The USA has applied for a "computer related" Extradation Warrant, which should be resisted, as it has nothing to do with the UK.
Any "bait and switch" to press further charges e.g. Espionage Act etc. if Assange is ever in USA custody, cannot happen legally under the UK or European i.e. Swedish laws,
due to the Extradition principle of Speciality.
"US warrant says that between Jan 2010 and July 2010 he conspired with Chelsea Manning to "effectuate" unauthorised disclosure."
The "computer related" allegation involve the supposed /failed offer to help crack the SIPRENET NTLM hashes to help Manning to gain more access to Diplomatic Cables ? N.B. Manning was not convicted of this.
https://www.justice.gov/usao-edva/press-release/file/1153481/download
The UK Courts should allow the Swedish government to re-activate their dormant prosecution for rape, which does not expire until mid August 2020.
"District Judge Michael Snow finds Julian Assange guilty of failing to surrender" "He sends Julian Assange to the Crown Court for sentencing as the offence was so serious"
c.f. BBC journalist Daniel Sandford's twitter account of today's Westminster Magistrates Court proceedings.
Asange will serve some time, up to 12 months, in a UK prison for breaking his Bail, but given his allegedly failing health, he will at least get hospital treatment if needed.
Hopefully the UK will be rid of him as soon as possible.
]]>Now, via @a_greenberg at Wired:
WikiLeaks Finally Brings Back Its Submission System for Your Secrets
[...]
On Friday, the secret-spilling group announced that it has finally relaunched a beta version of its leak submission system,
a file-upload site that runs on the anonymity software Tor to allow uploaders to share documents and tips while protecting their
identity from any network eavesdropper, and even from WikiLeaks itself. The relaunch of that page--which in the past served as the
core of WikiLeaks' transparency mission--comes four and a half years after WikiLeaks' last submission system went down amid infighting between WikiLeaks' leaders and several of its disenchanted staffers.[...]
The long hiatus of WikiLeaks' submission system began in October of 2010, as the site's administrators wrestled with disgruntled staff members who had come to view Assange as too irresponsible to protect the group's sources.
After 5 years of broken promises, WikiLeakS have now re-launched something which is similar to the more widely deployed open source @SecureDrop or @GlobaLealeaks platforms which several media organisations and couple of individual journalists offer, as one of the channels to contact
them securely, with or without actual leak documents.
N.B. you have to hunt for the "Submit" button link in a drop down menu on the WikiLeakS.org home page
This WikiLeakS system also relies on Tor, something which their previous efforts only used sporadically and inconsistently.
The Tor Hidden Service .onion address (which only works if you are using a Tor enabled web browser) is:
The optional Questions on the submission form, imply that publication of the leaked data or documents can be delayed e.g. until after the
whistleblower has left their current employer, but there are no guarantees as to if, or when a document will ever be published by wikiLeakS.org.
The neglect of small scale, limited audience leaks, in favour of meglomaniacal mega leaks, is what led in part, to the revolt of so many of the early WikiLeakS volunteers against the dictatorial and cultish Julian Assange 5 years ago.
Until WikiLeakS explain in detail what happens next to a leaked document, once it has been uploaded, and exactly who has access to it, or to any
correspondence with the whistleblower, nobody, especially not "national security" whistleblowers should use this system.
Who owns the leaked documents & what is the redaction policy?
Given the previous attempts by Assange & WikiLeakS to claim exclusive ownership and copyright of, essentially, other people's stolen information,
the fact that there is no policy statement about the ownership of leaked material, is telling.
Do whistleblowers automatically hand over all rights and control over the release and any censorship or redaction of innocent 3rd parties personal details which may be in the leaked documents to Assange or to WikiLeakS ?
8192 bit GPG Key
Over 7 years after letting their first public GPG key 0x11015f8 expire without replacement,nging that there were some fake keys on (insecure) public keyservers, and whinging that some people were using PGP/GPG insecurely
(without any detailed guidance from the supposed experts at WikiLeakS.org themselves), they have now published a new 8192 bit GPG Public encryption Key:
https://wikileaks.org/index.en.html#submit_wlkey
pub 8192R/92318DBA 2015-04-10 [expires: 2016-04-09] uid WikiLeaks Editorial Office High Security Communication Key (You can contact WikiLeaks at http://wlchatc3pjwpli5r.onion and https://wikileaks.org/talk)sub 8192R/D6DFD684 2015-04-10 [expires: 2016-04-09]
Fingerprint: A04C 5E09 ED02 B328 03EB 6116 93ED 732E 9231 8DB
They have not explained why they have chosen to publish a non-standard 8192 bit key.
The normal user interfaces to GPG software defaults to 2048 bits or a maximum of 4096 bits).
It is possible to create 8192 bit keys (or longer) using GPG command line batch mode options.
There is no cryptographic reason to use 8192 bit key - it is not in practice any stronger than an already unbreakable 2048 or 4096 bit key.
So few people have or use 8192 bit keys, that its use makes it a characteristic marker, likely providing circumstantial evidence linking, on the balance of probabilities, any seized or stolen encrypted documents on a whistleblower's computer or USB media to WikiLeakS, regardless of the use of "throw-keyids" or the fact that the encrypted file cannot be de-crypted by the authorities or thieves.
There is no advice on the WikiLeakS.org website about how whistleblowers should use the GPG software properly, on different plaformse.g.
password lengths, extra hash protection of their private keys in the keyring, physical protection of the keyring, the use of throw-keyids etc. etc.,
Link to our copy of this Public Key
Chat system
Unlike SecureDrop, there is no leak submission contact messaging channel within the submission system workflow
WikiLeakS have added a .onion Tor Hidden Service to their existing web chat system
http://wlchatc3pjwpli5r.onion and https://wikileaks.org/talk
N.B. the customised / branded first few digits of the chat system's Tor Hidden Service (presumably done using a GPU based hash generator like Scallion
which they did not bother with for the leaked document submission system.
They also publish a non-Tor Hidden Service url for this chat system, so it may be ok for general chat with WikiLeakS staff or volunteers,
but any "national security" whistleblower should steer clear of it, even via Tor as the chat servers can be tracked down (for potential seizure or man in the middle attacks) via the non-Tor users
Using any form of real time communications either encrypted chat or phone calls is too risky between genuine "national security" whistleblowers and a heavilly surveilled target like WikiLeakS.org
- there is no scope for "plausible deniability" or an alibi, unlike with e.g. programmatic ally time delayed sending of encrypted emails or other online publications
Arrogance & Obscurity
Julian Assange is still claiming that
https://wikileaks.org/Some-notes-on-the-new-WikiLeaks.html
Other submission technologies inspired by WikiLeaks, such as the European-based GlobaLeaks and the US-based Secure Drop, while both excellent in many ways, are not suited to WikiLeaks'
sourcing in its national security and large archive publishing specialities. The full-spectrum attack surface of WikiLeaks' submission system is significantly lower than other systems and is optimised for our secure deployment and development environment. Our encrypted chat system is integrated into this process because sources often need custom solutions.
No ! The "full-spectrum attack surface" of WikiLeakS's system is no better than that of any other Tor Hidden Service.
Potential whistleblowers have no way of judging whether WikiLeakS' secret internal computer and human systems are
any better or worse than those of SecureDrop or GlobaLeaks or other submission systems.
The next paragraph shows that Assange et al are still creating solutions to straw man problems, whilst ignoring the real risks to potential whistleblowers
For example, one of the problems with public-facing submission systems is bootstrapping. The fact that a source is looking at instructions that are telling them how to submit material could be used as evidence against them if there is an SSL key break. To prevent this, we deploy the full bootstrap instructions and keys on millions of WikiLeaks pages across our full server network. When the "Submit" button is pressed, there is literally zero network traffic as a result, because all these details are downloaded everytime anyone looks at nearly any page on WikiLeaks. We cover the source bootstrap process with our millions of page views by readers.
These "millions of web pages" are a red herring and do nothing to obscure the traffic generated by the whistleblower, especially when they choose to hit the Submit button.
