February 2010 Archives

Twitter, with its very short messages, is inherently the wrong medium for publishing important security / anonymity / financial warning advice about the WikiLeakS.org project.

http://twitter.com/wikileaks/status/9495477247

Our Kenyan PO BOX is no-longer considered secure after a break in. Please use Australia or Cambodia instead.

'Mon Feb 22 22:03:11 +0000 2010

from bit.ly

The WikiLeakS.org website is still deliberately crippled, and no longer displays the PO Box address for "Cambodia".

Why anyone would trust the Cambodian Government not to snoop on foreign letters or parcels sent to such a Post Office Box address, is a mystery.

The Postal Submissions (for whistleblower leak documents) web pages, did at least offer a few words of security / anonymity advice, which the single Twitter message, obviously does not.

Astonishingly, the current WikiLeakS.org home page still gives out this allegedly insecure address for Kenya, over 24 hours after the Twitter warning was published.

Kenya
WikiLeaks ICT
PO Box 8098-00200
Nairobi
Kenya

in the section devoted to "give us your money".

  • So is this address still suitable for sending cash or other financial donations, but not for whistleblower leak documents ?
  • Why can they not publish a full details about this security threat in Kenya, on the WikiLeakS.org website ?
  • What procedures does WikiLeakS.org employ to audit the reliability of their postal PO Box submissions, which they have suggested as a high security method of sending them whistleblower leaked documents.?
  • Do they ever send test documents and / or money via these PO Boxes, to see if these are being intercepted, delayed , censored or stolen ?
  • If the Kenyan PO Box can still be trusted, then the WIkiLeakS.org Twitter feed obviously cannot be trusted.

In order to reduce the chances of a Denial of Service attack via Rumour, WikiLeakS.org should have published fuller details of the reasons for no longer trusting this published method of submitting sensitive whistleblower leak documents and / or money, on their own website and via an email Press Release.

This security / anonymity warning press release should have been Digitally Signed using their (now long expired) PGP Public Encryption and Signing cryptographic Key, to vastly reduce the chance that it has been tampered with or entirely forged.

WikiLeakS.org purport to be experts in protecting their whistleblower sources, so why are such simple precautions beyond them ?

WikiLeakS.org is still asking for money:

We have raised just over $350,000 for this year. Our yearly budget is around $600,000.

However, their self imposed moratorium on publishing leaked documents, has now been selectively breached, presumably for political purposes:

Classified cable from US Embassy Reykjavik on Icesave dated 13 Jan 2010

This document, released by WikiLeaks on February 18th 2010 at 19:00 UTC, describes meetings between embassy chief Sam Watson (CDA) and members of the Icelandic government together with British Ambassador Ian Whiting.

This is just a link to a simple text file, rather than the usual WikiLeakS.org wiki page with a (.pdf) or (.zip) archive and a cryptographic checksum.

Publication in this way denies people the opportunity to post Comments on or Analysis of the alleged whistleblower leak document on the WikiLeakS.org website itself.

The actual link is to:

http://wikileaks.org/file/us-watson1-2010.txt

However, the corresponding "secure" SSL / TLS encrypted version of the link is not available:

https://wikileaks.org/file/us-watson1-2010.txt

This re-directs to an Error Page and then to the "secure" document submission web page - why would anyone submit any new whistleblower leak documents to the WikiLeakS.org website, which currently have almost no chance of being published ?

The previously available Tor Hidden service via https://gaddbiwdftapglkq.onion/, which used to offer end to end encryption and quite strong anonymity mixing through the Tor server node cloud, is not working either.

Is this a further erosion of the supposed ethical standards and transparency which were proclaimed when the WikiLeakS.org project started ?

Revealing some alleged details, that Icelandic politicians in the Government and in the Opposition are meeting with each other, and with US and British and Norwegian etc. diplomats, in order to try to find compromises, and a way out of the Icesave financial crisis, is hardly a significant secret, which is being hidden from the Icelandic or world public, for some nefarious reason or other. Surely that is what they are all paid to do as a matter of course, anyway ?

