Recently in Funding WikiLeakS Category

We ave previously commented that WkiLeakS.org, or similar organisations, actually require the same sort off "tax haven" and "tax avoidance" techniques employed by the Private Banking industry which they so gleefully try to expose the details of "for maximum political effect".

The Wall Street Journal has been "investigating", without actually revealing the details of any of the front companies and foundations, apart from some of the ones which have appeared on the WikiLeakS.org financial contributions pages. It is is disappointing that a financial sector newspaper like the Wall Street Journal, cannot find, or will not publish, any more details, other than those provided by Julian Assange.

Have these been verified in any way e.g. is WikiLeakS.org really registered as a library in Australia ?

How WikiLeaks Keeps Its Funding Secret

By JEANNE WHALEN and DAVID CRAWFORD

The controversial website WikiLeaks, which argues the cause of openness in leaking classified or confidential documents, has set up an elaborate global financial network to protect a big secret of its own--its funding.

Some governments and corporations angered by the site's publications have already sued WikiLeaks or blocked access to it, and the group fears that its money and infrastructure could be targeted further, founder Julian Assange said in an interview in London shortly after publishing 76,000 classified U.S. documents about the war in Afghanistan in July. The move sparked international controversy and put WikiLeaks in the spotlight.

In response, the site has established a complex system for collecting and disbursing its donations to obscure their origin and use, Mr. Assange said. Anchoring the system is a foundation in Germany established in memory of a computer hacker who died in 2001.

WikiLeaks's financial stability has waxed and waned during its short history. The site shut down briefly late last year, citing a lack of funds, but Mr. Assange said the group has raised about $1 million since the start of 2010.

WikiLeaks's lack of financial transparency stands in contrast to the total transparency it seeks from governments and corporations.

This lack of financial transparency is one of the major failings of the WikiLeakS.org project.

"It's very hard work to run an organization, let alone one that's constantly being spied upon and sued," Mr. Assange said in the The controversial website WikiLeaks, which argues the cause of openness in leaking classified or confidential documents, has set up an elaborate global financial network to protect a big secret of its own--its funding.

Some governments and corporations angered by the site's publications have already sued WikiLeaks or blocked access to it, and the group fears that its money and infrastructure could be targeted further, founder Julian Assange said in an interview in London shortly after publishing 76,000 classified U.S. documents about the war in Afghanistan in July. The move sparked international controversy and put WikiLeaks in the spotlight.

In response, the site has established a complex system for collecting and disbursing its donations to obscure their origin and use, Mr. Assange said. Anchoring the system is a foundation in Germany established in memory of a computer hacker who died in 2001.

WikiLeaks's financial stability has waxed and waned during its short history. The site shut down briefly late last year, citing a lack of funds, but Mr. Assange said the group has raised about $1 million since the start of 2010.

WikiLeaks's lack of financial transparency stands in contrast to the total transparency it seeks from governments and corporations.

"It's very hard work to run an organization, let alone one that's constantly being spied upon and sued," Mr. Assange said in the interview. "Judicial decisions can have an effect on an organization's operation. ... We can't have our cash flow constrained entirely," he said.

Among the cases WikiLeaks has faced, the Swiss bank Julius Baer & Co. in 2008 sued for damages in federal court in California, alleging that the site had published stolen bank documents. The court ordered the disabling of the wikileaks.org domain name, but the bank withdrew its lawsuit after civil-rights advocates protested.

Though Mr. Assange declined to name donors or certain companies through which donations flow, he provided some insight into the funding structure that allows the group to operate.

The linchpin of WikiLeaks's financial network is Germany's Wau Holland Foundation. WikiLeaks encourages donors to contribute to its account at the foundation, which under German law can't publicly disclose the names of donors. Because the foundation "is not an operational concern, it can't be sued for doing anything. So the donors' money is protected, in other words, from lawsuits," Mr. Assange said.

Nonsense ! There are several Islamic Charities which not only have been sued, but have subjected to anti-terrorism investigations and have had their financial assets frozen, even though they have never been "operational concerns" either.

No "tax evasion" / "tax avoidance" trust funds and front companies registered in tax havens are "operational concerns" either, but that does not prevent various tax authorities going after them and their beneficiaries.

The German foundation is only one piece of the WikiLeaks network.

"We're registered as a library in Australia, we're registered as a foundation in France, we're registered as a newspaper in Sweden," Mr. Assange said. WikiLeaks has two tax-exempt charitable organizations in the U.S., known as 501C3s, that "act as a front" for the website, he said. He declined to give their names, saying they could "lose some of their grant money because of political sensitivities."

Surely the Wall Street Journal could investigate and find out the names of the Australian "library", the French foundation and the US 501C3s ?

Mr. Assange said WikiLeaks gets about half its money from modest donations processed by its website, and the other half from "personal contacts," including "people with some millions who approach us and say 'I'll give you 60,000 or 10,000,' " he said, without specifying a currency.

How have WikiLeakS.org solved the problem faced by many unincorporated voluntary organisations, who cannot get large sums of money from rich individuals or companies or trades unions etc. because these donors would become "jointly and separately liable" for any debts incurred by the voluntary organisations , and, just as importantly, vice versa i.e. the organisation could become liable for the debts or bankruptcy of these large donors.

The other big risks to rich financial donors involve the horrendously complicated and ineffective (in terms of catching real criminals and terrorists) anti-money laundering regulations and investigations, which various government bureaucracies have imposed on the financial industry, especially for foreign money transfers.

How does WikiLeakS.org provide any protection to financial donors in such cases ?

Retrieving money from the Wau Holland Foundation is a complicated task, he said. WikiLeaks must submit receipts to the foundation, which issues grants to reimburse them. Because German law requires the foundation to publicly disclose its expenditures, WikiLeaks uses "other foundations" to aggregate its bills and send them to Wau Holland, so that some of the companies WikiLeaks does business with remain anonymous, Mr. Assange said. This prevents anyone from seeing whom, for example, WikiLeaks pays for Internet infrastructure, or where that infrastructure is located.

