Recently in Project milestones and future plans Category

Even though Julian Assange could very well be extradited from the UK to Sweden next week, to face non-wikleaks related sexual offences allegations

https://twitter.com/#!/JudiciaryUK/status/129846526171287552

Julian Assange appeal against extradition - the High Court will hand down judgment on Wednesday 2 November.

10:06 AM Oct 28th 2011

he has announced a new, re-engineered WikiLeakS.org submission system to be launched on November 28th 2011.

https://twitter.com/#!/wikileaks/status/128455207490293762

@wikileaks WikiLeaks
Assange: On November 28th WikiLeaks will launch new generation submissions system http://www.ustream.tv/recorded/18082417

1:58 PM Oct 24th 2011

http://www.ustream.tv/recorded/18082417

Julian Assange speaking at the Frontline international press club in London, on Tuesday 24th October 2011

Approx 1 hour 5 minutes near the end of the video clip:

The fallout from that was the we viewed that our submission system could not be trusted any more

So did everyone else with any clues about computer security and anonymity, including Daniel Domscheit-Berg and the "Architect", which is partly why they left in the first place.

As a result we have had to completely re-engineer, from scratch, a new generation submission system.

On November 28th, the one year anniversary of CableGate, we will

Now, wikileaks has never had only the one submission system. We've received information in a wide variety of means, just like intelligence agencies and professional, mainstream media organisations, receive their information from a wide variety of means.

It has been important to us, to always have a wide variety of means, so no one mean becomes the sole, the sole subject of infiltration or investigation.

However, for the last, for the last 12 months, for the last 12 months, you haven't been able to go through the front door to submit wikileaks sensitive, information

You've had to establish, contacts, with the organisation and transmit us the material through other mechanisms.

Is Assange claiming that people have actually been stupid enough to submit sensitive material to him in the last 12 months, through other means ?

Why has he not bothered to publish any of this new, "non-Bradley Manning" sourced stuff then ?

How exactly are these "other means" actually Anonymous or Secure ?

Remember that wikileaks stopped publishing a PGP Public Encryption Key years ago and their incompetence in using PGP as a means of symmetric encryption and then stupidly publishing their CableGate archive online around the world and the re-using the same pass phrase with Guardian journalist David Leigh, was an

Similarly, they stopped publishing a Tor Hidden Service even before they stopped accepting new submissions.

On November 28th, the one year anniversary of CableGate, we will launch our new generation submission system.

That includes, not just, a public interface, but also several other mechanisms that are necessary to deal with an attack on the entire internet security system, that has been established over the last few years, by intelligence agencies and criminal groups.

Right now, it is not possible to trust any https:// connection on the internet.

Utter rubbish !

Even wikileaks.org itself has, at various times, published a Self Signed Digital Certificate and has published the MD5 and SHA-1 cryptographic hash fingerprints, without relying on any built in web browser trust of Certificate Authorities.

It is not possible your banking system, it is not possible to trust any, regular, web based secure encryption system

What about banks which use SSL v3 Client Side Digital Certificates for mutual client / server authentication, without the need for any external Certificate Authority ?

That is because, intelligence agencies have infiltrated , a number of Certificate Authorities. Certificate Authorities are those authorities which
sign the cryptographic keys that are used for secure internet communication.

On November 28th, we will release our alternative to that system, which is independent of all Certificate Authorities

Is the something which Julian and his cult have created from scratch, or will they just steal / borrow the work of Moxie Marlinspike and SSLLabs etc. with Convergence ?

Remember that SSL / TLS encryption only provides Secrecy about most of the contents of an encrypted session, it does not provide any Anonymity, and, may in fact provide less anonymity than a non-SSL connection via a shared proxy server.

A question from the floor:

"I understand that you may be limited in what you can say, but how have you manage to get around the fact, that in your eyes, Certificate Authorities can't be trusted, with this particular submission system ?"

01:08:57

We will give full details here, on a conference, on November 28th

Full details ?? Don't hold your breath.

Will they publish the source code of their system, or even a detailed security architecture of what is is intend to actually do and protect against ?

On past performance, this is extremely unlikely.

I would like to say, that in that, this problem has been brewing over a number of years, and we were aware of it before, back in 2010, and we had a number of mechanisms to ameliorate that, ahh, thousands of robots that went out over the internet, to simulate being sources, to check to see, whether these "men-in-the-middle" or fabricated certificates existed.

So we had a number of different mechanisms to try to ameliorate that problem, but it is our view that the problem has now gone so severe, that even those attempts to ameliorate it, can no longer be trusted to the degree, that our sources expect us, to be able to solve the problem

More nonsense from the deliberately deceptive Julian Assange:

"thousands of robots" ??

At the time they claimed that this was to provide "cover traffic" to help to confuse Communications Traffic Analysis and thereby to improve the Anonymity of the submission system

This could not and would not have tested for any SSL "man-in-the-middle" attacks on the Security / Privacy of submissions.

Neither could it have detected compromised Certificate Authorities around the world, especially in places where the Government also controls international internet access.

Even if it was meant to do so, they obviously failed to detect a single example of such an attack aimed at wikileaks, or if they did, they must have covered it up.

Regardless of the technical merits of this new submission system, any whistleblower with really sensitive, life threatening information to publish, would have to be suicidal to trust Julian Assange and his WikiLeakS.org cult followers with it.