If this plausible looking text is genuine, then will there now be a "mole hunt" / security investigation at the US Embassy in Reykjavik or the State Department and other addresses in Washington, to try to track down how the alleged text of a supposedly confidential and, presumably encrypted, diplomatic telegram fell into the hands of WikiLeakS.org ? Or, since the British Ambassador is named and quoted specifically, and may well have been forwarded a copy, was the leak due to laxness by the United Kingdom's bureaucracy ?

Will all Icelandic staff working at those embassies now fall, unfairly, under suspicion of espionage as a result of this leak ?

Will all internet traffic to and from the WikiLeakS.org website now, be legitimately snooped on by the US National Security Agency ? The NSA is obviously tasked with ensuring the security and confidentiality of US diplomatic cables and other communications to and from US Embassies around the world.

Whether this leak will actually help or hinder the forthcoming vote in the Althing the Icelandic Parliament, on the WikiLeakS.org inspired idea of reforming Icelandic laws to protect investigative journalism and to counter libel tourism and secret legal injunctions etc., is uncertain. See the previous blog article Icelandic Modern Media Initiative - WikiLeakS.org "Publishing Haven" laws in Iceland ?)

Just what sort of media, whistleblower source protection, anti-libel tourism etc. legislation , are Julian Assange , Daniel Schmitt and the other WikiLeakS,org activists actually helping to draft in Iceland ?

Chris Vallance from the BBC has an article and video interview with some of those involved: Wikileaks and Iceland MPs propose 'journalism haven'

Coupled with Iceland's attractions for companies looking for cheap, non-carbon cycle electricity and cooling for their internet server farms, such legal protection could be very attractive to "cloud computing" and publishing services.

Will WikiLeakS.org get some server space and bandwidth in Iceland ?

Perhaps they should firstly pay US$ 250 for the wiikileaks.is Icelandic domain name registration (limited to Icelandic citizens) ?

Will the Icelanders manage to shame the increasingly repressive and hypocritical European and North American Governments into sorting out their own equivalent laws, which also badly need reform in the internet age ?

Here are some more details of what is being proposed:, but not an actual detailed legal Bill:

Icelandic Modern Media Initiative - Proposal

If WikiLeakS.org have really raised enough money to cover their costs for the forthcoming year, then why is the web site still non-functional in terms of its raison d'etre i.e. the publication whistleblower leak documents ?

Last week's stupid Twitter message

https://twitter.com/wikileaks/status/8613426708

Achieved min. funraising goal. ($200k/600k); we're back fighting for another year, even if we have to eat rice to do it.

5:51 PM Feb 3rd from bit.ly

generated a lot of "wikileaks is saved" or "wikileaks financial crisis is over" etc. coverage from the Twitterers and the online bits of the mainstream media.

Incredibly, the authenticity of this Tweet , and the unwarranted assumption that it really represents the collective official policy of the whole wikileaks.org project and its supporters, does not seem to have been questioned by those professional journalists and gungho "must be first to re-tweet" social media network addicts.

  • Is there an announcement that "we have enough money thanks, there is no need to donate any more" on their web site ?

    No, just the opposite, in fact, they are still begging for money.

  • Is there a wikileaks Press Release with contact details for official WikiLeaks.org spokesmen, announcing the end of wikileaks' financial woes ?

    No.

  • Does this (non-existent) Press Release bear a Digital Signature, showing its authenticity and lack of forgery, using a (non-existent) WikiLeakS.org public key cryptography based valid PGP Signing Key ?

    No (because WikiLeakS.org refused to renew their initially published, but now expired PGP Key - wikleaks@wikileaks.org PGP key id 0x11015F80 - expired 2nd November 2007)

Why has one single anonymous, very short "tweet" message via a notoriously insecure system like Twitter, been accepted and trusted as being entirely true ?

Remember that Twitter has had its "security" utterly compromised and has been used to send fake "tweets" messages, not just once, but several times in the last year or so.