The time, date and the number of bytes of data which the whistleblower uploads to WikiLeaks is still observable, regardless of the fact that it is encrypted.
If anyone on a government or military network visits any part of the WikiLeakS.org website from work, that is likely to be flagged as suspicious behaviour regardless of how innocuous the content of a web page may be.
Their submission system provides no tools and not even any advice or instructions on splitting up or combining or padding out documents
so as to hide their potentially characteristic size from ISP or state state communications data traffic analysis.
https://wikileaks.org/index.en.html#submit_help_tips3. Do not talk about your submission to others
If you have any issues talk to WikiLeaks. We are the global experts in source protection - it is a complex field. Even those who mean well often do not have the experience or expertise to advise properly.
This includes other media organisations
The claim that "We are the global experts in source protection", is, of course, exaggerated.
WikiLeakS.org has not proved to be any better at avoiding infiltration and surveillance than other media organisations or activist groups or intelligence agencies .
Given how the main WikiLeakS source Bradley now Chelsea Manning (now serving 35 years in prison) was not handled properly as a source by Assange (publication seems to have been more important to him than the welfare of Manning) it seems unlikely that WikiLeakS will ever again be handed large scale leaks or any "national security" leaks via this submission system.
It is very telling that despite the help that Sarah Harrison later gave to Edward Snowden between Hong Kong and Moscow, he did not trust WikiLeakS or Julian Assange with his revelations.
Assange is still in self exile in the Ecuadorian Embassy in London, trying to evade extradition to Sweden on alleged sex offences.
As such, given the millions of pounds UK taxpayers' money & the Metropolitan Police Service overtime being wasted on him he is likely a very high profile target for GCHQ and other signals and human intelligence agencies.
If, as we suspect, he is still heavily involved in the WikiLeakS editorial process, he himself is probably the greatest risk to the anonymity and safety of any "national security" whistleblowers stupid enough to contact WikiLeakS.org
Julian Assange's counterproductive self imposed asylum in the Ecuadorian Embassy in London, has wasted, so far, nearly £6 million of tax payers' money.
For some reason, there now seems to be a line of handbags called WIKILEAK (N.B. no "s")
http://www.russellandbromley.co.uk/totes/wikileak/invt/704593
WIKILEAK
Cut-Out Tote
£275.00
This ladylike tote is updated for summer, offering effortless chic all season long. In luxurious black nappa leather with a laser cut panel, this sophisticated style features a silver charm and trims for a luxurious finish. Wear with the season's soft tailoring and the matching flats for the ultimate in day-time chic.
Given WikiLeakS.org notorious finances and attempts to exclusively commercialise the property and work of others, we won't be surprised if they try to legally threaten Russell & Bromley for a cut of the profits.
N.B. this blog has more right to the name WIKILEAK (without the "s") than the Assange cult does.
]]>Wednesday 30 May 2012
9:15am
Courtroom 1
http://www.supremecourt.gov.uk/current-cases/CCCaseDetails/case_2011_0264.html
"Whether a European Arrest Warrant ("EAW") issued by a public prosecutor is a valid Part 1 EAW issued by a "judicial authority" for the purpose and within the meaning of sections 2 and 66 of the Extradition Act 2003. "
The Assangistas do not appear to have noticed how the choice of Supreme Court Justices to hear this case, appears to be stacked against Julian Assange,
if you assume that they are not ignorant of the WikiLeaks media hype and allow this to influence them to some extent in this European Arrest Warrant case.
Lord Phillips of Worth Matravers
"Lord Phillips is the first President of The Supreme Court, having been Senior Law Lord from 1 October 2008. He was previously the Lord Chief Justice of England and Wales."
As the President of the Supreme Court, he could decide to make the lead opiion, on the important legal point of the use or abuse of European Arrest Warrants, a system which must be reformed.
Or he could leave it to Lord Brown's last judicial opinion before retirement.
Lord Brown of Eaton-under-Heywood
Techically he has retired from the Supreme Court on his 75th birthday on the 9th of April, but the Supreme Court has discretion to appoint recently retired Justices and he had not yet retired when the case was being considered from January onwards.
He produced the lead opinion in the Law Lords (who were re-branded as the Supreme Court) in their rejection of the Appeal by Gary McKinnon extradition to the USA case. Assange is correct to fear that he may be extradited to the USA to face simuilar computer hacking of US military computer charges or worse.
http://www.publications.parliament.uk/pa/ld200708/ldjudgmt/jd080730/mckinn-1.htm
He even managed to sneak in some damaging nonsense implying that the as yet unproven allegations against Gary McKinnon regarding the New Jersey naval base, were somehow akin to creating a danger to navigation i.e. like a Cornish Wrecker or someone who moves marker buoys etc.
"the equivalent domestic offences include an offence under section 12 of the Aviation and Maritime Security Act 1990 for which the maximum sentence is life imprisonment."
even though the US authorities have never alleged this and any Naval Captain should be
court martialled if he relies on unencrypted internet emails, rather than lookputs, radio, radar, sonar, charts, Global Positioning Satellite systems etc. for navigation or the safety of his ship.
Lord Phillips of Worth Matravers was content to agree with Lord Brown over the Gary McKinnon appeal rejection, so he is likely to do so again, if Lord Brownis given the job of writing the lead opinion.
The Assangista conspiracy theorists do not seem to have realised that "Lord Brown also served as President of the Security Service Tribunal from 1989 to 2000, President of the Intelligence Services Tribunal from 1995 to 2000, Intelligence Services Commissioner from 2000 to 2006"
As a Regulation of Investigatory Powers Act 2000 (RIPA) Commissioner, his bland, uninformative Annual (censored) Reports to the Prime Minister are notable for their utter lack of any criticism of the British Intelligence Agencies whatsoever.
He utterly failed to convince anyone that the role of Intelligence Services Commissioner provided a method of "security cleared" protection for the general public against any bureaucratic excesses or malpractice by GCHQ, MI5 the Security Service or MI6 / SIS the Secret Intelligence Service
Lord Brown will be completely familiar with the "special intelligence relationship" i.e. "bend over backwards to the USA" attitude
It will be utterly astonishing if Lord Brown finds in favour of Julian Assange.
Lord Kerr of Tonaghmore
Lord Kerr is a former Crown Prosecutor and then Chief Justice of Northern Ireland i.e. he and his family have been / still are under the threat of assasination and worse by terrorists,
Several of his colleagues will have been threatened or killed during "The Troubles".
He is likely to be very familiar with the need to protect the identities and lives of Covert Human Intelligence Sources.
He is extremely unlikely to be sympathetic to Assange's recklessness / malice in publishing the unredacted names of people mentioned in the WikiLeaks US Diplomatic Cables and the Afghan and Iraq war diaries and even the personal details of the
hated and derided, but still legal British National Party members, some of whom were then harassed.
Lord Wilson of Culworth
A recent appointee to the Supreme Court, he "was a judge of the Family Division of the High Court. From 2005 until May 2011" presumably he will be familiar with "he said / she said" domestic arguments and alleged sexual offences between initially consenting adults.
At a guess he will be the most sympathetic to Assange's "rape trial by media", but he is unlikely to dissent from the lead opinion of his more senior colleagues.
The only thing worse for Julian Assange than a rejection of his Supreme Court Appeal, in which case he will be sent off to Sweden forthwith (assuming that the European Court of Human Rights does not allow an appeal), would be for the Supreme Court to allow his Appeal.
If Julian Assange is not to be extradited to Sweden on the dusbious "invetigation without charge" European Arrest Warrant, then he will be far more likely to be arrested and held in the United Kingdom, if the United States authorities unseal their Grand Jury Indictment of him in relation to the Bradley Manning military case, which appears to have provided WIkiLeakS/org with so much material.
Extradition from the UK to the USA requires no prima facie case, just like the European Arrest Warrant and so it is much more likely to happen from the UK than from Sweden.