The Wired.com Danger Room preview article WikiLeaks Defector Slams Assange In Tell-All Book by Kim Zetter, about Daniel Domscheit-Berg's forthcoming book, seems to confirm many of the suspicions and speculations about the apparent internal rifts within the WikiLeakS.org project, which this blog has commented on over the years.

[...]

WikiLeaks founder Julian Assange lost control of his site's submission system in an internal revolt last fall, and has never regained it, according to a tell-all book penned by the organization's top defector, who accuses Assange of routinely exaggerating the security of the secret-spilling website and lying to the public about the size and strength of the organization.

Although WikiLeaks has claimed for months that its submission system is down due to a backlog of documents it has no time to process, Daniel Domscheit-Berg writes in Inside WikiLeaks that he and a top WikiLeaks programmer seized the submission system when they defected from the organization last September, along with documents in the system at the time.

[...]

Last August, in the wake of rape allegations against Assange as well as criticism that the site had mishandled the names of informants in Afghan documents the site published with media partners, Domscheit-Berg and two WikiLeaks programmers fed up with the way things were being run, staged a halfhearted mutiny. They disabled the WikiLeaks wiki and changed the passwords to the Twitter and e-mail accounts. In response, Assange shut down the whole system, causing the mutineers to cave in. But within weeks, Domscheit-Berg and one of the programmers had left WikiLeaks for good and taken the submission system with them.

They seized the system because they had doubts Assange would handle the documents securely, due to lack of care he had allegedly shown for submissions in the past.

"Children shouldn't play with guns," Domscheit-Berg writes. "That was our argument for removing the submission platform from Julian's control ... We will only return the material to Julian if and when he can prove that he can store the material securely and handle it carefully and responsibly."

The submission system had been recrafted by the programmer, whom Domscheit-Berg refers to only as "the Architect", after he became frustrated with the jerry-built infrastructure Assange, and perhaps others, had set up when Wikileaks launched in December 2006, according to the book. WikiLeaks had been running on a single server with sensitive backend components like the submission and e-mail archives connected to the public-facing Wiki page. The Architect separated the platforms and set up a number of servers in various countries.

In a statement Wednesday, WikiLeaks essentially confirmed Domscheit-Berg's version of why the site's submission system is missing. The organization said the system remains down months after Domscheit-Berg left because his "acts of sabotage" forced the organization to "overhaul the entire submission system" and the staff lacks time to do so.

The statement does not explain why Assange had previously claimed the submission system was down by design to stop an already huge backup of documents from growing even larger.

Domscheit-Berg writes that he and the Architect won't release the unpublished documents and will return them to WikiLeaks once Assange builds a secure system. Noting that the current site has no SSL support, Domscheit-Berg warns that anyone who visits the site to read submission instructions could be monitored.

"The current system has become a security risk for everyone involved," he writes.

Domscheit-Berg told Threat Level in an interview on Sunday that the hijacked leaks only include those submitted since the time the system came back online in July following an outage, and the time it went down permanently. Anything submitted before then, or via other methods, would still be in Assange's possession.

[...]


Domscheit-Berg began working with Assange after meeting him at a hacker conference in Germany in December 2007. Although WikiLeaks claimed to have hundreds of volunteers and an untold number of staffers, the organization consisted essentially of Assange and Domscheit-Berg, who pored through submissions, did little more than simple Google searches to verify documents and posed as non-existent staffers in e-mail and other correspondence to make WikiLeaks seem heftier than it was.

The two were later joined by "the Technician" in 2008 and "the Architect" in 2009, both of whom assumed responsibility for the technological infrastructure, while Assange and Domscheit-Berg handled content and media relations. That is, until internal fighting began in 2009. Initially, the fights were over Assange's lack of transparency in handling donated funds, but eventually encompassed everything from the security of sources and submissions, to Assange's lack of trust in Domscheit-Berg, and Assange's relations with women.

[...]

When journalists asked about problems with WikiLeaks' infrastructure, Domscheit-Berg would purposely confuse them with technobabble. He writes that it was amazing how often their obfuscation strategy worked. "To create the impression of unassailability to the outside world, you only had to make the context as complicated and confusing as possible," he writes. "It was the same principle used by terrorists and bureaucrats. The adversary can't attack as long as he has nothing to grab hold of." The truth was, he notes, their "technical infrastructure was a joke and irresponsible. If someone knew where the server was located they could have shut WL down permanently ... We were acting irresponsibly, playing a risky game with our sources' trust and our supporters' donations."

Until WikiLeaks began working with media partners in 2010, it did little vetting of submissions beyond simple Google searches to see if documents seemed legitimate. This proved to be a problem when someone identified in a Julius Baer document as having a secret Swiss bank account claimed he'd been misidentified. Domscheit-Berg says the source who gave them the documents had also "included some background information he had researched about the bank's clients." But the source had apparently confused a Swiss account holder with a German man who had a similar name. When the German threatened to sue for slander, Assange and Domscheit-Berg added a caveat to the document saying, "according to three independent sources" the information might be false or misleading. The three independent sources, however, didn't exist. Domscheit-Berg says they made them up.

[...]

Will WikiLeakS.org ever resume operations for new whistleblower leak submissions ?

So will OpenLeakS.org really be any better than the WikILeakS.org smoke and mirrors confidence trick which this article portrays ?