To operate, the website needs several powerful computers linked to high-speed Internet connections. WikiLeaks particularly tries to obscure payments for "basic infrastructure that could be attacked," for "servers that are engaged in source protection," and for "security engineers," Mr. Assange said.

So far, Wau Holland has distributed €50,000 ($64,000) to a WikiLeaks account in Germany, strictly in exchange for receipts, according to Daniel Schmitt, spokesman at WikiLeaks, and Hendrik Fulda, deputy board chairman of the foundation. Mr. Schmitt controls the account.

The average donation to WikiLeaks via the Wau Holland Foundation is about €20, Mr. Fulda said. The largest donation through the foundation--€10,000--arrived from a German donor after the publication of the Afghan war documents, he said, declining to reveal further details.

Mr. Schmitt said WikiLeaks needs about $200,000 a year to cover its operating expenses--mainly network fees, rent and storage costs for the sites where the servers are, and some hardware and travel expenses. Should it decide to pay salaries to its five staff members, as it is now considering, it would need about €600,000 a year, he said.

Paying salaries is a "sensitive subject," he said, noting that outsiders might question the need for them.

Most of the financial supporters of WikiLeakS.org would not object to salary payments for key staff, but they do demand some sort of financial accounting and transparency, which is totally lacking at the moment.

Mr. Fulda of the foundation said WikiLeaks needs €10,000 to €15,000 a month to maintain its Web presence. Late last year, when donors were contributing only €2,000 to €3,000 per month, WikiLeaks was struggling to survive, he said. So it shut down its website in December, leaving up only an appeal for donors to transfer money to the group via the Wau Holland Foundation. Soon, donations per month increased 20-fold.

WikiLeaks reopened its website in May, but "within days ... donations dropped back to near their former level," Mr. Fulda said.

The fluctuation caught the attention of Wau Holland's banking partners including eBayInc.'s PayPal, which demanded explanations for the surge and fall in donations. "I explained it wasn't money laundering, just WikiLeaks donations," Mr. Fulda said.

Which shows how useless the anti-money laundering red tape is.

A PayPal spokeswoman said the company is "still processing payments for WikiLeaks." She said that she couldn't comment further on a specific account but that in general, PayPal is required by anti-money-laundering laws and its own anti-fraud regulations to investigate accounts when they exceed certain limits.

WikiLeaks has tried to diversify away from PayPal by adding other payment options to its site, including Flattr.com, a payment system based in Sweden, and Moneybookers, a system based in the U.K.

A spokeswoman for Moneybookers said the company used to provide services to WikiLeaks but "as they don't adhere to Moneybookers' standards, the agreement was terminated." She declined to comment further. Flattr didn't respond to a request for comment.

"as they don't adhere to Moneybookers' standards, the agreement was terminated" - points to WikiLeakS.org lack of financial transparency as being a major problem.

Note also that another online money payment system which WikiLeakS.org has used during their dispute with PayPal, called TipIt.to seems to have gone "tits up" at the end of February 2010 due to "fraudulent transactions"

http://blog.tipit.to/2010/04/gesloten-voor-preventie-%E2%80%94%C2%A0closed-for-prevention/

Write to Jeanne Whalen at jeanne.whalen@wsj.com and David Crawford at david.crawford@wsj.com

The main WikiLeaks.org website seems to have returned online, after the 6 month fund raising strike, which was punctuated by high profile releases, and one way Twitter broadcasts.

Some changes are evident:

  • The wiki Special Pages which showed recent updates have been turned off.
  • The uploaded document files now only download from the unencrypted http://file.wikileaks.org, without any SSL or Tor protection as they used to.
  • Torrent and Magnet downloads are offered instead.

They still have not bothered to get a new SSL / TLS Digital Certificate which does not use the deprecated MD5 cryptographic hash.

Of more concern is, that whilst some old Comments and analyses on the "leaked" documents by the public, are available, you can no longer submit any new ones.

There is no wiki in WikiLeakS.org


Twitter, with its very short messages, is inherently the wrong medium for publishing important security / anonymity / financial warning advice about the WikiLeakS.org project.

http://twitter.com/wikileaks/status/9495477247

Our Kenyan PO BOX is no-longer considered secure after a break in. Please use Australia or Cambodia instead.

'Mon Feb 22 22:03:11 +0000 2010

from bit.ly

The WikiLeakS.org website is still deliberately crippled, and no longer displays the PO Box address for "Cambodia".

Why anyone would trust the Cambodian Government not to snoop on foreign letters or parcels sent to such a Post Office Box address, is a mystery.

The Postal Submissions (for whistleblower leak documents) web pages, did at least offer a few words of security / anonymity advice, which the single Twitter message, obviously does not.

Astonishingly, the current WikiLeakS.org home page still gives out this allegedly insecure address for Kenya, over 24 hours after the Twitter warning was published.

Kenya
WikiLeaks ICT
PO Box 8098-00200
Nairobi
Kenya

in the section devoted to "give us your money".

  • So is this address still suitable for sending cash or other financial donations, but not for whistleblower leak documents ?
  • Why can they not publish a full details about this security threat in Kenya, on the WikiLeakS.org website ?
  • What procedures does WikiLeakS.org employ to audit the reliability of their postal PO Box submissions, which they have suggested as a high security method of sending them whistleblower leaked documents.?
  • Do they ever send test documents and / or money via these PO Boxes, to see if these are being intercepted, delayed , censored or stolen ?
  • If the Kenyan PO Box can still be trusted, then the WIkiLeakS.org Twitter feed obviously cannot be trusted.

In order to reduce the chances of a Denial of Service attack via Rumour, WikiLeakS.org should have published fuller details of the reasons for no longer trusting this published method of submitting sensitive whistleblower leak documents and / or money, on their own website and via an email Press Release.