Some of the "Anonymous" / "LulzSec" gang of hackers, who were under the influence and perhaps the control of an FBI coerced informant and agent provocateur (Hector Xavier Monsegur supposedly the LulzSec twit "Sabu") have been arrested and charged with this computer crime. They even stored the alleged millions of emails from Stratfor on a server under the control of the FBI.
See The Register: Stratfor email hackers were tricked into using Feds' server
There has been no noticable support for any of them by Julian Assange, even though at least two of them (Ryan Ackroyd "Kayla", Jake Davis "Topiary") have been indicted in the USA and could be facing extradition from the United Kingdom, unlike Assange himself, who is fighting an unjust European Arrest Warrant extradition to Sweden on sexual offences charges.
See Public Intelligence (a website which, unlike WikiLeaks.org anymore, does actually allow comments from the public on the censored or restricted documents it publishes) Anonymous/LulzSec Sabu, Kayla, Topiary, Anarchaos, Palladium, Pwnsauce Indictment and Criminal Complaints
All the above is background information relevant to the question in the title of this blog post: Why has WikiLeakS.org not published any Stratfor email headers ?
WikiLeakS.org has been milking a very small selection of Strafor emails for "maximum publicity", but with almost zero political impact, since 27th February, when they launched a subection of their main website (not, this time, chossing to use a subdomain or a different domain name like they did for collateralmurder.com)
The Stratfor emails are being touted as The Global Intelligence Files, using similar hype to that which the notorious and obviously cyber security inept Texas based private think tank likes to puff itself up with.
Julian Assange / @wikileaks twitter feed has been claiming that the formerly private rumours and speculation by Stratfor employees such as Fred Burton, who used to be employed by the US Government, are somehow actually official US Government policy or the "truth", even when other Stratfor employees have, sensibly, tagged such rumours as "single source" or "unverified".
The claim by WikiLeakS.org is that they are publishing 5 million emails, but they have not actually done so.
They have published 935 extracts in just under a month. At that rate it will be about 96 years before they publish 5 million email extracts. Surely even the second (or third) division media partners listed by WikiLeakS.org, since Julian Assange has lost the trust of The Guardian, the New York Times, Der Spiegel etc. etc., will have moved on to other stories by then ?
Despite claiming to have somehow invented "scientific journalism", whereby the original document sources of information for a story are made available to the public for expert analysis, Julian Assange has not done this with the Strafor emails, since the extracts do not contain any actual email header information, listing email clients, mailservers and IP addresses etc.
Why not ?
We cannot be bothered to remember why the WikiLeakS.org front end web server was no longer hosted by PRQ Internet in Stockholm, leading to the use of dodgy Russian "bulletproof hosting" / cyber crime friendly ISP, whilst the main website ended up at WikiLeakS.ch, with the help of the pan-European Pirate Party (a genuine political party representing a minority of IT literate voters).
There were also experiments with Cloud Hosting suppliers like Amazon EC2 in Ireland and OVH in France, but WikiLeakS.org broke their terms of service and / or they succumbed to political pressure.
Whether the actual backend server(s) are still hosted by another Swedish ISP Bahnhof in a former nuclear war shelter is unclear.
However, WikiLeakS.org website and email system now appears to be back with PRQ Internet again, the ISP which hosted them during the dangerous-internet-freedom attack through the US Federal Court system, on their US Domain Name registrar, by the Swiss private bank Bank Julius Baer.
IP address: 88.80.2.31
Host name: wikileaks.org
Alias:
wikileaks.org
88.80.2.31 is from Sweden(SE) in region Scandinavia
[...]
6 138 138 138 209.130.172.178 te-4-4-gblx.sto1.se.portlane.net
7 138 138 138 80.67.0.134 gi-1-15-i2b-demarc.sto1.se.portlane.net
8 249 141 141 193.104.214.94 -
9 139 138 138 178.16.212.34 sth-sln1-crdn-1-po-3-0-810.sitabinfra.se
10 141 141 141 178.16.212.2 cust-prq-nt.i2b.se
11 138 138 138 88.80.2.31 host-88-80-2-31.cust.prq.se
The return to PRQ Internet makes WikiLeakS.org less resistant to attacks on the DNS providers through the legal system or through Denial of Service attacks, since they only currently list the USA based DynaDot name servers:
ns2.dynadot.com [50.112.108.69]
ns1.dynadot.com [50.112.107.96]
Compare this to wikileaks.ch, which sports multiple DNS servers in multiple legal jurisdictions:
v217241437.yourvserver.net
marmotta.brabbel.ch [217.147.219.146]
lou.porcus.ch [46.20.241.57]
ns1.twisted4life.com [202.157.182.142]
ns2.easydns.com [72.52.2.1]
s2.s3cr3t.de
arjeplog.scnr.ch [80.246.50.106]
dns2.easydns.net [72.52.2.1]
dns1.syshack.org
ns1.pcdog.ch [85.124.251.171]
ns1.buzzernet.net
On November 28th, the one year anniversary of CableGate, we will launch our new generation submission system.
That includes, not just, a public interface, but also several other mechanisms that are necessary to deal with an attack on the entire internet security system, that has been established over the last few years, by intelligence agencies and criminal groups.
(See the previous WikiLeak.org blog article
Julian Assange promises a new WikiLeakS.org submission system to launch on 28th November 1st December 2011)
However the press conference in London was postponed from Monday 28th November to Thursday 1st December at an unannounced location (which turned out to be the City University), before a pre-registered audience of picked journalists.
None of these picked journalists seemed to ask any technical questions or any questions about Assange's Extradition to Sweden case.
So where were the details of this "new generation submission system." (remember that the old one has been broken for over 2 years now) ?
There was no such launch immediate announcement , nor a date for a future launch.
There were no technical details at all
Neither was there any hint about a "look and feel" prototype or whether or not the source code would be made public to be examined by independent experts or the public
Even so, some media outlets are incorrectly reporting that a new submission system has somehow been launched !
Instead there was the announcement of yet Another Wikileaks Spin Off website which "revealed" some 280 documents, mostly sales brochures and presentations about surveillance industry products, which are used both by legitimate Governments to help track down criminals and terrorists and by illegitimate Governments to suppress political opponents and freedoms (some Governments do both at the same time).
http://wikileaks.org/the-spyfiles.html
The French media partner Owni has produced a snazzy interactive map of from this small dataset:
All of these documents appear to have been already published on other websites and (until some of them are removed) many are still available on the manufacturer's own corporate websites.
Nobody has so far managed to find any of these documents which was first made public by WikiLeakS.org,
This market research was actually done by by Privacy International (Eric King @e315) and The Bureau of Investigative Journalism and by associates of the German Chaos Computer Club e.g. buggedplanet.info (domain name registered by Andy Mueller-Maguhn @mueller_maguhn) etc.
So what exactly did WikiLeakS.org contribute to this research ? WikiLeakS.org and Tor associate Jacob Appelbaum (@ioerror) has been doing his own research into say, satellite phone / data links for use in "Arab Spring" countries but he probably would have done this even without Julian Assange anyway.
Julian Assange provided a media sound bite, by asking if any of the assembled picked audience of journalists had an iPhone or a BlackBerry (Julian raised his own hand to both of those) or used Gmail. He then vaguely claimed that they were "all screwed",but he provided no specific examples of which of the list of products could actually be used to snoop on journalists or innocent members of the public without their knowledge.
Presumably Privacy International and The Bureau of Investigative Journalism etc. whose representatives spoke briefly on the platform dominated by Julian Assange, are happy with the media coverage generated, something which may not be possible soon if Assange is extradited to Sweden and is held in custody again.
Some of their supporters, this blog included, are not so happy to see Julian Assange claiming all the credit for this research project, none of which actually involved the supposed WikiLeakS.org anonymous whistleblower leak submission and publication system at all.
https://twitter.com/#!/JudiciaryUK/status/129846526171287552
Julian Assange appeal against extradition - the High Court will hand down judgment on Wednesday 2 November.