N.B. OpenLeakS.org currently appears to have lost its https://OpenLeakS.org capability, despite, quite wisely, publishing the Digital Certificate details on

http://openleaks.org/content/contact.shtml

The SSL certificate we use for this website has the following fingerprints:

* SHA-1: 2F:A8:72:54:8F:CB:06:F1:02:39:D2:8C:1F:6B:FF:0A:22:1F:EB:36
* SHA-256: 5B:DE:F3:19:70:E7:D7:68:41:AE:75:20:C2:20:CB:78:1D:DE:81:A7:FE:8D:7D:0F:64:BD:69:E6:3E:AC:FE:47

The serial of the certificate is 01:00:00:00:00:01:2C:F1:12:3A:99.

The original WikiLeakS.org website is still effectively shut down:

  • The wiki of previously leaked documents is still beeing censored / no longer published by WikiLeakS.org themselves.
  • No submissions of new documents through either ther SSL/TLS encrypted web form method or through the Tor Hidden Service. are being accepted.

Obviously the major journalistic scoops involving Iraq helicopter gunship video footage of innocent civilians being killed in Iraq and the hundreds of thousands of Afghan and Iraq war diary reports have required their own dedicated websites,, but effectively, the original WikiLeakS.org project has been abandoned.

e.g. the Submissions page:has been displaying this for over 2 months now:

[...]

NOTE: At the moment WikiLeaks is not accepting new submissions due to re-engineering improvements the site to make it both more secure and more user-friendly. Since we are not currently accepting submissions during the re-engineering, we have also temporarily closed our online chat support for how to make a submission. We anticipate reopening the electronic drop box and live chat support in the near future.

[...]

Our drop box is easy to use and provides military-grade encryption protection.
[...]

(currently closed for re-engineering security and useability improvements)

[...]

3.1 Submissions via secure upload

[...]

NOTE: At the moment WikiLeaks is not accepting new submissions due to re-engineering improvements the site to make it both more secure and more user-friendly. Since we are not currently accepting submissions during the re-engineering, we have also temporarily closed our online chat support for how to make a submission. We anticipate reopening the electronic drop box and live chat support in the near future.

[...]


WikIleakS.org seems to have moved on to hype and exploit the journalistic scoops provided to them by a single sourcee the low level US Army intelligence analyst Bradley Manning whose alleged activities have exposed what appears to be utter incompetence and lack of basic computer security within the vast US intelligence community empire.

Now the US Government seems to be briefing its allies, about the alleged imending release of low level diplomatic cables, also supposedly obtained by the vulnerable Bradley Manning, whose identity as a WikiLeakS.org source has been revealed by his own misplaced trust in a media attention seeking computer hacker Adrian lamo.

Is this "official briefing" and damage limitation exercise really based just on the innapproriate use of Twitter by WikiLeakS.org, to curtly and arrogantly announce that they are planning to release something bigger than before ?

http://twitter.com/wikileaks/status/6564225640042499

Next release is 7x the size of the Iraq War Logs. intense pressure over it for months. Keep us strong: http://is.gd/hzbIa

Mon Nov 22 04:26:48 +0000 2010

Or have the US and other intelligence agencies been monitoring the communications of mainstream media journalists and publications, who are the likely recipients of previews of the leaked material ?

For a publisher of a website, not to write even a parqagraph as a press release, but to rely on a few cryptic 140 charater Twiiter messages, smacks of the media hype, spin and manipulation which negates all of the early promises made to promote transparency and "truth" telling.

If the fortcoming hyped "diplomatic cables" leak really is even bigger than the previous Iraq and Afghan war ones, ones, then this will be easier for the the US and othe rGovernments to handle - several potentially damaging news stories all competing for headlines at the same time, will be far more easily forgotten by the fickle public and mainstream media, than a campaign of smaller releases every month or so.


Given the pressure and distraction of the sexual allegations being made against Julian Assange in Sweden, the lack of financial transparency and the internal political strife within the loose organisation, will this latest hyped up scoop of confidential diplomatic cables be WikiLeakS.org last campaign ?

Are any of the computer hackers and activists who lent support to the original WikiLeakS.org project willing to set up a better alternative to it, having learned from the mistakes and successes of the original scheme ?

WikiLeakS.org again has a Tor Hidden Service for encrypted anonymised uploads - http://suw74isz7wqzpmgu.onion/ over 7 months after the previous one was abandoned.

The Official Tor "Blog" , which does not accept any comments or feedback from the public, has this report of the Keynote Speech given on behalf of Julian Assange at the HOPE hackers' conference in New York, by Jacob Appelbaum.

The usual rumours abound that there were FBI or other US Government Agents waiting to arrest / "talk" to him at this conference, but why they would wait until then and not do so as he came through US Passport Control is never explained by the media.

There is also a very rare, very brief, status report about the WikiLeakS.org website infrastructure:

HOPE 2010 Talk / Current status

Hello,

Jacob Appelbaum is speaking today on behalf of the project at the HOPE2010 conference. He will cover past, present and future developments of the project. For further information please visit the conference website: http://www.thenexthope.org/.

Now some general NEWS.

The submission system is up and running again (yes also reachable via Tor for those that do not trust SSL). Some important changes that you should be aware of:

* we moved the location of the submission system to https://sunshinepress.org/

Without telling anybody and without establishing a link of trust between the two domain names (see our previous blog article)

* The tor submission path uses a new hidden service address located at http://suw74isz7wqzpmgu.onion/

Some good news at last !

