Twitter, with its very short messages, is inherently the wrong medium for publishing important security / anonymity / financial warning advice about the WikiLeakS.org project.
http://twitter.com/wikileaks/status/9495477247
Our Kenyan PO BOX is no-longer considered secure after a break in. Please use Australia or Cambodia instead.
'Mon Feb 22 22:03:11 +0000 2010
from bit.ly
The WikiLeakS.org website is still deliberately crippled, and no longer displays the PO Box address for "Cambodia".
Why anyone would trust the Cambodian Government not to snoop on foreign letters or parcels sent to such a Post Office Box address, is a mystery.
The Postal Submissions (for whistleblower leak documents) web pages, did at least offer a few words of security / anonymity advice, which the single Twitter message, obviously does not.
Astonishingly, the current WikiLeakS.org home page still gives out this allegedly insecure address for Kenya, over 24 hours after the Twitter warning was published.
Kenya
WikiLeaks ICT
PO Box 8098-00200
Nairobi
Kenya
in the section devoted to "give us your money".
- So is this address still suitable for sending cash or other financial donations, but not for whistleblower leak documents ?
- Why can they not publish a full details about this security threat in Kenya, on the WikiLeakS.org website ?
- What procedures does WikiLeakS.org employ to audit the reliability of their postal PO Box submissions, which they have suggested as a high security method of sending them whistleblower leaked documents.?
- Do they ever send test documents and / or money via these PO Boxes, to see if these are being intercepted, delayed , censored or stolen ?
- If the Kenyan PO Box can still be trusted, then the WIkiLeakS.org Twitter feed obviously cannot be trusted.
In order to reduce the chances of a Denial of Service attack via Rumour, WikiLeakS.org should have published fuller details of the reasons for no longer trusting this published method of submitting sensitive whistleblower leak documents and / or money, on their own website and via an email Press Release.
This security / anonymity warning press release should have been Digitally Signed using their (now long expired) PGP Public Encryption and Signing cryptographic Key, to vastly reduce the chance that it has been tampered with or entirely forged.
WikiLeakS.org purport to be experts in protecting their whistleblower sources, so why are such simple precautions beyond them ?
Recent Comments