This security / anonymity warning press release should have been Digitally Signed using their (now long expired) PGP Public Encryption and Signing cryptographic Key, to vastly reduce the chance that it has been tampered with or entirely forged.

WikiLeakS.org purport to be experts in protecting their whistleblower sources, so why are such simple precautions beyond them ?

WikiLeakS.org is still asking for money:

We have raised just over $350,000 for this year. Our yearly budget is around $600,000.

However, their self imposed moratorium on publishing leaked documents, has now been selectively breached, presumably for political purposes:

Classified cable from US Embassy Reykjavik on Icesave dated 13 Jan 2010

This document, released by WikiLeaks on February 18th 2010 at 19:00 UTC, describes meetings between embassy chief Sam Watson (CDA) and members of the Icelandic government together with British Ambassador Ian Whiting.

This is just a link to a simple text file, rather than the usual WikiLeakS.org wiki page with a (.pdf) or (.zip) archive and a cryptographic checksum.

Publication in this way denies people the opportunity to post Comments on or Analysis of the alleged whistleblower leak document on the WikiLeakS.org website itself.

The actual link is to:

http://wikileaks.org/file/us-watson1-2010.txt

However, the corresponding "secure" SSL / TLS encrypted version of the link is not available:

https://wikileaks.org/file/us-watson1-2010.txt

This re-directs to an Error Page and then to the "secure" document submission web page - why would anyone submit any new whistleblower leak documents to the WikiLeakS.org website, which currently have almost no chance of being published ?

The previously available Tor Hidden service via https://gaddbiwdftapglkq.onion/, which used to offer end to end encryption and quite strong anonymity mixing through the Tor server node cloud, is not working either.

Is this a further erosion of the supposed ethical standards and transparency which were proclaimed when the WikiLeakS.org project started ?

Revealing some alleged details, that Icelandic politicians in the Government and in the Opposition are meeting with each other, and with US and British and Norwegian etc. diplomats, in order to try to find compromises, and a way out of the Icesave financial crisis, is hardly a significant secret, which is being hidden from the Icelandic or world public, for some nefarious reason or other. Surely that is what they are all paid to do as a matter of course, anyway ?

If this plausible looking text is genuine, then will there now be a "mole hunt" / security investigation at the US Embassy in Reykjavik or the State Department and other addresses in Washington, to try to track down how the alleged text of a supposedly confidential and, presumably encrypted, diplomatic telegram fell into the hands of WikiLeakS.org ? Or, since the British Ambassador is named and quoted specifically, and may well have been forwarded a copy, was the leak due to laxness by the United Kingdom's bureaucracy ?

Will all Icelandic staff working at those embassies now fall, unfairly, under suspicion of espionage as a result of this leak ?

Will all internet traffic to and from the WikiLeakS.org website now, be legitimately snooped on by the US National Security Agency ? The NSA is obviously tasked with ensuring the security and confidentiality of US diplomatic cables and other communications to and from US Embassies around the world.

Whether this leak will actually help or hinder the forthcoming vote in the Althing the Icelandic Parliament, on the WikiLeakS.org inspired idea of reforming Icelandic laws to protect investigative journalism and to counter libel tourism and secret legal injunctions etc., is uncertain. See the previous blog article Icelandic Modern Media Initiative - WikiLeakS.org "Publishing Haven" laws in Iceland ?)

If WikiLeakS.org have really raised enough money to cover their costs for the forthcoming year, then why is the web site still non-functional in terms of its raison d'etre i.e. the publication whistleblower leak documents ?

Last week's stupid Twitter message

https://twitter.com/wikileaks/status/8613426708

Achieved min. funraising goal. ($200k/600k); we're back fighting for another year, even if we have to eat rice to do it.

5:51 PM Feb 3rd from bit.ly

generated a lot of "wikileaks is saved" or "wikileaks financial crisis is over" etc. coverage from the Twitterers and the online bits of the mainstream media.

Incredibly, the authenticity of this Tweet , and the unwarranted assumption that it really represents the collective official policy of the whole wikileaks.org project and its supporters, does not seem to have been questioned by those professional journalists and gungho "must be first to re-tweet" social media network addicts.

  • Is there an announcement that "we have enough money thanks, there is no need to donate any more" on their web site ?

    No, just the opposite, in fact, they are still begging for money.

  • Is there a wikileaks Press Release with contact details for official WikiLeaks.org spokesmen, announcing the end of wikileaks' financial woes ?

    No.

  • Does this (non-existent) Press Release bear a Digital Signature, showing its authenticity and lack of forgery, using a (non-existent) WikiLeakS.org public key cryptography based valid PGP Signing Key ?

    No (because WikiLeakS.org refused to renew their initially published, but now expired PGP Key - wikleaks@wikileaks.org PGP key id 0x11015F80 - expired 2nd November 2007)

Why has one single anonymous, very short "tweet" message via a notoriously insecure system like Twitter, been accepted and trusted as being entirely true ?

Remember that Twitter has had its "security" utterly compromised and has been used to send fake "tweets" messages, not just once, but several times in the last year or so.

Surely the amount of money being donated via PayPal and TipIT.to etc. must have been adversely affected by this premature announcement that gives the impression that the financial crisis is over ?

Belated removal of the "web bug" embedded video clip.

The only positive development this week, has been the belated removal of the embedded YouTube video, which was acting as a "web bug"

Because the static image was served remotely from web servers noy inder WikiLeakS.org control, this was betraying the browser details and IP addresses of most of the visitors to YouTube/ Google, who definitely do keep searchable log files and more, for the benefit of their Government and corporate clients.

WikiLeakS.org is still not publishing any of their old or new whistleblower leaks, whilst still asking for new whistleblower leak submissions, and, still asking for money.