Although slow, a Tor enabled session (download and install the software from https://www.torproject.org/easy-download.html.en) does End to End Encryption between your Web Browser and three randomly chosen Tor relay servers in the Tor anonymity cloud, almost certainly some or all of which will be in foreign countries.

The final 4th hop to the Tor Hidden Service is also encrypted.

More importantly Tor makes Communications Traffic Data Analysis very much harder , even for well resource opponents like Government intelligence agencies (who obviously also make use it themselves)

SSL for the other services like the websites will take some more time until it is available.

What is so difficult about purchasing and installing another Digital Certificate to replace the old one, before making other changes to the infrastructure ?

Those users that do not like to install a generic IRC client can use the webchat again which is located at https://chat.wikileaks.org/ and connects to our internal IRC server. We added some additional means of protection to the IRCd to prevent the leakage of users identities.

This IRC chat system is all very well for reporting errors on the website etc. but is is absolutely not suitable for preserving the anonymity of potential whistleblowers.

The archive is now back for some time and we are still working on it. The most visible changes so far are the support for torrents and magnet links for files referenced in the archive, a facelift of the design, content cleanup. Public edits are still disabled but will be enabled again. Public comments will be disabled until we have an appropriate solution in place. We removed some stuff to hide the identities of the users working on the wiki as well as protecting the identity of people visiting the site. For example external links always use a trampoline now to make sure that 3rd party sites do not know where you came from. Furthermore we deleted all accounts not used for a year as part of the cleaning process.

We have meant to comment on the "trampoline" before. Why did they waste their time with this feature ?

It just looks and feels like another creepy hidden visitor tracking system, even if it is not meant to be that.

If they had not disabled the SSL version of the website, then there would already have protection against sending HTTP_REFERER environment variables to the external web pages which are linked to in the WIkI. Similarly if people do not simply click on a link, but Open in a New Tab or New Window, especially in the Private Browsing modes of most modern web browsers, then this information is not sent anyway.

Generally the technical staff is pretty busy putting the resources you granted us to good use. We are still extending the network with new machines, but will provide a dedicated interface for this type of help soon (email just does work for this kind of task).

Should this read "email just does not work for this kind of task" ?

Please do not make it a Twitter interface !

We have switched the complete system to a new architecture.

What was wrong with the old one ? Did it not scale properly ?

Why not publish a high level description of this architecture, so that WikiLeakS.org can be advised on how not to make elementary mistakes, again.

Until they do so, their hopes for lots of local versions of WikiLeakS.org to spring up organically around the world in parallel, will be still born.

If you notice that something does not work as expected please drop into the chat and talk to the staff there.

WikiLeakS.org has a world wide audience.

Is there really someone lurking in the IRC chat room 24 / 7 ?

They will be able to either relay your message or get you in contact with someone who can look at the problem.


The WL teams want to thank everybody for their support and patience.


By WikiLeaks on July 17, 2010

We are glad that someone is trying to sort out the technological mess that the WikiILeakS.org project deteriorated into.

We can dream that they will publish some PGP keys....

There is also the whole question of anonymous Mobile Phone Communications. Many more people have access to these than to fast computers and internet connections.

Surely the WikiLeakS.org technical team should be creating or promoting mobile phone SMS text and MMS message anonymous submissions systems ?


Stefan Mey, a German student in Berlin, who publishes the Medien-Ökonomie-Blog writes:

I'd like to show you an interview with Julian Assange, the spokesperson of
Wikileaks, on my students' blog. On the Chaos Communication Congress in
Berlin, a hacker event, I had the chance to talk with him, about the economic and financial aspects of the website (at the moment it is shut down in order to generate money) and about the relationship of Wikileaks and mainstream media.

It was planned as a very small interview of only some minutes, about the
media economy of a non-commercial web project, but then we talked for nearly
an hour and he talked about some really new aspects of Wikileaks.

Leak-o-nomy: The Economy of Wikileaks

[...]

How big is the core team of WikiLeaks?

There is probably five people that do it 24 hours a day. And then it's 800 people who do it sometimes over a year. And in between there is a spectrum.

How do you and the other four guys who work full time without getting paid finance your flat and your bread?

I made money in the internet. So I have enough money to do that, but also not forever. And the other four guys, in the moment they are also able to self-finance.

[...]

So in the moment the labour costs are still hypothetical, but the big costs that you really have to pay bills for are servers, office, etc.?

The bandwidth side, the backing is costly as well when we get big spikes. Then there are registrations, bureaucracy, dealing with bank accounts and this sort of stuff. Because we are not in one location, it doesn't make sense for us to have headquarters. People have their own offices across the world.

What about cost for lawsuits?

We don't have to pay for our lawyer's time. Hundred of thousands or millions dollars worth of lawyer time are being donated. But we still have to pay things like photocopying and court filing. And so far we have never lost a case, there were no penalties or compensations to pay.

So all in all, can you give figures about how much money Wikileaks needs in one year?

Probably 200.000, that's with everyone paying themselves. But there are people who can't afford to continue being involved fulltime unless they are paid. For that I would say maybe it's 600.000 a year.

See our previous blog article WikiLeakS.org applies for $532,000 funding from the Knight Foundation - for "local news" whistleblower leaks ?

Now let's talk about your revenues, your only visible revenue stream is donations ...

Private donations. We refuse government and corporate donations. In the moment most of the money comes from the journalists, the lawyers or the technologists who are personally involved. Only about ten percent are from online donations. But that might increase.