10:06 AM Oct 28th 2011
he has announced a new, re-engineered WikiLeakS.org submission system to be launched on November 28th 2011.
https://twitter.com/#!/wikileaks/status/128455207490293762
@wikileaks WikiLeaks
Assange: On November 28th WikiLeaks will launch new generation submissions system http://www.ustream.tv/recorded/180824171:58 PM Oct 24th 2011
http://www.ustream.tv/recorded/18082417
Julian Assange speaking at the Frontline international press club in London, on Tuesday 24th October 2011
Approx 1 hour 5 minutes near the end of the video clip:
The fallout from that was the we viewed that our submission system could not be trusted any more
So did everyone else with any clues about computer security and anonymity, including Daniel Domscheit-Berg and the "Architect", which is partly why they left in the first place.
As a result we have had to completely re-engineer, from scratch, a new generation submission system.
On November 28th, the one year anniversary of CableGate, we will
Now, wikileaks has never had only the one submission system. We've received information in a wide variety of means, just like intelligence agencies and professional, mainstream media organisations, receive their information from a wide variety of means.
It has been important to us, to always have a wide variety of means, so no one mean becomes the sole, the sole subject of infiltration or investigation.
However, for the last, for the last 12 months, for the last 12 months, you haven't been able to go through the front door to submit wikileaks sensitive, information
You've had to establish, contacts, with the organisation and transmit us the material through other mechanisms.
Is Assange claiming that people have actually been stupid enough to submit sensitive material to him in the last 12 months, through other means ?
Why has he not bothered to publish any of this new, "non-Bradley Manning" sourced stuff then ?
How exactly are these "other means" actually Anonymous or Secure ?
Remember that wikileaks stopped publishing a PGP Public Encryption Key years ago and their incompetence in using PGP as a means of symmetric encryption and then stupidly publishing their CableGate archive online around the world and the re-using the same pass phrase with Guardian journalist David Leigh, was an
Similarly, they stopped publishing a Tor Hidden Service even before they stopped accepting new submissions.
On November 28th, the one year anniversary of CableGate, we will launch our new generation submission system.
That includes, not just, a public interface, but also several other mechanisms that are necessary to deal with an attack on the entire internet security system, that has been established over the last few years, by intelligence agencies and criminal groups.
Right now, it is not possible to trust any https:// connection on the internet.
Utter rubbish !
Even wikileaks.org itself has, at various times, published a Self Signed Digital Certificate and has published the MD5 and SHA-1 cryptographic hash fingerprints, without relying on any built in web browser trust of Certificate Authorities.
It is not possible your banking system, it is not possible to trust any, regular, web based secure encryption system
What about banks which use SSL v3 Client Side Digital Certificates for mutual client / server authentication, without the need for any external Certificate Authority ?
That is because, intelligence agencies have infiltrated , a number of Certificate Authorities. Certificate Authorities are those authorities which
sign the cryptographic keys that are used for secure internet communication.On November 28th, we will release our alternative to that system, which is independent of all Certificate Authorities
Is the something which Julian and his cult have created from scratch, or will they just steal / borrow the work of Moxie Marlinspike and SSLLabs etc. with Convergence ?
Remember that SSL / TLS encryption only provides Secrecy about most of the contents of an encrypted session, it does not provide any Anonymity, and, may in fact provide less anonymity than a non-SSL connection via a shared proxy server.
A question from the floor:
"I understand that you may be limited in what you can say, but how have you manage to get around the fact, that in your eyes, Certificate Authorities can't be trusted, with this particular submission system ?"
01:08:57
We will give full details here, on a conference, on November 28th
Full details ?? Don't hold your breath.
Will they publish the source code of their system, or even a detailed security architecture of what is is intend to actually do and protect against ?
On past performance, this is extremely unlikely.
I would like to say, that in that, this problem has been brewing over a number of years, and we were aware of it before, back in 2010, and we had a number of mechanisms to ameliorate that, ahh, thousands of robots that went out over the internet, to simulate being sources, to check to see, whether these "men-in-the-middle" or fabricated certificates existed.
So we had a number of different mechanisms to try to ameliorate that problem, but it is our view that the problem has now gone so severe, that even those attempts to ameliorate it, can no longer be trusted to the degree, that our sources expect us, to be able to solve the problem
More nonsense from the deliberately deceptive Julian Assange:
"thousands of robots" ??
At the time they claimed that this was to provide "cover traffic" to help to confuse Communications Traffic Analysis and thereby to improve the Anonymity of the submission system
This could not and would not have tested for any SSL "man-in-the-middle" attacks on the Security / Privacy of submissions.
Neither could it have detected compromised Certificate Authorities around the world, especially in places where the Government also controls international internet access.
Even if it was meant to do so, they obviously failed to detect a single example of such an attack aimed at wikileaks, or if they did, they must have covered it up.
Regardless of the technical merits of this new submission system, any whistleblower with really sensitive, life threatening information to publish, would have to be suicidal to trust Julian Assange and his WikiLeakS.org cult followers with it.
]]>The fact that they published this unredacted archive at all via BitTorrent shows how chaotic and incompetent Julian Assange and his motley crew of inexperienced acolytes had become after Daniel Domscheit-Berg and the "Architect" left them.
The end result is that there are now many people around the world, including all the repressive governments mentioned in the quarter of a million Diplomatic cables who can now simply search for key words like (strictly protect), to find the names of informants and information sources who have been in contact with US Embassy diplomats and who could therefore now be easily persecuted.
See the Cryptome.org for a direct file link to z.gpg or to this torrent link to the same encrypted compressed file via BitTorrent peer to peer filesharing.
John Young's evident glee that WikiLeakS.org have now published the full, unredacted archive of US Diplomatic Cables, is, in its own way, just as reprehensible as Julian Assange's indifference to the fate of vulnerable individual human beings named in the cables.
He of all people should know that the US Government neither has the time, the money , nor the inclination, nor the bureaucratic efficiency to warn or protect the hundreds of named informants or contacts, which have now been betrayed to the world, an action which has been universally condemned by WikiLeakS.org's former mainstream media partners and by human rights organisations.
This is in addition to the names of political dissidents who were in contact with the US Embassy in Belarus which Assange has already handed over to the Lukashenko dictatorship via the holocaust denier Israel Shamir.
Some "open source" / "full disclosure" advocates are making the spurious claim that the publication by WikiLeakS.org of the unredacted cables.csv and onto their searchable web site front end, is somehow better for any political dissidents or confidential sources who had dealings with the US Embassies and whose names are tagged with (strictly protect) and other markers.
Firstly, not all political dissidents in repressive countries have access to the internet at all, let alone to fast, secure, anonymous connections which would allow them to download the massive cables.csv file itself or to use the (insecure) WikileakS.org cable search websites.
None of these websites employ SSL Digital certificates or provide Tor Hidden services etc. to mask the identities of people searching for their own names or those of their family or friends.
Some of the people mentioned in the US Embassy cables several years ago, could in fact be in prison or under investigation for other reasons in 2011, without any or without any safe internet access at all. Being named as having been in contact with the US Embassy, even several years ago, could easily lead to charges of espionage etc. in insane countries like Iran.
Julian Assange's disregard for the Sensitive Personal Data of innocent individuals and his organisation's utter incompetence at handling such data securely, is indistinguishable from that displayed by many of the government bureaucracies you would expect him to be opposed to. Do not to trust him or WikiLeakS.org with any future whistleblower leak material, Find another post WikiLeakS.org website or organisation instead - see the listing and analyses at LeakDirectory.org wiki.
WikiLeakS.org and PGP Public Key Encryption
WikileakS.org abandoned even their limited use of PGP Encryption with the public or with the media, back in 2007, when they let their published PGP key expire.
Why have WikiLeakS.org abandoned the use of PGP Encryption ?
If they had been using Public Key Cryptography last year, to encrypt correspondence or documents or files using their recipients' individual Public Keys, then there would have been no password for the incompetent WikiLeakS.org activists to re-use .
Every copy of the controversial cables.csv file could have been encrypted with a different recipient's Public Key and would have had a different symmetric encryption key (which no human would could have been capable of revealing, even under torture).