They now seem to have got themselves a TipiT.to tip jar, run by a company called Like It Tipit Ltd, based in the United Kingdom and the Netherlands.

https://tipit.to/wikileaks.org

which accepts Euros, US Dollars or GB Pound currency donations via credit card or the (mostly) Netherlands based iDEAL online payment system.. TipiT.to seem to be using the Netherlands based AdYen internet payments system for credit cards.

The TipiT.to terms of service make it clear that any responsibility for taxation lies with WikiLeakS.org.

However, now casual visitors to the suspended WikiLeakS.org web page will see a typical "appeals thermometer" graphical image.

https://tipit.to/img/thermo?style=1&tipjarId=1&currency=EUR&goal=5000000&since=20100124&width=150&background=c0c0c0

tipit_to_wikileaks_org_261.jpg

Note the target "goal" of 50,000 Euros.

Another "web bug":

Even though the PayPal graphic is now being served locally, rather than as a Deep Link from the Canadian fishing supplies website, this Web Bug problem has simply been replaced by a new one.

The new "thermometer appeal" graphical image is not a static graphical image, served locally from the WikiLeakS.org web servers. (like the above screen capture graphic is being served from the WikiLeak.org web space)

It is a dynamic image, generated remotely on the fly, presumably to show how much of the target has been achieved, as per the "appeals thermometer" theme.

This means that the TipiT.to webservers, and the Amazon Web Services, Elastic Compute Cloud, EC2 instance which they use, are collecting Communications Traffic Data logfiles, including visit time and date, IP address, Web browser details, language settings etc., from most of the visitors to the WikiLeakS.org page, even if they do not intend to proceed to the tip jar donations form.

Will anybody be monitoring or automatically screen scraping and logging, the WikiLeakS.org TipIT tip jar, or even the TipiT.to home pages, which display the amounts of money of the last 10 or so tips received ? Obviously some of these donations or tips are pseudo anonymous, but several people seem to be leaving their names and comments of support, which they may or may not regret later.

N.B. since the TipiT.to webs server does not appear to be serving a robots.txt file:

http://tipit.to/robots.txt

it may well be that snapshots of the "latest tips / financial contributors" to WikiLeakS.org and any other website will be captured by automatically and "forever", by Google, Yahoo, Bing and other web search engines..

The embedded YouTube video script remains as before, also potentially betraying the anonymity of visitors to the WikiLeakS.org website, in log files over which WIkiLeakS.org have no control.

Why is the simple website anonymity protection measure of serving copies of graphical images only from your own web server so difficult for the WikiLeakS.org people, who one would expect to live and breathe internet anonymity and security, to understand ?

We wonder what effect, if any, the suspension of the WikiLeakS.org PayPal button will have on their funding, whilst they are still offline, pleading for money.

The current WikiLeakS.org web page (Saturday 23rd January 2010) :

WikiLeakS_org_home_page_23jan2010_433.jpg

Support us financially

Pay by credit card or PayPal worldwide

Note the PayPal graphic, but not one actually locally hosted on the WikiLeakS.org web servers ! See below.

Paypal has as of 23rd of January 2010 frozen WikiLeaks assets. This is the second time that this happens. The last time we struggled for more than half a year to resolve this issue. By working with the respected and recognized German foundation Wau Holland Stiftung we tried to avoid this from happening again -- apparently without avail.

We are working on resolving this issue as fast as possible. Please use our bank accounts for direct transfer in the meantime, or contact wl-donations@sunshinepress.org for any further questions.

WikiLeaks is not the only non-profit organization with this problem. This is a regular occurrence, that from our perspective should not be tolerated by the global community using this payment system.

PayPal usually suspends non-profit organisations, because PayPal have to comply with local taxation laws involving the tax exempt status of such organisations, and with the world wide anti-money laundering red tape and bureaucracy.

You end up having to send them details of your charitable status, or, failing that, proof that you have a bank account in the name of your group etc.

WikiLeakS.org have "web bugged" most of their home page visitors

WikiLeakS.org proudly boasts that none of the identities of any of their whistleblower sources have been compromised. We have always been critical of their much more lackadaisical approach to the anonymity of the web site visitors, who may be just curious or who may be informed analysts who have the knowledge and experience to comment intelligently on the whistleblower leak documents - some of these people need to preserve their anonymity from snoopers, just as much as whistleblowers do.

Such visitors to the website home page will almost certainly also include the actual whistleblowers themselves, at some point before, during or after, they upload their potentially sensitive documents.

What then, were the WikiLeakS.org web team thinking of, by using a PayPal image which is hosted on a Canadian angling supplies website called www.alainfishing.com ?

"Fishing" for PayPal donations is going to make quite a few people wonder if this is a "phishing" scam.

Looking at some of the current WikiLeakS.org home page HTML source code, they appear to have commented out their PayPal link to the Wau Holland charitable foundation in Germany, but they are deep linking (for no good reason) to a PayPal web graphic, hosted on a third party website, a Canadian sports angling website which sells brightly coloured fishing bobs


<p> <b>Pay by credit card or PayPal worldwide</b><br>
<img src="http://www.alainfishing.com/en/images/paypalIcon.gif">

<!--- <form action="https://www.paypal.com/cgi-bin/webscr">
<input type="hidden" name="business" value="vorstand@wauland.de">
<input type="hidden" name="cmd" value="_donations">
<input type="hidden" name="hosted_button_id" value="9801043">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="item_name" value="WikiLeaks donation">
<input type="hidden" name="lc" value="en">
</p>
<p>Message with your donation:</p>
<p> <input type="text" name="item_number" value="">
</p>
<p>Enter amount:<br />
<select name="currency_code">
<option value="USD">USD
<option value="EUR">EUR
<option value="GBP">GBP
<option value="CAD">CAD
<option value="AUD">AUD
<option value="NZD">NZD
<option value="SEK">SEK
<option value="DDK">DDK
<option value="NOK">NOK
<option value="CHF">CHF
<option value="HKD">HKD
<option value="HUF">HUF
<option value="ILS">ILS
</select>

<input type="text" name="amount" style="width: 4em; text-align: right;" value="25.0"><br />
</p>
<p> <input name="submit" type="submit" style="margin-top: 1em;" value="Choose payment type"><br />
<span style="font-size: smaller;">(PayPal, VISA, Mastercard and more accepted)</span>
</form>
</p>--->

This effectively means that the web server log files of www.alainfishing.com, are now tracking most of the visitors to the WikiLeakS.org web page - in effect WikiLeakS.org have web bugged their own supposedly anonymity protected website.