At the bottom of the site is a list of your "steadfast supporters", media organisations and companies like AP, Los Angeles Times or The National Newspaper Association. What do they do for you?

They give their lawyers, not cash.

[...]

You need to motivate two groups of people, in order to make the site running, the whistleblowers and the journalists. What are the motivations for whistleblowers?

Usually they are incensed morally by something. Very rarely actually they want revenge or just to embarrass some organisation. So that's their incentive, to satisfy this feeling. Actually we would have no problem giving sources cash. We don't do that, but for me there is no reason why only the lawyers and the journalists should be compensated for their effort. Somebody is taking the risk to do something and this will end up benefiting the public.

But then the legal problem would become much bigger.

Yes, but we're not concerned about that. We could do these transfer payments to a jurisdiction like Belgium which says, that the authorities are not to use any means to determine the connection between the journalist and their source. And this would include the banking system.

Exactly how strong is this legal protection in Belgium, against the revelation of whistleblower sources through the tracking of financial payments, in practice ?

If they cite "national security" or "terrorism" or "serious organised crime" etc investigations, then the US and EU governments seem to be able to legally snoop on the >Society for Worldwide Interbank Financial Telecommunication (SWIFT) international banking money transfer system, which is also legally based in Belgium

On the other side you experiment with incentives for journalists. This sounds weird in the beginning. Why do you have to give them additional incentives so they use material you offer them for free?

It's not that easy. Information has value, generally in proportion to the supply of this information being restricted. Once everyone has the information, another copy of the information has no value.

"Information wants to be free" meets the fundamental economic law of supply and demand.

In Germany you made an exclusivity deal with two media companies, the Stern and Heise. Are you satisfied with these kind of deals?

We did this in other countries before. Generally we have been satisfied. The problem is it takes too much time to manage. To make a contract, and to determine who should have the exclusivity. Someone can say, oh, we will do a good story. We are going to maximize the political impact. And then they won't do it. How do we measure this?

According to this WikiLeak.org blog comment , seemingly by Julian Assange, they have not done so with The Guardian newspaper in the United Kingdom.

This raises the question about the cases,like The Guardian's reporting of the Trafigura / Carter-Ruck "secret super injunction", where our impression is that WikiLeakS.org appear to be getting their whistleblower leaks from mainstream media journalists themselves, either unofficially, or with the management turning a blind eye.

[...]

What happened?

This auction proved to be a logistical nightmare. Media organisations wanted access to the material before they went to auction. So we would get them to sign non-disclosure agreements, chop up the material and release just every second page or every second sentence.That was too distracting to all the normal work we were doing, so that we said, forget it, we can't do that. We just released the material as normal. And that's precisely what happened: No one wrote anything at all about those 7.000 Emails. Even though 15 stories had appeared about the fact that we were holding the auction.

It sounds as if nobody trusts anyone else in this media auction.

Perhaps the University of Cambridge's cryptographic protocol thought experiment by Frank Stajano and Ross Anderson, the Cocaine Auction Protocol (.pdf) , might help ?

The experiment failed.

The experiment didn't fail, the experiment taught us about what the burdens were. We would actually need a team of five or six people whose job was just to arrange these auctions.

You plan to continue the auction idea in the future ...

We plan to continue it, but we know it will take more resources. But if we pursue that we will not do that for single documents. Instead we will do a subscription. This would be much simpler. We would only have the overhead of doing the auction stuff every three months or six months, not for every document.

So the exclusivity of the story will run out after three months?

No, there will be exclusivity in terms of different time windows in access to the material. As an example: there will be an auction for North America. And you will be ranked in the auction. The media organisation who bids most in the auction, would get access to it first, the one who bids second will get access to it second and so on. Media organisations would have a subscription to Wikileaks.

We would be interested to hear from media lawyers about whether or not mainstream media organisations really are in a legal position to sign exclusivity subscription deals with WikiLeakS.org.


The annual congress held by the German Chaos Computer Club, between Christmas and the New Year, yet again provided WikiLeakS.org with a chance to communicate some of their activities, in front of an enthusiastic, highly information technology literate audience.

Video of the presentation, in several online formats is now available online:

26C3: Here Be Dragons video recordings

Daniel Schmitt and Julian Assange gave an update of some recent WikiLeakS.org activities:

3567 WikiLeaks Release 1.0 mp4 iProd mp3 ogg

Rather strangely, they claimed that they know of no other working whistleblower service , and so seem to be planning to extend to Corporate and Government whistleblowers, their Knight foundation funding application idea of letting local newspaper wbesites use a bit of web server code to provide a secure whistleblowing channel via the WikiLeakS.org infrastructure.

Given the various whistleblower hotline and other services which exist, mostly in response to the Sabarnes-Oxley Act legal requirement (with a criminal penalty of up to 10years in prison) to protect whistleblowers, at least for United States regulated financial industry companies etc., this claim seems a bit elitist.

Do they totally dismiss the work done by, for example,

http://whistleblowers.org

The Government Accountability Project (GAP) is a 30-year-old nonprofit public interest group that promotes government and corporate accountability by advancing occupational free speech, defending whistleblowers, and empowering citizen activists. We pursue this mission through our Nuclear Safety, International Reform, Corporate Accountability, Food & Drug Safety, and Federal Employee/National Security programs. GAP is the nation's leading whistleblower protection organization.