Not even WikiLeakS.org / Julian Assange could have decrypted a seized or intercepted or publicly leaked copy of such an encrypted file, only the recipient with access to his or her own private decryption key could have done so.
Either Julian Assange is ignorant of how to use Public Key Cryptography (hardly likely for someone who has tried to write cryptographic software himself) or he and the #wikileaks twitter feed are lying again:
https://twitter.com/#!/wikileaks/status/109134616153169920
Encryption passwords (PGP) are permanent. David Leigh constantly lies, hence even in his own book, "snaky brits".
6.24 AM September 1st 2011
https://twitter.com/#!/wikileaks/status/109136557914603520
@ABCTech It is false that the passphrase was temporary or was ever described as such. That is not how PGP files work. Ask any expert.
6.32 AM September 1st 2011
To decrypt a file encrypted with PGP using a recipient's Public Key, you need to have physical access to the Private De-Cryption key, which is not accessible to anyone who copies or intercepts the encrypted file in transit.
Obviously the password which unlocks the Private De-Cryption Key from your PGP Keyring can be changed.
Symmetric encryption unprotected by Public Key encryption is just an option with PGP, but that is not how PGP is designed to be used to protect files in transit over the internet or on vulnerable USB memory sticks !
There was nothing, except for laziness or incompetence, which prevented Julian Assange or his followers from securely destroying the symmetrically encrypted cables.csv compressed file archive immediately after he gave it to David Leigh and then re-encrypting it from the master copy with a different key and passphrase. This master copy , we assume, given the dispute between Julian Assange and Daniel Domscheit-Berg, would have been held on a separately encrypted computer file system anyway.
The award winning investigative journalist at The Guardian newspaper David Leigh's book:
WikiLeaks: Inside Julian Assange's War on Secrecy by David Leigh and Luke Harding
did reveal on pages 138 to 139 an unnecessary password, which he rightly assumed would only be a temporary one, but which should never have been re-used by Julian Assange in the first place.
Leigh refused. All or nothing, he said. "What happens if you end up in an orange jump-suit enroute to Guantánamo before you can release the full files?" In return he would give Assange a promise to keep the cables secure, and not to publish them until the time came. Assange had always been vague about timing: he generally
indicated, however, that October would be a suitable date. He believed the US army's charges against the imprisoned soldier Bradley Manning would have crystallised by then, and publication could not make his fate any worse. He also said, echoing Leigh's gallows humour: "I'm going to need to be safe in Cuba first!"Eventually, Assange capitulated. Late at night, after a two-hour debate, he started the process on one of his little netbooks that would enable Leigh to download the entire tranche of cables. The Guardian journalist had to set up the PGP encryption system on his laptop at home across the other side of London. Then he could feed in a password. Assange wrote down on a scrap of paper:ACollectionOfHistorySince_1966_ToThe_PresentDay#. That's the password," he said. "But you have to add one extra word when you type it in. You have to put the word '"Diplomatic' before the word 'History'. Can you remember that?"
"I can remember that."
Leigh set off home, and successfully installed the PGP software. He typed in the lengthy password, and was gratified to be able to download a huge file from Assange's temporary website.
So having given Leigh instructions about downloading and installing PGP software, Julian Assange failed to instruct him to generate a Public / Private key pair and to send him the Public Key, so that Julian could individually encrypt the the cables.csv compressed archive just for David Leigh and nobody else.
At the face to face meeting described in the book, Julian Assange could easily have given David Leigh a copy of a WikiLeakS.org Public Encryryption Key for him to install when he set up the PGP software on his laptop as instructed, or pointed him to an online version.
They could have agreed a pre-shared secret for extra authentication.
David Leigh could then have been instructed to generate his own Public / Private keypair (protected in his PGP Keyring by his own strong passphrase) and to send a Digitally Signed and Encrypted copy of his Public Key back to Jullian Assange via email etc. together with the pre-shared authentication secret, all encrypted with the WikiLeakS.org Public Key. This should have been sufficient cryptographic proof that David Leigh's Public Key was the correct one, since nobody else apart from Julain Assange / WikiLeakS.org could have read the contents of that message.
Julian Assange could then have encrypted the compressed cables.csv file with David Leigh's Public Key and pointed him to the secure website he had set up for the encrypted file to be downloaded from
This encrypted file could only have been de-crypted by someone in possession of both David Leigh's passphrase and the corresponding Private Key in the PGP Keyring on David Leigh's MacBook laptop.
If WikiLeakS.org had been regularly using PGP over the years, even inexperienced members of the cult would have been familiar with these simple, well documented concepts.
If that copy of the encrypted file had somehow been published by the incompetent WikiLeakS.org crew on BitTorrent, then only David Leigh could have decrypted it (assuming he was still in control of his PGP Keyring on his laptop computer) , even if he had published his own pass phrase in his book, rather than Julian's rather pompous one.
7-Zip compression
Then he realised it was zipped up - compressed using a format called 7z which he had never heard of, and couldn't understand.
The .7z file extension is used by 7-Zip . This is freely available over the internet, on various computing platforms and does offer more options for better compression than the standard .zip compression utilities which are built in to modern versions of the Microsoft Windows or Apple OSX operating systems, at the cost of longer compression times and more use of memory.
The 7-Zip Ultra compression option seems to be what the cables.csv file was compressed with down to i.e. only 21 % of its original size.
However to achieve this amount of compression on such a big file could take quite a while, perhaps up to an hour on an average PC. Unzipping is much quicker, a couple of minutes at most.
Compression is also built in to the PGP / GnuPG encryption software, but that produces a compressed file of about 640 MB i.e. about twice that of the of the 7-Zip version, about 41% of the original size of the monolithic cables.csv file.
Like most .zip compression software these days, 7-Zip also offers encryption, using the same AES 256 bit algorithm used by default by GnuPG / PGP, but Assange et al did not bother to make use of that.
He got back in his car and drove through the deserted London streets in the small hours, to Assange's headquarters in Southwick Mews
Assange was staying at Vaughan Smith's Frontline Club for investigative / foreign / war correspondent journalists, owned by Vaughan Smith, in whose Norfolk country estate has bedrooms at numbers 7 and 9 Southwick Mews
http://www.frontlineclub.com/club/bedrooms-1.php
He is now on bail and electronically tagged living at Vaughan Smith's country estate in Norfolk, where his supporters invent state surveillance fantasies for the credulous mainstream media - see "CCTV ANPR" or just "radar activated speed signs" monitoring Julian Assange at Ellingham Hall in Norfolk ?
Assange smiled a little pityingly, and unzipped it for him.
Now, isolated up in the Highlands, with hares and buzzards for company, Leigh felt safe enough to work steadily through the dangerous contents of the memory stick.
So, in the end, Julian Assange in fact actually handed over an unencrypted copy of the file to David Leigh, on an easily lost or stolen USB memory stick. If Assange really cared about protecting innocent people from evil governments, then he would not have allowed this to happen.
It is astonishing how the WikiLeakS.org cult propaganda machine has deluded itself that somehow it was David Leigh and The Guardian which was responsible for this cryptographic and internet publication incompetence, rather than the alleged technological privacy and anonymity expert Julian Assange and his supposedly expert helpers.
TextWrangler keyword search
Obviously there was no way that he, or any other human, could read through a quarter of a million cables. Cut off from the Guardian's own network, he was unable to call up such a monolithic file on his laptop and search through it in the normal simple-minded journalistic way, as a word processor document or something similar: it was just too big. Harold Frayman, the Guardian's technical expert, was there to rescue him. before Leigh left town, he sawed the material into 87 chunks, each just about
small enough to call up and read separately.
Probably 19 Megabytes for each of 86 chunks with a little bit left over in the 87th chunk.
Then he explained how Leigh could use a simple program called TextWrangler
TextWrangler is the "little brother" of BBEdit and is only available for the Apple Macintosh platform. David Leigh's laptop computer.is stated to have been a MacBook elsewhere in the book.
to search for key words or phrases through all the separate files simultaneously, and present the results in a user-friendly form.