Surely the amount of money being donated via PayPal and TipIT.to etc. must have been adversely affected by this premature announcement that gives the impression that the financial crisis is over ?

Belated removal of the "web bug" embedded video clip.

The only positive development this week, has been the belated removal of the embedded YouTube video, which was acting as a "web bug"

Because the static image was served remotely from web servers noy inder WikiLeakS.org control, this was betraying the browser details and IP addresses of most of the visitors to YouTube/ Google, who definitely do keep searchable log files and more, for the benefit of their Government and corporate clients.

About this blog

This blog here at WikiLeak.org (no "S") discusses the ethical and technical issues raised by the WikiLeakS.org project, which is trying to be a resource for whistleblower leaks, by providing "untraceable mass document leaking and analysis".

These are bold and controversial aims and claims, with both pros and cons, especially for something which crosses international boundaries and legal jurisdictions.

This blog is not part of the WikiLeakS.org project, and there really are no copies of leaked documents or files being mirrored here.

Email Contact

Please feel free to email us your views about this website or news about the issues it tries to comment on:

email: blog@WikiLeak[dot]org

Before you send an email to this address, remember that this blog is independent of the WikiLeakS.org project.

If you have confidential information that you want to share with us, please make use of our PGP public encryption key or an email account based overseas e.g. Hushmail

LeakDirectory.org

Now that the WikiLeakS.org project is defunct, so far as new whistleblower are concerned, what are the alternatives ?

The LeakDirectory.org wiki page lists links and anonymity analyses of some of the many post-wikileaks projects.

There are also links to better funded "official" whistlblowing crime or national security reporting tip off websites or mainstream media websites. These should, in theory, be even better at protecting the anonymity and security of their informants, than wikileaks, but that is not always so.

New whistleblower website operators or new potential whistleblowers should carefully evaluate the best techniques (or common mistakes) from around the world and make their personal risk assessments accordingly.

Hints and Tips for Whistleblowers and Political Dissidents

The WikiLeakS.org Submissions web page provides some methods for sending them leaked documents, with varying degrees of anonymity and security. Anybody planning to do this for real, should also read some of the other guides and advice to political activists and dissidents:

Please take the appropriate precautions if you are planning to blow the whistle on shadowy and powerful people in Government or commerce, and their dubious policies. The mainstream media and bloggers also need to take simple precautions to help preserve the anonymity of their sources e.g. see Spy Blog's Hints and Tips for Whistleblowers - or use this easier to remember link: http://ht4w.co.uk

BlogSafer - wiki with multilingual guides to anonymous blogging

Digital Security & Privacy for Human Rights Defenders manual, by Irish NGO Frontline Defenders.

Everyone’s Guide to By-Passing Internet Censorship for Citizens Worldwide (.pdf - 31 pages), by the Citizenlab at the University of Toronto.

Handbook for Bloggers and Cyber-Dissidents - March 2008 version - (2.2 Mb - 80 pages .pdf) by Reporters Without Borders

Reporters Guide to Covering the Beijing Olympics by Human Rights Watch.

A Practical Security Handbook for Activists and Campaigns (v 2.6) (.doc - 62 pages), by experienced UK direct action political activists

Anonymous Blogging with Wordpress & Tor - useful step by step guide with software configuration screenshots by Ethan Zuckerman at Global Voices Advocacy. (updated March 10th 2009 with the latest Tor / Vidalia bundle details)

WikiLeakS Links

The WikiLeakS.org Frequently Asked Questions (FAQ) page.

WikiLeakS Twitter feeds

The WikiLeakS.org website does not stay online all of the time, especially when there is a surge of traffic caused by mainstream media coverage of a particularly newsworthy leak.

Recently, they have been using their new Twitter feeds, to selectively publicise leaked documents to the media, and also to report on the status of routing or traffic congestion problems affecting the main website in Stockholm, Sweden.

