Now, via @a_greenberg at Wired:
On Friday, the secret-spilling group announced that it has finally relaunched a beta version of its leak submission system,
a file-upload site that runs on the anonymity software Tor to allow uploaders to share documents and tips while protecting their
identity from any network eavesdropper, and even from WikiLeaks itself. The relaunch of that page--which in the past served as the
core of WikiLeaks' transparency mission--comes four and a half years after WikiLeaks' last submission system went down amid infighting between WikiLeaks' leaders and several of its disenchanted staffers.
The long hiatus of WikiLeaks' submission system began in October of 2010, as the site's administrators wrestled with disgruntled staff members who had come to view Assange as too irresponsible to protect the group's sources.
After 5 years of broken promises, WikiLeakS have now re-launched something which is similar to the more widely deployed open source @SecureDrop or @GlobaLealeaks platforms which several media organisations and couple of individual journalists offer, as one of the channels to contact
them securely, with or without actual leak documents.
N.B. you have to hunt for the "Submit" button link in a drop down menu on the WikiLeakS.org home page
This WikiLeakS system also relies on Tor, something which their previous efforts only used sporadically and inconsistently.
The Tor Hidden Service .onion address (which only works if you are using a Tor enabled web browser) is:
The optional Questions on the submission form, imply that publication of the leaked data or documents can be delayed e.g. until after the
whistleblower has left their current employer, but there are no guarantees as to if, or when a document will ever be published by wikiLeakS.org.
The neglect of small scale, limited audience leaks, in favour of meglomaniacal mega leaks, is what led in part, to the revolt of so many of the early WikiLeakS volunteers against the dictatorial and cultish Julian Assange 5 years ago.
Until WikiLeakS explain in detail what happens next to a leaked document, once it has been uploaded, and exactly who has access to it, or to any
correspondence with the whistleblower, nobody, especially not "national security" whistleblowers should use this system.
Who owns the leaked documents & what is the redaction policy?
Given the previous attempts by Assange & WikiLeakS to claim exclusive ownership and copyright of, essentially, other people's stolen information,
the fact that there is no policy statement about the ownership of leaked material, is telling.
Do whistleblowers automatically hand over all rights and control over the release and any censorship or redaction of innocent 3rd parties personal details which may be in the leaked documents to Assange or to WikiLeakS ?
8192 bit GPG Key
Over 7 years after letting their first public GPG key 0x11015f8 expire without replacement,nging that there were some fake keys on (insecure) public keyservers, and whinging that some people were using PGP/GPG insecurely
(without any detailed guidance from the supposed experts at WikiLeakS.org themselves), they have now published a new 8192 bit GPG Public encryption Key:
pub 8192R/92318DBA 2015-04-10 [expires: 2016-04-09] uid WikiLeaks Editorial Office High Security Communication Key (You can contact WikiLeaks at http://wlchatc3pjwpli5r.onion and https://wikileaks.org/talk)
sub 8192R/D6DFD684 2015-04-10 [expires: 2016-04-09]
Fingerprint: A04C 5E09 ED02 B328 03EB 6116 93ED 732E 9231 8DB
They have not explained why they have chosen to publish a non-standard 8192 bit key.
The normal user interfaces to GPG software defaults to 2048 bits or a maximum of 4096 bits).
It is possible to create 8192 bit keys (or longer) using GPG command line batch mode options.
There is no cryptographic reason to use 8192 bit key - it is not in practice any stronger than an already unbreakable 2048 or 4096 bit key.
So few people have or use 8192 bit keys, that its use makes it a characteristic marker, likely providing circumstantial evidence linking, on the balance of probabilities, any seized or stolen encrypted documents on a whistleblower's computer or USB media to WikiLeakS, regardless of the use of "throw-keyids" or the fact that the encrypted file cannot be de-crypted by the authorities or thieves.
There is no advice on the WikiLeakS.org website about how whistleblowers should use the GPG software properly, on different plaformse.g.
password lengths, extra hash protection of their private keys in the keyring, physical protection of the keyring, the use of throw-keyids etc. etc.,
Unlike SecureDrop, there is no leak submission contact messaging channel within the submission system workflow
WikiLeakS have added a .onion Tor Hidden Service to their existing web chat system
http://wlchatc3pjwpli5r.onion and https://wikileaks.org/talk
N.B. the customised / branded first few digits of the chat system's Tor Hidden Service (presumably done using a GPU based hash generator like Scallion
which they did not bother with for the leaked document submission system.