Again, as with our criticism of the Knight Foundation local media funding application, we are not sure how offering such a website plugin would prevent the people who very publicly offer it , from being targeted by lawyers or government agencies in their local jurisdictions, who tend to use legalistic wording like "publishes or causes to be published", even if they are effectively powerless over WikiLeakS.org itself.

However, the most interesting part of the WikiLeakS.org talk, was their report on the their trip to Iceland in November.

Julian and Daniel managed to get themselves onto the Icelandic political mainstream media, to talk about the WikiLeakS.org project, because, at the end of August 2009, WikiLeakS.org published the loan book of the failed Kaupthing Bank.

The whistleblower leak allowed the Icelandic public to see where the missing billions were initially siphoned off to, immediately prior to this bank's collapse.The failure of this bank, helped to destroy the current Icelandic economy, and precipitated hitherto unheard of riots in the streets of Reykjavik, and a change in government.

Iceland is trying to restructure its debt laden economy, to take advantage of its almost limitless cheap electricity from green hydro electric and geo-thermal sources, and its small but highly computer literate population of about 300,000 people, and its mid -Atlantic time zone location, by hosting some large computer and internet hosting data centres.

The WikiLeakS.org team suggested that Icelandic legislators should take this opportunity to pass the best free speech, whistleblower protection, personal privacy, data protection, copyright and libel laws etc., modeled on best practice around the world, to allow Iceland to become a Publication Data Haven.

This idea seems to have impressed some Icelandic legislators, who seem to be preparing some legislation for consideration by the end of this month January 2010 (another advantage of a small state).

Daniel and Julian are rightly sceptical that such plans might succeed , if the Icelandic politicians wait until after Iceland attempts to join the European Union, as there are a lot of vested interests, lobbyists and bureaucrats who would oppose such laws.

The incompetent UK Labour Government, which failed to regulate UK banks and financial institutions, and which precipitated the Icelandic banking collapse , by seizing Icelandic financial assets, in the most insulting way possible, by abusing anti-terrorism money laundering legislation, (see Icelanders are NOT terrorists!) together with the governments of the Netherlands and Denmark etc,, are using the carrot of European Union membership, to pressure / blackmail the Icelanders into promising to pay the debts of this and other failed Icelandic banks, to the often greedy or incompetent investors from those countries, who should have been aware of the commercial risks associated with the "too good to be true" high interest rates being offered. The Government / Bank failures in the UK or the Netherlands etc. were much larger than the Icelandic ones, but did not affect all of their financial sector in the same way.

Also of interest to WikilLeakS.org whistleblowers and journalists etc.is the presentation by Roger Dingledine.showing how the Tor anonymity cloud helped in last year's increases in censorship of the internet by the control freaks currently in power in Iran and China etc.

3567 Tor and censorship: lessons learned mp4 iProd mp3 ogg

Roger appealed to his audience of Tor users, to please set up some more voluntary Tor Bridge Relays, which do not appear in the main, easily censored or blocked, public Tor Directory.

Note also Roger's hint about the current uncensorability of IPv6 connections.

25C3 video: Wikileaks vs. the World

|

The 25th annual Chaos Computer Congress, was held in Berlin between Christmas and New Year 2008, and featured a session about the WikiLeakS.org project.

An mp4 video (needs Quicktime or similar player) is now available in English, of the session entitled Wikileaks vs. the World (.mp4) with Julian Assange, investigative editor, and Daniel Achberger (spelling ?), writer and analyst:

Julian_and_Daniel_25C3.jpg

Julian and Daniel appealed for the critical involvement of this technically adept audience,of computer experts and "hackers", to help with the aims of the WikiLeakS.org project.

Daniel claimed that there was no bias in the WikiLeakS.org project, but that is something which many people, ourselves included, would dispute.

Julian mentioned a few of the project's successes, and some of the legal threats against it.

Thet raised a laugh from the audience when they revealed that the email sent from the Bundesnachrichtendienst (BND), the German Federal Foreign Intelligence Service, asking for documents to be censored, and threatening legal action, was originally sent to the wikileaks@jabber.se email address, which is to do with instant messaging chats, but which,for some reason still, is the only email address on the WikiLeakS.org contact page, which can be cut and pasted, as all of the others are displayed as graphical images, to annoy email spambots.

That does not reflect well on the internet analytical skills and competence of the BND.

Julian repeated his controversial dismissal of blogs, that their authors never generate any original content or do any original research (a false generalisation) and highlighted the decline in the number of international media organisations and in the number of full time, paid investigative newspaper journalists. In the USA, apparently, there are now as few as 40 of them, 10 on the staff of the New York Times.

Julian also made the important point about how easily centralised online newspaper archives can and are being censored, usually by threats of expensive legal action (often using the United Kingdom's appalling "libel tourism" laws) . He also mentioned their habit of not drawing attention to the fact that an article, which has already been published and printed, has now been removed. and has not only ceased to exist, but appears never to have existed - a truly Orwellian re-writing of history aspect of modern censorship.

Daniel hinted at some future technical develops with the WikiLeakS.org project, possibly including the bundling of a WikilLeakS.org generated SSL/ Digital Certificate (since they do not trust commercial certificate authorities) with WikiLeakS.org customised Tor / browser software bundles and (linux) Live CDs etc.

He also hinted at some sort of "intelligent routing" of documents and website content, to cope with legal problems in different countries. This is something which sounds remarkably like selective self censorship by WikilLeakS.org itself.