So why had Julian Assange or his WikiLeaks acolytes not already broken the 1.6 Gigabyte file down into usable chunks and zipped them up into, ideally, several archive files for their mainstream media partners ?
This WikiLeak.org blog has criticised them in the past for not offering (multiple) floppy disk or even CD-ROM sized versions of their whistleblower leaks documents, as well as just large monolithic files.
Not everybody, especially people in third world countries under repressive governments, or even people using mobile internet devices, has access to fast broadband internet connections.
Is this the end of WikiLeakS.org ?
Now that WikiLeakS.org have no more secrets left to publish, will they actually get around to re-inventing themselves and re-launching a secure anonymous system without the destructive influence of Julian Assange ?
Or will the cult continue regardless and just get dragged into long legal cases ?
]]>5.06 PM August 27th 2011
https://twitter.com/#!/wikileaks/status/107484074477760512
US marine kills Romanian rockstar. President promises to US embassy won't "serve a single day in prison" http://wikileaks.cabledrum.net/cable/2005/03/05BUCHAREST742.html
When did this happen ? Is that the then US President or the Romanian President doing the promising ? What sort of "killing" ?
It turns out to be the newly elected Romanian President, back in 2005 (over 6 years ago). The "killing" turns out to have the result of a traffic accident, probably involving drink driving by the US Marine who had diplomatic immunity as part of the US Embassy staff.
If you take this selective misquote from the diplomatic cable at face value you get the impression that the US Marine was to get off scot free due to some sort of political deal.
However if you actually bother to read the diplomatic cable which Wikileaks have published, in their current, "we don't care about anybody's personal information" data dump:
http://wikileaks.cabledrum.net/cable/2005/03/05BUCHAREST742.html
25.(C) Finally, the December 2004 accident involving the U.S. Embassy Marine Security Guard detachment commander that led to the death of Romanian rock star Teo Peter received wide press coverage and created public outcry. Basescu and his government are under considerable political pressure to make sure justice is done in a Romanian Court. Naturally, given that Marine Corps legal proceedings against the former detachment commander have not even begun, the question of extradition and lifting of the Marine's immunity cannot even be addressed at the present time. Nevertheless, PM Tariceanu and FM Ungureanu may ask for the Marine's return, possibly repeating a promise made earlier to our Ambassador by Basescu that the former detachment commander would receive a fair trial and, regardless of outcome, would not serve a single day in prison in Romania.
The deliberate omission of the words "in Romania" completely changes the meaning of the Tweet.
The democratically elected government of Romania is promising a fair trial and repatriation to the USA to serve any prison sentence , if the US Marine was to be found guilty of any charges. This is the normal, civilised state of affairs with most Extradition treaties around the world.
The wikipedia entry for Teo Peter has links to a few of the case.
If this deliberately misleading Tweet was from the army of Wikileaks cult hangers on, that would be bad enough. Wikileaks could, if pushed, issue an apology, and disassociate themselves from such alleged "supporters".
However this distortion of the truth is from the "official" Julian Assange controlled
https://twitter.com/wikileaks feed.
Any post-Wikileaks whistleblower websites should learn the lessons from Wikileaks and Julian Assange's increasingly inept handling of the mainstream media and social media.
The levels of disinformation, hype and spin which Wikileaks now relies on make them at least as untrustworthy as any Government or big business public relations spin doctors and propagandists.
The mainstream media have plenty of other, more current, more newsworthy stories to report on, so the effect of the publication of these diplomatic cables is now increasingly marginal and they are only of academic interest to future historians and to the world's intelligence agencies.
Why is there still no functioning WikiLeakS.org document submission system ?
It is puzzling why WikiLeakS.org, with all its army of cult followers and vastly more money than many other whistleblowing websites, has not re-launches itself with a secure, anonymous whistleblower leak submission system, so many months after it shut down.
See LeakDirectory.org for links to many of these and some analysis of the anonymity and security strengths and weaknesses of several of them.
The answer must be that Julian Assange does not want to relinquish any control or to be democratically accountable or transparent.
N.B. to be clear this WikilLeak.org blog is very often critical of Julian Assange for his control freakery, deceit, and disregard for other people's private personal data, but we do not think that he should be extradited to the USA to face espionage or other charges.
The European Arrest Warrant should not be allowed to be used to extradite Assange to Sweden from the United Kingdom for "investigation" purposes, without cross examination in a UK Court of prima facie evidence against him in the sordid sex allegations case.
Chaos Computer Club schließt Domscheit-Berg aus
This is only the second expulsion of a member in the 30 year history of the Chaos Computer Club - the previous one was, apparently some neo-nazi who had been abusing their infrastructure.
There is no mention of this bickering on either the official https://ccc.de or https://openleaks.org web pages, the participants have, instead decided to give interviews to the media, without bothering to inform their supporters directly (a couple of thousand of whom were gathered at the campsite).
(click for a larger screenshot image of https://leaks.taz.de in a new window)
The test setup
From 12th to 14th of August 2011 this public platform is offered by German daily taz die tageszeitung, German weekly der Freitag, Portuguese weekly Expresso, Danish daily Dagbladet Information as well as the consumer protection organization Foodwatch; in cooperation with OpenLeaks. During this time you can upload documents, which will be worked on by the involved parties.
The goal of this setup is to invite you to do a security evaluation of the system during the Chaos Communication Camp 2011.
Surely nobody in the rest of the world, who is interested in the anonymity and security of whistleblowing website projects, ever considered that the temporary test server, set up in a in a tent on the outskirts of the main camp site infrastructure, was actually somehow being "officially" tested and "approved" by the CCC ?
Obviously, most of the people at the CC campsite were busy with the many other projects and causes, but some of the people with expertise and experience of whistleblowing website anonymity and security infrastructure, and relations with the mainstream media, were present and may have contributed to the discussions and the preview "testing".
As anybody who has attended these sort of hacker conventions should know, the mere act of putting up a webs server on the campsite network, will mean that it will be "stress tested" in a very hostile network environment, with lots of port scans and probes and attempts to hack into it and run denial of service attacks, but these would also happen if it was hosted at a major data centre.
But that should not be the only proper testing that the system gets before going live, a point on which here we agree with the CCC and which Daniel Domscheit-Berg also probably agrees with.
Endorsement by mainstream media brand names mentioned above provide far more public trust and credibility, whatever that is actually worth regarding a currently non-operational system, than any (non-existent) "CCC" branding or approval.
The CCC have never been known for having any kind of "approved by the CCC" branding or "approval" of computer or telecommunications projects and they are deluding themselves if they think they would ever be trusted internationally if they did so.
The CCC leaders' action (it is a properly registered legal entity with a board of directors, a constitution etc.) now gives the impression of siding with Julian Assange (who was never a member) against Daniel Domscheit-Berg.
As mentioned in his book, Daniel Domscheit-Berg and the other former WikiLeakS.org technical staff defector "the Architect", took away their own intellectual property and thereby disabled the "improved" WikileakS.org submission system
Julian Assange and his cult of supporters have never bothered to replicate even the shaky anonymity and security infrastructure which they were left with or re-launch a different, better, whistleblower leak submission and publication system, despite having plenty of volunteers and money to do so.
The president of the CCC Andy Müller-Maguhn, who some of us once elected to the board of the ICANN which regulates internet domain name registration and appeals procedures, seems to have been trying to mediate between Julian Assange and Daniel Domscheit-Berg for nearly a year over the return of this encrypted data to Julian Assange.
Since there is no evidence that the current WikiLeakS.org team is capable of handling the data securely (their current website does not even bother to use an SSL / TLS Digital certificate any more) they cannot be trusted any more than Daniel Domscheit-Berg can be.
The current OpenLeaks.org project may not yet have published its software as an Open Source project, which is what the purists at the CCC would like, but then neither has WikiLeakS.org nor any other whistleblower website.
Even if they did so, there is no guarantee that the specific computer and networking configuration settings and infrastructure used by a particular website are not actually counteracting any anonymity or security functions built in to the Open Source software.
