked).
    .
    Angry – yes! I think that will take a long time to come out. Any interesting revelations will be replaced the very next day with another one.

  • Jon

    Incidentally, I wouldn’t want to be Leigh or Assange right now. Arguably both have got their reputations at stake, and both could lose them. I don’t think mistakes attributable to either of them were done out of malice, but they could prove expensive nevertheless.
    .
    Phew!

  • g33kThug

    Jon. I doubt that anybody would imagine that Leigh would be so stupid as to publish a real password to an encrypted file that was circulated via torrent and sits on thousands of computers and web servers worldwide.
    .
    But it appears that he really is that stupid.

  • R2D2

    @Clark “Craig, I won’t put the link here in public – pointless, I know”

    Entirely pointless. What is gained from depriving the public from access to the cables, when everyone else already has them?

    Here they are in plain text form via The Pirate Bay:

    thepiratebay.org/torrent/6644172/Wikileaks_Cables__Full__Unredacted__and_Decrypted_

  • Phil

    What better way of ‘nailing’ Assange than to leak the password?

    I wonder if the USA governmant and its agents have a finger in this very messy pie.

  • mary

    Leigh and Greenwald on Salon article
    .
    David Leigh responds in comments section to Greenwald’s article:

    ——————————
    Friday, September 2, 2011 11:32 AM ET

    wikileaks blame game

    Let me get this straight: some wikileaks person foolishly posts a file online containing all the secret cables; another wikileaks person subsequently decides to publish them unredacted to the world.

    And this is somehow supposed to be MY FAULT?

    If Assange had a genuine problem with our book’s contents, why didn’t he do – or even say – a single thing about it during the six months the book has actually been out?

    I wonder why. But I can guess.

    —davidleigh3
    ——————————

    Let me get this straight: some wikileaks person foolishly posts a file online containing all the secret cables; another wikileaks person subsequently decides to publish them unredacted to the world.

    And this is somehow supposed to be MY FAULT?

    I was very clear about what accounts for your culpability: you published the password in your book. Why would you possibly do that?

    Even if you believed it was valid for only a few days – and I credited the credibility of this claim – what possible purpose is served by telling the world the kinds of passwords WL uses to safeguard its data? It’s irresponsible at best to have published that, and had you not done that, this wouldn’t have happened.

    As I said, other parties deserve blame, but so do you.

    —GlennGreenwald
    .
    ex http://members5.boardhost.com/medialens/msg/1314982531.html

  • Jon

    @g33kThug, yep, it defies belief. One account has it that Leigh was informed that the password was temporary, but WL would certainly not have given him that information. To me it is quite obvious that, given the technology used, the password could not be changed once the file is in the wild – and I am not a cryptographer.

  • Jon

    Mary, thanks for Greenwald’s response. I wonder if people will start making comparisons between Leigh’s actions and “deliberately revealing ones sources”. If people find that a credible comparison, whistle-blowers are unlikely to want to deal with Leigh again.

  • Paul Johnston

    @Jon
    Sorry how can you say they were secure if the password was out in the wild?
    Bit like the diebold machine and the photo of the key.
    But what I cannot get my head around is why one password gives access to ALL this stuff.
    Also the bloody password is made up of real word and numbers couple with underscores and a hash.
    See http://thecomingcrisis.blogspot.com/2011/09/julian-assange-password-was-published.html
    Can anyone confirm when the book was actually published, has this thing been out since 1st February?

  • Jon

    @Paul – encrypted files are extremely secure (with the right encryption algorithm) if the password is not released. So, WikiLeaks were quite right to call them secure up until the password was published. After that point, you’re right: the security of the file only depended on people not realising the password still works. As security analysts know, “security through obscurity” is not secure at all.
    .
    I saw the book in Waterstones back in May or June, so it’s been out for a while. I didn’t buy it deliberately though, as I know it’s a Guardian book, and I am aware that they may have shafted Assange over it.

1 2

Comments are closed.