This potentially compromises the anonymity of the vast majority the WikiLeaKS.org home page visitors, regardless of whether they are interested in PayPal or not, and anyone foolish enough to try to submit a whistleblower leak at the moment, without any timescale of when or if it will ever be published by the (suspended) WikiLeakS.org project.

This "web bug" effect also applies to the embedded YouTube Video of the Berlin 26C3 conference speech. (see WikiLeakS.org presentation at 26C3 - will Iceland become a WikiLeakS.org Publishing Data Haven ?).

A link to YouTube or, if they ever get it working again, to PayPal, should be illustrated with a local copyof the graphic, hosted on the WikiLeakS.org web servers , which supposedly do not keep log files.

Such links should also carry an "anonymity health warning", that clicking on them will make a connection with an external website, over which WikiLeakS.org have no control, and which will leave detectable electronic footprints.

The WikiLeakS.org website has yet again extended its "publication strike", which it has been on since before Christmas 2009, until, supposedly January 15th 2010.

[UPDATE: 19th January 2010: - the Yet Again Extended Deadline of Monday 18th January has come and gone, but the WikiLeakS.org "anonymous" publication service is still suspended, with no announcement of any new target date]

They did seem to re-introduce a link for "secure submissions" on the 11th January, but why should anyone leak stuff to them, with no immediate prospect of publication ?

Their Disclaimer makes some bold claims:

Disclaimer

You
Submit a document for us to publish and, in order to maximize its impact, distribute amongst our network of investigative journalists, human rights workers, lawyers and other partners.

We
We will publish and keep published the document you submitted, provided it meets the submission criteria. Your data is stored decentralized, encrypted and as a preserved historic record, accessible in full by the public.

The information you submit will be cleaned by us to not be technically traceable to your PDF printing program, your word installation, scanner, printer.

We also anonymize any information on you at a very early stage of the WikiLeaks network, and our services neither know who you are nor do they keep any information about your visit.

We will never cooperate with anyone trying to identify you as our source. In fact we are legally bound not to do so, and any investigation into you as our source is a crime in various countries and will be prosecuted.

Note, however,that this Disclaimer link does create a presumably unique session tracking URL, probably so that they can show, via yet another link, a meta re-fresh page which shows the upload progress of your file submission.

The Disclaimer says "our services neither know who you are nor do they keep any information about your visit. ", but it is still unclear if this really applies to these presumably unique session identifiers which may well be stored in logfiles or content management database associated with the "decentralized" file storage system.

Remember taht one way of identifying a potential whistleblower using an SSL / TLS encrypted web submission form, is to analyse the amount of data uploaded.

If , say, a large document or video clip appears on WikiLeaks.org, and the only person who has uploaded several megabytes of data to them is you, then you may have betrayed your identity to local investigators, regardless of the fact that they didi not read the contents of the encrypted session.

Perhaps people should be encouraged to upload several dummy "chaff" files ,clearly marked as such to be deleted, simply to help hide the true "leak" document".

This should never be a sneaky "automatic by default" action, but should be an option which is transparent to the whistleblower.

On a more positive note, at least the new Submission form, now gives some space for the whistleblower to add some notes into a separate field:

If you want to give us more context and details about your submission please, feel free. Any information you can provide will help with verification and maximing the impact of your submission

This could include "anonymous" contact details, email addresses, PGP Encryption / SIgning keys, disposable mobile phone numbers etc

However it should be made much clearer, that this potentially identifying personal information will not be published.

There must also be credible assurances as to how this whistleblower contact data will be protected within the WIkiLeakS.org organisation.

Stefan Mey, a German student in Berlin, who publishes the Medien-Ökonomie-Blog writes:

I'd like to show you an interview with Julian Assange, the spokesperson of
Wikileaks, on my students' blog. On the Chaos Communication Congress in
Berlin, a hacker event, I had the chance to talk with him, about the economic and financial aspects of the website (at the moment it is shut down in order to generate money) and about the relationship of Wikileaks and mainstream media.

It was planned as a very small interview of only some minutes, about the
media economy of a non-commercial web project, but then we talked for nearly
an hour and he talked about some really new aspects of Wikileaks.

Leak-o-nomy: The Economy of Wikileaks

[...]

How big is the core team of WikiLeaks?

There is probably five people that do it 24 hours a day. And then it's 800 people who do it sometimes over a year. And in between there is a spectrum.

How do you and the other four guys who work full time without getting paid finance your flat and your bread?

I made money in the internet. So I have enough money to do that, but also not forever. And the other four guys, in the moment they are also able to self-finance.

[...]

So in the moment the labour costs are still hypothetical, but the big costs that you really have to pay bills for are servers, office, etc.?

The bandwidth side, the backing is costly as well when we get big spikes. Then there are registrations, bureaucracy, dealing with bank accounts and this sort of stuff. Because we are not in one location, it doesn't make sense for us to have headquarters. People have their own offices across the world.

What about cost for lawsuits?

We don't have to pay for our lawyer's time. Hundred of thousands or millions dollars worth of lawyer time are being donated. But we still have to pay things like photocopying and court filing. And so far we have never lost a case, there were no penalties or compensations to pay.

So all in all, can you give figures about how much money Wikileaks needs in one year?