They also publish a non-Tor Hidden Service url for this chat system, so it may be ok for general chat with WikiLeakS staff or volunteers,
but any "national security" whistleblower should steer clear of it, even via Tor as the chat servers can be tracked down (for potential seizure or man in the middle attacks) via the non-Tor users
Using any form of real time communications either encrypted chat or phone calls is too risky between genuine "national security" whistleblowers and a heavilly surveilled target like WikiLeakS.org
- there is no scope for "plausible deniability" or an alibi, unlike with e.g. programmatic ally time delayed sending of encrypted emails or other online publications
Arrogance & Obscurity
Julian Assange is still claiming that
Other submission technologies inspired by WikiLeaks, such as the European-based GlobaLeaks and the US-based Secure Drop, while both excellent in many ways, are not suited to WikiLeaks'
sourcing in its national security and large archive publishing specialities. The full-spectrum attack surface of WikiLeaks' submission system is significantly lower than other systems and is optimised for our secure deployment and development environment. Our encrypted chat system is integrated into this process because sources often need custom solutions.
No ! The "full-spectrum attack surface" of WikiLeakS's system is no better than that of any other Tor Hidden Service.
Potential whistleblowers have no way of judging whether WikiLeakS' secret internal computer and human systems are
any better or worse than those of SecureDrop or GlobaLeaks or other submission systems.
The next paragraph shows that Assange et al are still creating solutions to straw man problems, whilst ignoring the real risks to potential whistleblowers
For example, one of the problems with public-facing submission systems is bootstrapping. The fact that a source is looking at instructions that are telling them how to submit material could be used as evidence against them if there is an SSL key break. To prevent this, we deploy the full bootstrap instructions and keys on millions of WikiLeaks pages across our full server network. When the "Submit" button is pressed, there is literally zero network traffic as a result, because all these details are downloaded everytime anyone looks at nearly any page on WikiLeaks. We cover the source bootstrap process with our millions of page views by readers.
These "millions of web pages" are a red herring and do nothing to obscure the traffic generated by the whistleblower, especially when they choose to hit the Submit button.
The time, date and the number of bytes of data which the whistleblower uploads to WikiLeaks is still observable, regardless of the fact that it is encrypted.
If anyone on a government or military network visits any part of the WikiLeakS.org website from work, that is likely to be flagged as suspicious behaviour regardless of how innocuous the content of a web page may be.
Their submission system provides no tools and not even any advice or instructions on splitting up or combining or padding out documents
so as to hide their potentially characteristic size from ISP or state state communications data traffic analysis.
3. Do not talk about your submission to others
If you have any issues talk to WikiLeaks. We are the global experts in source protection - it is a complex field. Even those who mean well often do not have the experience or expertise to advise properly.
This includes other media organisations
The claim that "We are the global experts in source protection", is, of course, exaggerated.
WikiLeakS.org has not proved to be any better at avoiding infiltration and surveillance than other media organisations or activist groups or intelligence agencies .
Given how the main WikiLeakS source Bradley now Chelsea Manning (now serving 35 years in prison) was not handled properly as a source by Assange (publication seems to have been more important to him than the welfare of Manning) it seems unlikely that WikiLeakS will ever again be handed large scale leaks or any "national security" leaks via this submission system.
It is very telling that despite the help that Sarah Harrison later gave to Edward Snowden between Hong Kong and Moscow, he did not trust WikiLeakS or Julian Assange with his revelations.
Assange is still in self exile in the Ecuadorian Embassy in London, trying to evade extradition to Sweden on alleged sex offences.
As such, given the millions of pounds UK taxpayers' money & the Metropolitan Police Service overtime being wasted on him he is likely a very high profile target for GCHQ and other signals and human intelligence agencies.
If, as we suspect, he is still heavily involved in the WikiLeakS editorial process, he himself is probably the greatest risk to the anonymity and safety of any "national security" whistleblowers stupid enough to contact WikiLeakS.org