All that the CCC board needed to do was to issue a press release making it clear that there was no official CCC endorsement of the OpenLeaks.org project.
The breakdown in mediation attempts the CCC may have tried between Julian Assange and Daniel Domscheit-Berg are not proper grounds for expelling the latter from the Club.
Some of the wrongdoers who have something to hide from public scrutiny and might therefore fear the OpenLeaks.org project, will be smiling to themselves at this display of disunity amongst the German section of the tiny minority of people around the world with the technical skills and attitude to make a difference.
Expelling Daniel Domscheit-Berg, without also criticising the current WikiLeakS.org cult, has damaged the reputation of the Chaos Computer Club internationally.
What about the Wau Holland Foundation and OpenLeaks.org ?
The registered charity the Wau Holland Foundation, which is controlled by CCC sympathisers, may not now be available the Openleaks.org project, as a channel for receiving financial donations from supporters, a service it currently performs for WikiLeakS.org.
If OpenLeaks.org gets some money from its media partners, this may not matter too much, but until there is a virtuous circle of whistleblower trust and actual mainstream media publication of leaks via OpenLeaks.org, they will always be short of money.
OpenLeaks.org may still be able to make use of PayPal etc., to receive financial donations from individuals, something which WikiLeakS.org no longer can do, as they have managed to annoy and get banned over the years, due to their lack of financial transparency and their perceived anti-American political bias.
The "Confidentiality Agreement" with which he has bullied his gullible staff of "young activist" in the UK looks like the evil scheme of a bureaucratic control freak, who could easily be working for a repressive dictatorship.
Julian Assange's attempt to gag his cult followers, even against revealing the existence of the Confidentiality Agreement itself, makes it impossible to trust him when he hypocritically utters words like "transparency" or "public accountability".
WikiLeaks, get out of the gagging game
I refused to sign Julian Assange's confidentiality agreement because it would have been not just ironic, but dangerous
James Ball
guardian.co.uk, Thursday 12 May 2011 17.43 BST
Yesterday, media lawyer and legal blogger David Allen Green published the full text of the gagging order signed by almost all WikiLeaks employees earlier this year.
It's an extraordinary document. WikiLeaks staffers face a £12m penalty if they reveal any information about WikiLeaks' day-to-day operations, let alone any documents given to the whistleblowing organisation.
In a move reminiscent of the UK's reviled superinjunctions, even revealing the existence of the gagging order is itself a breach.
[...]
Yes, it was my copy of the agreement that was published.
[...]
But this document deserves to be in the public domain. Having worked for several media organisations, both print and broadcast, I'm used to confidentiality provisions.
The WikiLeaks document is by orders of magnitude the most restrictive I have ever encountered. Legal experts consulted about the document agree.
[...]
WikiLeaks is not democratically accountable. Julian's argument that it is accountable because it is funded by donations could just as equally be made of KKK, or the BNP. It has no board, or no oversight. If any organisation in the world relies on whistleblowers to keep it honest, it is WikiLeaks.
In such circumstances, silencing dissent is not just ironic, it's dangerous. WikiLeaks needs to get out of the gagging game.
The New Statesman article:
The £12m question: how WikiLeaks gags its own staff
Posted by David Allen Green - 11 May 2011 15:31
Clause 5 of this "Confidentiality Agreement" (PDF) imposes a penalty of "£12,000,000 - twelve million pounds sterling" on anyone who breaches this legal gag.
[...]
Other parts of the legal gag are just as extraordinary. The second recital paragraph, "B", provides that - like a superinjunction - the fact of the legal gag itself is subject to the gag.
So is "all newsworthy information relating to the workings of WikiLeaks". On the face of it, even revealing one is under this agreement could result in a £12m penalty, as would sharing information on how the directors conduct the organisation.
The fifth recital paragraph, "E", is just as astonishing. It purports to extend what WikiLeaks can sue for beyond any direct loss that it might suffer if the gag is breached. WikiLeaks says it can sue for both "loss of opportunity to sell the information to other news broadcasters and publishers" and "loss of value of the information".
[...]
However, for some time it has been apparent that WikiLeaks and its founder Julian Assange have had a "pick'n'mix" attitude to legal obligations. They seem to feel free from any restrictions in respect of confidentiality and official secrecy; but on the other hand they make routine legal threats, especially against the Guardian, so as to uphold their perceived rights to their supposed commercial "property" - leaked, sensitive information. Abidance by the law is, it would seem, something for other people.
The document can be downloaded from the New Statesman website:
http://images.newstatesman.com/wikileaks.pdf
The confidentiality Agreement is headed: Wikileaks ITC Ltd.
* Paperback: 304 pages
* Publisher: Jonathan Cape (15 Feb 2011)
* Language English
* ISBN-10: 0224094017
* ISBN-13: 978-0224094016
Whether you love or hate WikiLeakS.org, this book is essential reading, especially if you are writing your own book or documentary about this project.
This book does at last confirm our fears about some of the deceptions, exaggerations, media spin and hype which Julian Assange and his willing helper Daniel Domscheit-Berg spun around WikiLeakS.org
In it, Julian Assange appears to be a charismatic Cult leader and paranoid Control Freak.
Our previous observations that the "maximum political impact" attitude of the core WikiLeakS.org team (which appears now to have been just Julian and Daniel) is confirmed i..e they are indistinguishable from the fanatics who support totalitarian dictatorships, where "the ends justify the means".
Given the scale of the lies which Daniel Domscheit-Berg and Julian Assange told to the media and the public about the robustness and security of the WIkileaks computer infrastructure it is hard to trust either of them with the time of day, let alone a potentially life or career threatening whistleblower disclosure.
Of the two, Daniel Domscheit-Berg appears to be the more contrite, - at least he has apologised for his unethical behaviour, something which Julian Assange, like all fanatics, probably never will do.
Some interesting points, which any imitators of Wikileaks should avoid emulating:
N.B. this blog does not think that Julian Assange should be extradited to Sweden from the UK on the inappropriate European Arrest Warrant, without any of the prima facie evidence of the sexual offences allegations having been cross examined in a UK Court.
There is still an obvious need and demand for whistleblower protecting online publishers of last resort.
However, that does not mean that Julian Assange or whatever the current WikiLeakS.org crew now comprises of, should ever be trusted by any whistleblowers in the future.
Whether Daniel Domscheit-Berg should be trusted with his new OpenLeaks.org venture is also in doubt.
Their initial website said many good things about transparency and security, but history appears to be repeating itself, since, despite publishing a Contact Page
with
SSL infos The SSL certificate we use for this website has the following fingerprints:* SHA-1: 2F:A8:72:54:8F:CB:06:F1:02:39:D2:8C:1F:6B:FF:0A:22:1F:EB:36
* SHA-256: 5B:DE:F3:19:70:E7:D7:68:41:AE:75:20:C2:20:CB:78:1D:DE:81:A7:FE:8D:7D:0F:64:BD:69:E6:3E:AC:FE:47The serial of the certificate is 01:00:00:00:00:01:2C:F1:12:3A:99.
Why then is the website httpsopenleaks.org no longer allowing SSL/TLS encrypted sessions ?
The scandalous lack of SSL/TLS encryption on the current WikiLeakS.ch website and its clones has also still not been fixed , despite the web forms which demand lots of personal data from journalists or mirror website volunteers - it should never have been launched without this already in place.
T
]]>[...]
WikiLeaks founder Julian Assange lost control of his site's submission system in an internal revolt last fall, and has never regained it, according to a tell-all book penned by the organization's top defector, who accuses Assange of routinely exaggerating the security of the secret-spilling website and lying to the public about the size and strength of the organization.
Although WikiLeaks has claimed for months that its submission system is down due to a backlog of documents it has no time to process, Daniel Domscheit-Berg writes in Inside WikiLeaks that he and a top WikiLeaks programmer seized the submission system when they defected from the organization last September, along with documents in the system at the time.
[...]