Probably 200.000, that's with everyone paying themselves. But there are people who can't afford to continue being involved fulltime unless they are paid. For that I would say maybe it's 600.000 a year.

See our previous blog article WikiLeakS.org applies for $532,000 funding from the Knight Foundation - for "local news" whistleblower leaks ?

Now let's talk about your revenues, your only visible revenue stream is donations ...

Private donations. We refuse government and corporate donations. In the moment most of the money comes from the journalists, the lawyers or the technologists who are personally involved. Only about ten percent are from online donations. But that might increase.

At the bottom of the site is a list of your "steadfast supporters", media organisations and companies like AP, Los Angeles Times or The National Newspaper Association. What do they do for you?

They give their lawyers, not cash.

[...]

You need to motivate two groups of people, in order to make the site running, the whistleblowers and the journalists. What are the motivations for whistleblowers?

Usually they are incensed morally by something. Very rarely actually they want revenge or just to embarrass some organisation. So that's their incentive, to satisfy this feeling. Actually we would have no problem giving sources cash. We don't do that, but for me there is no reason why only the lawyers and the journalists should be compensated for their effort. Somebody is taking the risk to do something and this will end up benefiting the public.

But then the legal problem would become much bigger.

Yes, but we're not concerned about that. We could do these transfer payments to a jurisdiction like Belgium which says, that the authorities are not to use any means to determine the connection between the journalist and their source. And this would include the banking system.

Exactly how strong is this legal protection in Belgium, against the revelation of whistleblower sources through the tracking of financial payments, in practice ?

If they cite "national security" or "terrorism" or "serious organised crime" etc investigations, then the US and EU governments seem to be able to legally snoop on the >Society for Worldwide Interbank Financial Telecommunication (SWIFT) international banking money transfer system, which is also legally based in Belgium

On the other side you experiment with incentives for journalists. This sounds weird in the beginning. Why do you have to give them additional incentives so they use material you offer them for free?

It's not that easy. Information has value, generally in proportion to the supply of this information being restricted. Once everyone has the information, another copy of the information has no value.

"Information wants to be free" meets the fundamental economic law of supply and demand.

In Germany you made an exclusivity deal with two media companies, the Stern and Heise. Are you satisfied with these kind of deals?

We did this in other countries before. Generally we have been satisfied. The problem is it takes too much time to manage. To make a contract, and to determine who should have the exclusivity. Someone can say, oh, we will do a good story. We are going to maximize the political impact. And then they won't do it. How do we measure this?

According to this WikiLeak.org blog comment , seemingly by Julian Assange, they have not done so with The Guardian newspaper in the United Kingdom.

This raises the question about the cases,like The Guardian's reporting of the Trafigura / Carter-Ruck "secret super injunction", where our impression is that WikiLeakS.org appear to be getting their whistleblower leaks from mainstream media journalists themselves, either unofficially, or with the management turning a blind eye.

[...]

What happened?

This auction proved to be a logistical nightmare. Media organisations wanted access to the material before they went to auction. So we would get them to sign non-disclosure agreements, chop up the material and release just every second page or every second sentence.That was too distracting to all the normal work we were doing, so that we said, forget it, we can't do that. We just released the material as normal. And that's precisely what happened: No one wrote anything at all about those 7.000 Emails. Even though 15 stories had appeared about the fact that we were holding the auction.

It sounds as if nobody trusts anyone else in this media auction.

Perhaps the University of Cambridge's cryptographic protocol thought experiment by Frank Stajano and Ross Anderson, the Cocaine Auction Protocol (.pdf) , might help ?

The experiment failed.

The experiment didn't fail, the experiment taught us about what the burdens were. We would actually need a team of five or six people whose job was just to arrange these auctions.

You plan to continue the auction idea in the future ...

We plan to continue it, but we know it will take more resources. But if we pursue that we will not do that for single documents. Instead we will do a subscription. This would be much simpler. We would only have the overhead of doing the auction stuff every three months or six months, not for every document.

So the exclusivity of the story will run out after three months?

No, there will be exclusivity in terms of different time windows in access to the material. As an example: there will be an auction for North America. And you will be ranked in the auction. The media organisation who bids most in the auction, would get access to it first, the one who bids second will get access to it second and so on. Media organisations would have a subscription to Wikileaks.

We would be interested to hear from media lawyers about whether or not mainstream media organisations really are in a legal position to sign exclusivity subscription deals with WikiLeakS.org.


WikiLeakS.org is currently unavailable until 6th [UPDATED 7th January] 11th January 2010, as they are appealing for your money and technical and legal support.

Have they run out of money ?

wikileaks_25dec09_appeal_for_money_450.jpg

We protect the world--but will you protect us?

"Wikileaks has probably produced more scoops in its short life than the Washington Post has in the past 30 years"
-- The National, November 19. 2009

To concentrate on raising the funds necessary to keep us alive into 2010, we have very reluctantly suspended all other operations, until Jan 6.

The Sunshine Press (WikiLeaks) is an non-profit organization funded by human rights campaigners, investigative journalists, technologists and the general public. Through your support we have exposed significant injustice around the world--successfully fighting off over 100 legal attacks in the process. Although our work produces reforms daily and is the recipient of numerous prestigious awards, including the 2008 Economist Freedom of Expression Award as well as the 2009 Amnesty International New Media Award, these accolades do not pay the bills. Nor can we accept government or corporate funding and maintain our absolute integrity. It is your strong support alone that preserves our continued independence and strength.

We have received hundreds of thousands of pages from corrupt banks, the US detainee system, the Iraq war, China, the UN and many others that we do not currently have the resources to release. You can change that and by doing so, change the world.

They want your money:

Support us financially


Pay by credit card or PayPal worldwide

[...]

(Processed for us by the Wau Holland foundation; PayPal, VISA, Mastercard and more accepted)

We hope that this PayPal account is not compromised like the previous one was - see: Follow the money - WikiLeakS.org partial financial donors list email

Bank transfers

To contribute via direct wire transfer, please make your donation to one of the following organizations that can accept support on our behalf. Tax deductibility is possible where indicated.