N.B.the words "security" or "anonymity" and "Twitter" are mutually exclusive:

WikiLeakS.org Twitter feed via SSL encrypted session: https://twitter.com/wikileaks

WikiLeakS.org unencrypted Twitter feed http://twitter.com/wikileaks

Internet Censorship

OpenNet Initiative - researches and measures the extent of actual state level censorship of the internet. Features a blocked web URL checker and censorship map.

Temporary Autonomous Zone

Temporary Autonomous Zones (TAZ) by Hakim Bey (Peter Lambourn Wilson)

Cyberpunk author William Gibson

Campaign Button Links

Watching Them, Watching Us, UK Public CCTV Surveillance Regulation Campaign
UK Public CCTV Surveillance Regulation Campaign

NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card
NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card and National Identity Register centralised database.

Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.
Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.

FreeFarid_150.jpg
FreeFarid.com - Kafkaesque extradition of Farid Hilali under the European Arrest Warrant to Spain

Peaceful resistance to the curtailment of our rights to Free Assembly and Free Speech in the SOCPA Designated Area around Parliament Square and beyond

Parliament Protest blog - resistance to the Designated Area restricting peaceful demonstrations or lobbying in the vicinity of Parliament.

Petition to the European Commission and European Parliament against their vague Data Retention plans
Data Retention is No Solution Petition to the European Commission and European Parliament against their vague Data Retention plans.

Save Parliament: Legislative and Regulatory Reform Bill (and other issues)
Save Parliament - Legislative and Regulatory Reform Bill (and other issues)

Open_Rights_Group.png
Open Rights Group

The Big Opt Out Campaign - opt out of having your NHS Care Record medical records and personal details stored insecurely on a massive national centralised database.

Tor - the onion routing network
Tor - the onion routing network - "Tor aims to defend against traffic analysis, a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security. Communications are bounced around a distributed network of servers called onion routers, protecting you from websites that build profiles of your interests, local eavesdroppers that read your data or learn what sites you visit, and even the onion routers themselves."

Tor - the onion routing network
Anonymous Blogging with Wordpress and Tor - useful Guide published by Global Voices Advocacy with step by step software configuration screenshots (updated March 10th 2009).

irrepressible_banner_03.gif
Amnesty International's irrepressible.info campaign

anoniblog_150.png
BlogSafer - wiki with multilingual guides to anonymous blogging

ngoiab_150.png
NGO in a box - Security Edition privacy and security software tools

homeofficewatch_150.jpg
Home Office Watch blog, "a single repository of all the shambolic errors and mistakes made by the British Home Office compiled from Parliamentary Questions, news reports, and tip-offs by the Liberal Democrat Home Affairs team."

rsf_logo_150.gif
Reporters Without Borders - Reporters Sans Frontières - campaign for journalists 'and bloggers' freedom in repressive countries and war zones.

committee_to_protect_bloggers_150.gif
Committee to Protect Bloggers - "devoted to the protection of bloggers worldwide with a focus on highlighting the plight of bloggers threatened and imprisoned by their government."

wikileaks_logo_low.jpg
Wikileaks.org - the controversial "uncensorable, anonymous whistleblowing" website based currently in Sweden.

Syndicate this site (XML):

Recent Comments

  • James Hyams: I'm writing a thesis on Public Trust in WikiLeaks, the read more
  • rich kaplan: Hello Wikeleaks vrew. In Turkey , the islamist goverment just read more
  • wikileak: Cryptome have a few more extracts from this book http://cryptome.org/0003/ddb-book/ddb-book.htm read more
  • wikileak: OpenLeaks.org have now launched their website with some details of read more
  • wikileak: Bahnhof Internet seem to be hosting two Wikileaks servers in read more
  • teresa: I THANK THEY JUST TO SHUT HIM UP. THEY THINK read more
  • wikileak: Clay Shirky has posted a rough transcript of Daniel Domscheit-Berg's read more
  • wikileak: @ N - you can still see the "1.2 million read more
  • N: @wikileak - Exactly, these cables are _from_ the United States, read more
  • wikileak: Openleaks.org is now displaying this meassage: Coming soon! While we read more

July 2011

Sun Mon Tue Wed Thu Fri Sat
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31