The Guardian and the Wikileaks Encryption Key 196
rtfa-troll writes "Bruce Schneier has a good article explaining how the Guardian released the encryption key for the WikiLeaks cables and destroyed the main protection against the release of informers' personal information. The comments in Schneier's blog fill in details of how exactly WikiLeaks' secondary file security protections were also bypassed. Now the Guardian has an article that Assange risks arrest by Australia over the latest leaks, which include information about an Australian intelligence officer. They even say, 'We deplore the decision of WikiLeaks to publish the unredacted state department cables, which may put sources at risk,' and go on to state that 'The decision to publish by Julian Assange was his, and his alone,' something which seems clearly debunked in the analysis on Schneier's blog."
Wikileaks did the right thing sorta (Score:5, Interesting)
They were stupid to let the Guardian to get the key in the first place but once it was out making it more available was the right call.
When you had to get the data and key together that require time, and some computer skills. People who might retaliate against leakers have the resources to marry the key and copy of the data they either already had or could get from torrents.
That might be much harder to do for some poor tribesman who has limited or intermittent access to the internet. By making the information easier to get at, it lowers the bar, makes it easier for potential victims to know if they have been outed, and need to protect themselves.
the guardian (Score:3, Interesting)
are playing a stupid game right now.
In their JA will face arrest in Australia article they earlier said something like "the Guardian unknowingly publish the password in the Guardian's book" etc,
now that phrase is nowhere to be found from the article...
Re:Links & hints to the data (Score:4, Interesting)
Not everyone in these documents was involved in covert operations.
I personally know a person who was mentioned in these documents. He can't be the only one who was innocently roped into this.
Re:Links & hints to the data (Score:5, Interesting)
These leaked cables are about HAVING KILLED PEOPLE!
Including the point-blank firing of weapons into the heads of toddlers.
Including Israeli lies about killing "terrorists" being revealed as bombing and killing 16 civilian villagers, at prayer.
Like most reactionary cranks, you fret SO over the theoretical loss of life that might occur, if illegal and anti-democratic secrecy is not punitively enforced.
Where is your concern, passion and outrage about the ACTUAL callous and criminal loss of life, that would have initiated any such threat?
Your hypocrisy and disingenuous moral posturing stinks like the foetid pool of death that you defend.
Re:Links & hints to the data (Score:5, Interesting)
Look at this from the tin-hat angle:
David Leigh/Guardian is working in the interest of CIA/MI6 and looking not to collaborate with WikiLeaks, but to ensnare him for prosecution.
Clue: DL Insisting on seeing the actual files
Clue: DL Pressing for the GPG passphrase
Clue: DL Publishing the ENTIRE proceeding and passphrase in a book
Dumbshit-Borg is either a long-time mole or was "turned"
Clue: D-B had full access to all unredacted material
Clue: D-B acrimoniously split with Assange/WikiLeaks over ego-boundary shit and speculative "risk" issues
Clue: D-B in his schism is part of the probable exposure of these cables - portrayed as an "accident", while he was unilaterally and admittedly sabotaging WikiLeaks
Clue: D-B can now say "I told you so" over this exposure of sources - pointing to this as evidence, rather than a situation he perpetrated
The US Army Counterintelligence Agency said in 2008 that WikiLeaks was"a potential force protection, counterintelligence, OPSEC, and INFOSEC threat to the US Army" and PLANNED OPERATIONS to neutralise/discredit WikiLeaks:
"The identification, exposure, or termination of employment of or legal actions against current or former insiders, leakers, or whistleblowers could damage or destroy this center of gravity and deter others from using Wikileaks.org to make such information public."
http://www.scribd.com/doc/28385794/Us-Intel-Wikileaks [scribd.com]
Question: Do you think that the Agency makes these declarations in vain, for their entertainment value?
Question: Do you think they are alone, and that there are not equivalent planned and current operations by the CIA, etc.?
Question: Are the combined actions of DL and D-B implausible as the intended outcome of a counter-WikiLeaks strategy, set in motion by one or more intelligence agencies, including US Army Counterintelligence?
Think about it. Once they set this down IN PRINT, internally, and don't have a "positive" outcome? Sombody goes through the ringer.
This is likely all a setup. One with a scenario that is similar to the one indicated here, if not completely identical. It is one where where David Leigh and Dumbshit-Borg are either pathetic and self-serving dupes, or sickening quislings.
Either way, this is a noose fabricated of intentional actions with plausible deniability. Identify WikiLeaks with Assange's personality, and attack the personality. Attack the credibility of WikiLeaks methodology while distracting from their effectiveness and success in exposing filth, corruption and illegal government action.
I know the will get Assange one way or another. They just created the circumstance to have him charged in Australia - their one sure bet. But watch out, DL and D-B.
When your mysterious, untimely deaths occur, I will look at it as confirmation of these speculations.
And proudly burnish my tin-hat...
The key was not for the insurance file, however... (Score:4, Interesting)
From what is stated;
1) The key given to the reporter was not the key for the insurance file
2) The Assange had provided a backup method for others to recover the data in the case he was a) killed, b) otherwise rendered incapable to act by other than having the group act on his behalf
3) Whereas it is easy to revoke access to content on a central server, it is impossible to revoke access to a file that cannot be changed (a password can simply not be revoked unless you can write to it) In other words you cannot revoke passwords for content that is available on bit torrent etc.
4) The way encryption usually work is through two sets of keys, i.e. LUKS. The real key is essentially always 512bits, but nobody including you ever use this key - you have a password and a separate key that releases the 512bit key!!!
No, we do not know if there was a second pass-phrase key on the content provided to the reporter, but if it was, having one key which gives access to the full 512bit key and content might be used to reveal alternative keys to get the real key. One of which might cascade to the key used in the insurance file. Which is why it was truly irresponsible of the reporter to publish the key regardless!!! That is as far as I see neglect, and being clueless is under no circumstance justification. Yes, the password could be revoked on access, but any backup prior to revocation can as stated above would retain access with that key whether it is a tape, an USB copy, or bit torrent.
Anyway, it is not for sure there where any alternative keys combined with that content, however, we do know the group had access to release the content of the insurance file in case something did happen to Assange anyway...
That the Insurance file was released on Bit torrent was most certainly not a mistake, however, it will have been a mistake if an alternative key used on the content given to the reporter could cascade to this key somehow. (From what I have learned of the case, I kind of don't think the problem was here).
So that leaves the people who where on the inside with the knowledge necessary to release the key...
Sure, there has been a lot of mistakes happening; we can blame Assange for believing in the fools who left for OpenLeaks. They were likely always the number 1 threat to the whistle blowers: Internals who sabotage, steal and try to destroy the original organization with internal knowledge.
Mirror, mirror... (Score:4, Interesting)
David Leigh and Dumbshit-Borg are either pathetic and self-serving dupes, or sickening quislings
Indeed. According to Der Spiegel [spiegel.de], the encrypted file was among those taken from Wikileaks by Domscheit-Berg when he acrimoniously left to start his own rival Openleaks site. It was then released by Openleaks using volunteers to seed torrents of many of their files. Meanwhile, David Leigh of The Guardian published the password which Assange had given him, thereby apparently breaking an agreement of confidentiality. Later, an Openleaks-associated news site let people know where the key to this particular file could be found.
Smelly sticky shit is indeed flying, but it looks like a side effect of Assange/Wikileaks being stabbed in the back by Domscheit-Berg/Openleaks and David Leigh of The Guardian. Whether the stabbing occurred by coordinated malice or combined stupidity and incompetence is still a little uncertain. Either way, it's hard to blame this directly on Assange/Wikileaks.