Apparently not enough people know about, and use things like the hard to censor Tor Hidden Services or Freenet, to publish enough interesting things things which can be picked up by the media. Perhaps the mainstream media simply does not understand what a .onion URL is, or are too impatient with the inevitable slow download speed.

This video presentation gives an interesting glimpse about the WikiLeakS.org project and its future plans, which is not obvious from the website itself.

WikiLeaskS.org has issued a request for feedback to their press release list:

Sunshine Press seeks your advice.

Over the last year, Wikileaks has catalyzed thousands of investigative reports in the mainstream press, over 60,000 blog posts and millions of web pages. We have changed national electoral outcomes and political platforms, exposed hundreds of assassinations, arms sales, many significant human rights abuses and billions of dollars worth of corruption. And we have "uncensored" numerous books and newspaper articles from around the world, taking on the legal risks that others would not, or could not.

We have never lost a source, never lost a case and have never been successfully censored.

More through luck, than by design.

It is too early to tell if some of the leaked document analyst / commentator or WikiLeakS.org readers anonymity has been betrayed or not.

Yet the project is still in its infancy and has yet to officially launch. We hit the ground running because we knew that the only way to understand how to approach our difficult goal, was to try. We now know our scale of operations must be increased thousands of
times before we can keep up with whistleblowers and world-wide censorship of other publications. And we know the fourth estate, and the "4.0" estate can not keep up with us already due their own limitations, which we are, in part, tasked to reform.

We have radical ideas on what kind of economic, technical and organizational structures might be needed.We've learned a lot. And we want to change a lot.

But before we tell you our ideas in detail, we want you to tell us your ideas.


Tell us what we're doing right, what we're doing wrong, and how we can improve.

Tell us your most radical ideas for our vision of justice and how they might be economically, politically, legally, technically and socially sustained.

From an offshore escrow center which economically sustains hundreds of "public policy paparazzi", to a series of investigative books called "Ban this Book", to extending the Wikileaks submission process to every newspaper in the world, to forming a private intelligence agency to subsidise investigative journalism, to betting markets on disclosed
documents, to moving our servers to satellite linked ocean going boats to storing classified embargoed documents in interplanetary radio bounces, to fomenting a quasi-religious movement of door-to-door source acquisition teams, to a substantial deployment of servers inside the Chinese censorwall, to exporting New York's new anti-"libel tourism" laws to the world via jurisdictional tricks, give us your most radical ideas and alliances.

  1. Would it really be too difficult to run the existing infrastructure properly, before launching any "radical ideas" ?
  2. Where is the high level public overview of the WikiLeakS.org security and anonymity systems architecture ? How do we know that either WikiLeakS.org own systems enhancements, or any "radical new ideas" are not simply re-inventing the wheel ?
  3. What is so difficult about publishing a new PGP Public Encryption Key or two , and using them for both the Digital Signature of official WikiLeakS.org press releases, and for postal encryption of files on removable media and for encrypting email file attachments ?
  4. How about a WikiLeakS.org system status page and RSS / XML syndication feed, Tor Hidden Service, Twitter, BitTorrent, email etc. (with Digitally Signed status reports) , which can reassure people when WikiLeakS.org is only suffering a temporary capacity problem, rather than having been censored ? This would need to be run from a completely different webserver from those of the the main systems.


What exactly are the people in control of WikiLeakS.org up to ?

Their "anonymous uncensorable whistleblower" allegedly "easy to use" website project has been quiet recently, after showing a Wiki front end, and hinting at some still secret secure backend infrastructure, which is, ironically, meant to be based on Open Source software.

We were expecting that the next stage of development might be, for example, the copying of a section of the public Wikpedia content, to demonstrate some secure, anonymous Editing and Discussion tools. WikiLeakS.org should allow and encourage users to anonymously register as page editors and to use tools like Tor The Onion Router, which is specifically and controversially blocked by Wikipedia.

We look forward to seeing what the WikiLeaks.org solution is to Wiki edit wars and spam.

We cannot yet trust a system for which, rather like the UK Government's control freak national centralised biometric database and ID Card system, there is still no published detailed security architecture, let alone any Open Source computer source code.

WikiLeakS.org have successfully generated a lot of hype and interest from the world's media regarding their leak of an alleged Kroll Associates report circa 2004 into the corruption of the then Kenyan government ruling clan and its hangers on:

WikiLeakS.org article:
The looting of Kenya under President Moi

which links to

KTM report.pdf - intermediate download page with information about file size etc. N.B. this naming convention is confusing - there is no "dot" between "KTM" and "report.pdf"

This then links to the actual 3.7 Megabyte Adobe .pdf format file (110 pages)

https://secure.wikileaks.org/leak/KTM_report.pdf

All well and good, and the document itself, looks plausible.

Even if you are not that specifically interested in Kenyan politics, it seems to provides a list of banks, lawyers and financial front men etc. who may be involved with other corrupt governments e.g. Zimbabwe

However, this document was not presented as another stage in the testing of the prototype WikiLeakS.org anonymous, uncensorable back end infrastructure. Instead it was hyped out to the world's media via an embargoed Press Release, the classic technique of the old symbiotic and parasitic relationship between the Mainstream Media and Anonymous Government Sources i.e. it looks just like some successful Public Relations Media Spin.