Europe

Use our account at the tax-deductible Wau Holland foundation:

Wau Holland Stiftung, Postfach 640236, 10048 Berlin, Germany
Commerzbank Kassel, BLZ: 52040021, KTO: 277281204
(international: IBAN: DE46520400210277281204, BIC: COBADEFF520)
(inquiries: wl-supporters@sunshinepress.org)

United States

Banking details available on request.

Email wl-supporters@sunshinepress.org with the name of your state to be guided through this simple process.

Australia & New Zealand

Use our tax-exempt infrastructure foundation:

WikiLeaks ICT, Australia
Full bank details available on request. Email wl-supporters@sunshinepress.org to be guided through this simple process.

All other countries

Use our account at the non-profit Wau Holland foundation in Europe:

Wau Holland Stiftung, Postfach 640236, 10048 Berlin, Germany
Commerzbank Kassel, BLZ: 52040021, KTO: 277281204
(international: IBAN: DE46520400210277281204, BIC: COBADEFF520)
(enquiries: wl-supporters@sunshinepress.org)

Other bank accounts are available on request from wl-supporters@sunshinepress.org

The Wau Holland Foundation has charitable tax status in Germany, and was set up in memory of German Chaos Computer Club pioneer and anti-censorship activist Herwart Holland-Moritz.

Cash or cheques

You can support us by posting cash, cheques or international money grams to one of the following addresses:

All countries

WikiLeaks ICT
BOX 4080, University of Melbourne
Victoria 3052, Australia

USD, EUR, AUD preferred. International cheques are best over $800 to avoid fees. If sending cash, please place it in a non-transparent envelope or a CD case for maximum security.

Remember that banknotes, and especially plastic CD cases, are good for fingerprints and DNA sample forensic evidence.

Kenya

WikiLeaks ICT
PO Box 8098-00200
Nairobi
Kenya

Other addresses are available on request from wl-supporters@sunshinepress.org

Apart from these payment methods

I f you are interested in contributing to our mission using another payment method or with a shares, property, bonds, a grant, matched contribution, bequest, interest free loan, or have any other questions, please write to wl-supporters@sunshinepress.org

None of these methods of funding allow financial supporters of the WikiLeakS.org project to remain anonymous.

Financial transactions are even easier for governments and law courts etc. to trace than IP addresses are.

The wl-supporters@sunshinepress.org email address must surely be monitored and intercepted by various Government law enforcement and intelligence agencies.

Since there is no longer any WikiLeakS.org published PGP Public Encryption Key (see Why have WikiLeakS.org abandoned the use of PGP Encryption ?), any such financial correspondence will be at risk of being snooped on, and is likely to reveal the identities of potential and actual WikiLeakS.org financial supporters.

If you do plan to contact that target email address, you should not use your usual, personally identifiable email account.

What about limited liability ? Are you "jointly liable" with them, for any debts or legal fines or legal costs ?

If you become a supporter of WikiLeakS.org. and some Judge awards massive, inflated legal costs against WikiLeakS.org in a court case, do your financial assets become targets for avaricious lawyers or governments ?

Desperate lawyers and government bureaucrats will lash out at any identifiable people, e.g. identifiable financial supporters, in order to put censorship pressure on WikiLeakS.org.

Surely, in order to minimise the risk of this, WikiLeakS.org would need to employ exactly the same sort of sophisticated financial techniques involving investment trusts, nominee accounts and private bank accounts in tax havens etc., as used by the likes of Bank Julius Baer or Barclays etc. who have tried to sue WIkiLeakS.org to suppress details of such tax avoidance or tax evasion schemes and the rich people who have used them ?

Alternatively, some sort of Hawala informal banking /money transfer scheme would be needed, which is increasingly suspected of terrorism money laundering etc. by various suspicious and / or greedy governments.

Perhaps, as used in some African countries, pre-paid mobile phone credit vouchers could be used, to transfer small amounts of money to WikiLeakS.org.- just send the 12 digit voucher number to someone who can make use of it on a particular mobile phone network, perhaps for voice or data calls,or for "m-commerce" to buy goods or services.

When will WikiLeakS.org publish any sort of financial accounts ?

About this blog

This blog here at WikiLeak.org (no "S") discusses the ethical and technical issues raised by the WikiLeakS.org project, which is trying to be a resource for whistleblower leaks, by providing "untraceable mass document leaking and analysis".

These are bold and controversial aims and claims, with both pros and cons, especially for something which crosses international boundaries and legal jurisdictions.

This blog is not part of the WikiLeakS.org project, and there really are no copies of leaked documents or files being mirrored here.

Email Contact

Please feel free to email us your views about this website or news about the issues it tries to comment on:

email: blog@WikiLeak[dot]org

Before you send an email to this address, remember that this blog is independent of the WikiLeakS.org project.

If you have confidential information that you want to share with us, please make use of our PGP public encryption key or an email account based overseas e.g. Hushmail

LeakDirectory.org

Now that the WikiLeakS.org project is defunct, so far as new whistleblower are concerned, what are the alternatives ?

The LeakDirectory.org wiki page lists links and anonymity analyses of some of the many post-wikileaks projects.

There are also links to better funded "official" whistlblowing crime or national security reporting tip off websites or mainstream media websites. These should, in theory, be even better at protecting the anonymity and security of their informants, than wikileaks, but that is not always so.

New whistleblower website operators or new potential whistleblowers should carefully evaluate the best techniques (or common mistakes) from around the world and make their personal risk assessments accordingly.