Last August, in the wake of rape allegations against Assange as well as criticism that the site had mishandled the names of informants in Afghan documents the site published with media partners, Domscheit-Berg and two WikiLeaks programmers fed up with the way things were being run, staged a halfhearted mutiny. They disabled the WikiLeaks wiki and changed the passwords to the Twitter and e-mail accounts. In response, Assange shut down the whole system, causing the mutineers to cave in. But within weeks, Domscheit-Berg and one of the programmers had left WikiLeaks for good and taken the submission system with them.
They seized the system because they had doubts Assange would handle the documents securely, due to lack of care he had allegedly shown for submissions in the past.
"Children shouldn't play with guns," Domscheit-Berg writes. "That was our argument for removing the submission platform from Julian's control ... We will only return the material to Julian if and when he can prove that he can store the material securely and handle it carefully and responsibly."
The submission system had been recrafted by the programmer, whom Domscheit-Berg refers to only as "the Architect", after he became frustrated with the jerry-built infrastructure Assange, and perhaps others, had set up when Wikileaks launched in December 2006, according to the book. WikiLeaks had been running on a single server with sensitive backend components like the submission and e-mail archives connected to the public-facing Wiki page. The Architect separated the platforms and set up a number of servers in various countries.
In a statement Wednesday, WikiLeaks essentially confirmed Domscheit-Berg's version of why the site's submission system is missing. The organization said the system remains down months after Domscheit-Berg left because his "acts of sabotage" forced the organization to "overhaul the entire submission system" and the staff lacks time to do so.
The statement does not explain why Assange had previously claimed the submission system was down by design to stop an already huge backup of documents from growing even larger.
Domscheit-Berg writes that he and the Architect won't release the unpublished documents and will return them to WikiLeaks once Assange builds a secure system. Noting that the current site has no SSL support, Domscheit-Berg warns that anyone who visits the site to read submission instructions could be monitored.
"The current system has become a security risk for everyone involved," he writes.
Domscheit-Berg told Threat Level in an interview on Sunday that the hijacked leaks only include those submitted since the time the system came back online in July following an outage, and the time it went down permanently. Anything submitted before then, or via other methods, would still be in Assange's possession.
[...]
Domscheit-Berg began working with Assange after meeting him at a hacker conference in Germany in December 2007. Although WikiLeaks claimed to have hundreds of volunteers and an untold number of staffers, the organization consisted essentially of Assange and Domscheit-Berg, who pored through submissions, did little more than simple Google searches to verify documents and posed as non-existent staffers in e-mail and other correspondence to make WikiLeaks seem heftier than it was.The two were later joined by "the Technician" in 2008 and "the Architect" in 2009, both of whom assumed responsibility for the technological infrastructure, while Assange and Domscheit-Berg handled content and media relations. That is, until internal fighting began in 2009. Initially, the fights were over Assange's lack of transparency in handling donated funds, but eventually encompassed everything from the security of sources and submissions, to Assange's lack of trust in Domscheit-Berg, and Assange's relations with women.
[...]
When journalists asked about problems with WikiLeaks' infrastructure, Domscheit-Berg would purposely confuse them with technobabble. He writes that it was amazing how often their obfuscation strategy worked. "To create the impression of unassailability to the outside world, you only had to make the context as complicated and confusing as possible," he writes. "It was the same principle used by terrorists and bureaucrats. The adversary can't attack as long as he has nothing to grab hold of." The truth was, he notes, their "technical infrastructure was a joke and irresponsible. If someone knew where the server was located they could have shut WL down permanently ... We were acting irresponsibly, playing a risky game with our sources' trust and our supporters' donations."
Until WikiLeaks began working with media partners in 2010, it did little vetting of submissions beyond simple Google searches to see if documents seemed legitimate. This proved to be a problem when someone identified in a Julius Baer document as having a secret Swiss bank account claimed he'd been misidentified. Domscheit-Berg says the source who gave them the documents had also "included some background information he had researched about the bank's clients." But the source had apparently confused a Swiss account holder with a German man who had a similar name. When the German threatened to sue for slander, Assange and Domscheit-Berg added a caveat to the document saying, "according to three independent sources" the information might be false or misleading. The three independent sources, however, didn't exist. Domscheit-Berg says they made them up.
[...]
Will WikiLeakS.org ever resume operations for new whistleblower leak submissions ?
So will OpenLeakS.org really be any better than the WikILeakS.org smoke and mirrors confidence trick which this article portrays ?
N.B. OpenLeakS.org currently appears to have lost its https://OpenLeakS.org capability, despite, quite wisely, publishing the Digital Certificate details on
http://openleaks.org/content/contact.shtml
]]>The SSL certificate we use for this website has the following fingerprints:
* SHA-1: 2F:A8:72:54:8F:CB:06:F1:02:39:D2:8C:1F:6B:FF:0A:22:1F:EB:36
* SHA-256: 5B:DE:F3:19:70:E7:D7:68:41:AE:75:20:C2:20:CB:78:1D:DE:81:A7:FE:8D:7D:0F:64:BD:69:E6:3E:AC:FE:47The serial of the certificate is 01:00:00:00:00:01:2C:F1:12:3A:99.
The recent Bloomberg news agency story
WikiLeaks May Have Exploited Music, Photo Networks to Get Data
gives prominence to some dubious claims by a US based Peer to Peer Network spying company called Tiversa.
Bloomberg and Tiversa provide no evidence of any direct link between the alleged
appearance of the US Military files on incompetently configured personal computer systems running P2P software (in contravention of the applicable computer security policies) and the publication of re-named files on Wikileaks, months or even years later.
The Bloomberg article itself lists the months or sometimes years between the alleged appearance of a few US military documents on P2P networks open to the entire internet, and the publication of what is alleged to be copies of the same versions of those documents on the old, no longer functioning, WikiLeakS.org wiki system.
They cannot have it both ways.
Either it is legal for everyone, including firms like Tiversa to monitor such networks (for money) in bulk, in real time, all over the world, "1.8 billion times a day" by running "rogue" monitoring nodes joined to these P2P networks, or it is not.
To attempt to claim that just because they monitored "4 IP address in Sweden", that this is somehow evidence that WikiLeakS.org themselves were trawling for documents on P2P networks, is an incredible double standard, given the amount of such trawling which originates from the USA and even from Tiversa itself.
Tiversa's cause célèbre. was their discovery of the US Presidential helicopter documents, something which strongly implies that they themselves also downloaded copies of such documents, both from the useless US Defense Contractor and from the alleged computer in Iran.
Such activity is itself certainly illegal in many countries and would probably amount to espionage according to the evil Iranian authorities.
Remember there is no proof that the discovery of an alleged download by a particular computer IP address actually means that any human has even noticed or read any such documents, in all likelihood they have not, simply due to the volumes involved - see the various internet snooping projects derived from Echelon by intelligence agencies like the NSA and GCHQ etc and their rivals.
Initially the WikiLeakS.org website just assumed that people would "seed" copies of their published documents into P2P networks. They later started to formally provided Magnet URI links to such documents on their download pages, but of course these are now no longer functional.
Perhaps OpenLeaks.org or any other successors to WikiLeakS.org, if they ever get off the ground, will also seed P2P networks and provide Magnet links as well.
There is a link on the current WikiLeakS.CH website and on its hundreds of risky mirror websites, to a compressed archive of BitTorrent index files, which can be used to download around 20,000 documents which have been published on WikiLeakS.org i.e. not the big "Bradley Manning" disclosures, which got their own dedicated web sites.
However, if you are planning to "research" these for your forthcoming blog or mainstream media article, tv documentary, book, film etc. remember your IP address will be tracked by Tiversa and other private sector and government spies.
Given the legally toxic nature of some of these WikiLeakS.org documents, depending on the legal jurisdiction you fall under, you may be breaking various laws by downloading or possessing copies of these documents e.g. government official secrecy, espionage, lèse majesté, copyright, contempt of court etc. . You should probably keep any files you download in an encrypted volume using, for example TrueCrypt
WikiLeakS.org has never bothered to provide any such warnings or advice to its readers.
]]>