Hints and Tips for Whistleblowers and Political Dissidents

The WikiLeakS.org Submissions web page provides some methods for sending them leaked documents, with varying degrees of anonymity and security. Anybody planning to do this for real, should also read some of the other guides and advice to political activists and dissidents:

Please take the appropriate precautions if you are planning to blow the whistle on shadowy and powerful people in Government or commerce, and their dubious policies. The mainstream media and bloggers also need to take simple precautions to help preserve the anonymity of their sources e.g. see Spy Blog's Hints and Tips for Whistleblowers - or use this easier to remember link: http://ht4w.co.uk

BlogSafer - wiki with multilingual guides to anonymous blogging

Digital Security & Privacy for Human Rights Defenders manual, by Irish NGO Frontline Defenders.

Everyone’s Guide to By-Passing Internet Censorship for Citizens Worldwide (.pdf - 31 pages), by the Citizenlab at the University of Toronto.

Handbook for Bloggers and Cyber-Dissidents - March 2008 version - (2.2 Mb - 80 pages .pdf) by Reporters Without Borders

Reporters Guide to Covering the Beijing Olympics by Human Rights Watch.

A Practical Security Handbook for Activists and Campaigns (v 2.6) (.doc - 62 pages), by experienced UK direct action political activists

Anonymous Blogging with Wordpress & Tor - useful step by step guide with software configuration screenshots by Ethan Zuckerman at Global Voices Advocacy. (updated March 10th 2009 with the latest Tor / Vidalia bundle details)

WikiLeakS Links

The WikiLeakS.org Frequently Asked Questions (FAQ) page.

WikiLeakS Twitter feeds

The WikiLeakS.org website does not stay online all of the time, especially when there is a surge of traffic caused by mainstream media coverage of a particularly newsworthy leak.

Recently, they have been using their new Twitter feeds, to selectively publicise leaked documents to the media, and also to report on the status of routing or traffic congestion problems affecting the main website in Stockholm, Sweden.

N.B.the words "security" or "anonymity" and "Twitter" are mutually exclusive:

WikiLeakS.org Twitter feed via SSL encrypted session: https://twitter.com/wikileaks

WikiLeakS.org unencrypted Twitter feed http://twitter.com/wikileaks

Internet Censorship

OpenNet Initiative - researches and measures the extent of actual state level censorship of the internet. Features a blocked web URL checker and censorship map.

Temporary Autonomous Zone

Temporary Autonomous Zones (TAZ) by Hakim Bey (Peter Lambourn Wilson)

Cyberpunk author William Gibson

Campaign Button Links

Watching Them, Watching Us, UK Public CCTV Surveillance Regulation Campaign
UK Public CCTV Surveillance Regulation Campaign

NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card
NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card and National Identity Register centralised database.

Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.
Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.

FreeFarid_150.jpg
FreeFarid.com - Kafkaesque extradition of Farid Hilali under the European Arrest Warrant to Spain

Peaceful resistance to the curtailment of our rights to Free Assembly and Free Speech in the SOCPA Designated Area around Parliament Square and beyond

Parliament Protest blog - resistance to the Designated Area restricting peaceful demonstrations or lobbying in the vicinity of Parliament.

Petition to the European Commission and European Parliament against their vague Data Retention plans
Data Retention is No Solution Petition to the European Commission and European Parliament against their vague Data Retention plans.

Save Parliament: Legislative and Regulatory Reform Bill (and other issues)
Save Parliament - Legislative and Regulatory Reform Bill (and other issues)

Open_Rights_Group.png
Open Rights Group

The Big Opt Out Campaign - opt out of having your NHS Care Record medical records and personal details stored insecurely on a massive national centralised database.

Tor - the onion routing network
Tor - the onion routing network - "Tor aims to defend against traffic analysis, a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security. Communications are bounced around a distributed network of servers called onion routers, protecting you from websites that build profiles of your interests, local eavesdroppers that read your data or learn what sites you visit, and even the onion routers themselves."

Tor - the onion routing network
Anonymous Blogging with Wordpress and Tor - useful Guide published by Global Voices Advocacy with step by step software configuration screenshots (updated March 10th 2009).

irrepressible_banner_03.gif
Amnesty International's irrepressible.info campaign

anoniblog_150.png
BlogSafer - wiki with multilingual guides to anonymous blogging

ngoiab_150.png
NGO in a box - Security Edition privacy and security software tools

homeofficewatch_150.jpg
Home Office Watch blog, "a single repository of all the shambolic errors and mistakes made by the British Home Office compiled from Parliamentary Questions, news reports, and tip-offs by the Liberal Democrat Home Affairs team."

rsf_logo_150.gif
Reporters Without Borders - Reporters Sans Frontières - campaign for journalists 'and bloggers' freedom in repressive countries and war zones.

committee_to_protect_bloggers_150.gif
Committee to Protect Bloggers - "devoted to the protection of bloggers worldwide with a focus on highlighting the plight of bloggers threatened and imprisoned by their government."

wikileaks_logo_low.jpg
Wikileaks.org - the controversial "uncensorable, anonymous whistleblowing" website based currently in Sweden.

Syndicate this site (XML):

Recent Comments

  • James Hyams: I'm writing a thesis on Public Trust in WikiLeaks, the read more
  • rich kaplan: Hello Wikeleaks vrew. In Turkey , the islamist goverment just read more
  • wikileak: Cryptome have a few more extracts from this book http://cryptome.org/0003/ddb-book/ddb-book.htm read more
  • wikileak: OpenLeaks.org have now launched their website with some details of read more
  • wikileak: Bahnhof Internet seem to be hosting two Wikileaks servers in read more
  • teresa: I THANK THEY JUST TO SHUT HIM UP. THEY THINK read more
  • wikileak: Clay Shirky has posted a rough transcript of Daniel Domscheit-Berg's read more
  • wikileak: @ N - you can still see the "1.2 million read more
  • N: @wikileak - Exactly, these cables are _from_ the United States, read more
  • wikileak: Openleaks.org is now displaying this meassage: Coming soon! While we read more

December 2014

Sun Mon Tue Wed Thu Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31