At last there is now a tantalising glimpse that there is actually some work in progress on the software prototype of the WikiLeakS.org anonymous publishing project.

N.B. this is not a substitute for publishing a full technical specification for open source peer review of what they are attempting to do.

See the original screen capture: wikileaks.org/screen-june-2007.png

Note the use of SSL / TLS encrypted web pages, currently at https://mail.wikileak.org, with a Digital Certificate issued by Equifax, residing apparently, on a FreeBSD server in Germany.

WL_June_300.jpg

We have zoomed in on various parts of the bloated screenshot, which tries to cram in too much information, at too high a screen resolution - click on the images for larger versions:

About this blog

This blog here at WikiLeak.org (no "S") discusses the ethical and technical issues raised by the WikiLeakS.org project, which is trying to be a resource for whistleblower leaks, by providing "untraceable mass document leaking and analysis".

These are bold and controversial aims and claims, with both pros and cons, especially for something which crosses international boundaries and legal jurisdictions.

This blog is not part of the WikiLeakS.org project, and there really are no copies of leaked documents or files being mirrored here.

Email Contact

Please feel free to email us your views about this website or news about the issues it tries to comment on:

email: blog@WikiLeak[dot]org

Before you send an email to this address, remember that this blog is independent of the WikiLeakS.org project.

If you have confidential information that you want to share with us, please make use of our PGP public encryption key or an email account based overseas e.g. Hushmail

LeakDirectory.org

Now that the WikiLeakS.org project is defunct, so far as new whistleblower are concerned, what are the alternatives ?

The LeakDirectory.org wiki page lists links and anonymity analyses of some of the many post-wikileaks projects.

There are also links to better funded "official" whistlblowing crime or national security reporting tip off websites or mainstream media websites. These should, in theory, be even better at protecting the anonymity and security of their informants, than wikileaks, but that is not always so.

New whistleblower website operators or new potential whistleblowers should carefully evaluate the best techniques (or common mistakes) from around the world and make their personal risk assessments accordingly.

Hints and Tips for Whistleblowers and Political Dissidents

The WikiLeakS.org Submissions web page provides some methods for sending them leaked documents, with varying degrees of anonymity and security. Anybody planning to do this for real, should also read some of the other guides and advice to political activists and dissidents:

Please take the appropriate precautions if you are planning to blow the whistle on shadowy and powerful people in Government or commerce, and their dubious policies. The mainstream media and bloggers also need to take simple precautions to help preserve the anonymity of their sources e.g. see Spy Blog's Hints and Tips for Whistleblowers - or use this easier to remember link: http://ht4w.co.uk

BlogSafer - wiki with multilingual guides to anonymous blogging

Digital Security & Privacy for Human Rights Defenders manual, by Irish NGO Frontline Defenders.

Everyone’s Guide to By-Passing Internet Censorship for Citizens Worldwide (.pdf - 31 pages), by the Citizenlab at the University of Toronto.

Handbook for Bloggers and Cyber-Dissidents - March 2008 version - (2.2 Mb - 80 pages .pdf) by Reporters Without Borders

Reporters Guide to Covering the Beijing Olympics by Human Rights Watch.

A Practical Security Handbook for Activists and Campaigns (v 2.6) (.doc - 62 pages), by experienced UK direct action political activists

Anonymous Blogging with Wordpress & Tor - useful step by step guide with software configuration screenshots by Ethan Zuckerman at Global Voices Advocacy. (updated March 10th 2009 with the latest Tor / Vidalia bundle details)

WikiLeakS Links

The WikiLeakS.org Frequently Asked Questions (FAQ) page.

WikiLeakS Twitter feeds

The WikiLeakS.org website does not stay online all of the time, especially when there is a surge of traffic caused by mainstream media coverage of a particularly newsworthy leak.

Recently, they have been using their new Twitter feeds, to selectively publicise leaked documents to the media, and also to report on the status of routing or traffic congestion problems affecting the main website in Stockholm, Sweden.

N.B.the words "security" or "anonymity" and "Twitter" are mutually exclusive:

WikiLeakS.org Twitter feed via SSL encrypted session: https://twitter.com/wikileaks

WikiLeakS.org unencrypted Twitter feed http://twitter.com/wikileaks

Internet Censorship

OpenNet Initiative - researches and measures the extent of actual state level censorship of the internet. Features a blocked web URL checker and censorship map.

Temporary Autonomous Zone

Temporary Autonomous Zones (TAZ) by Hakim Bey (Peter Lambourn Wilson)

Cyberpunk author William Gibson

Campaign Button Links

Watching Them, Watching Us, UK Public CCTV Surveillance Regulation Campaign
UK Public CCTV Surveillance Regulation Campaign

NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card
NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card and National Identity Register centralised database.

Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.
Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.

FreeFarid_150.jpg
FreeFarid.com - Kafkaesque extradition of Farid Hilali under the European Arrest Warrant to Spain

Peaceful resistance to the curtailment of our rights to Free Assembly and Free Speech in the SOCPA Designated Area around Parliament Square and beyond

Parliament Protest blog - resistance to the Designated Area restricting peaceful demonstrations or lobbying in the vicinity of Parliament.

Petition to the European Commission and European Parliament against their vague Data Retention plans
Data Retention is No Solution Petition to the European Commission and European Parliament against their vague Data Retention plans.

Save Parliament: Legislative and Regulatory Reform Bill (and other issues)
Save Parliament - Legislative and Regulatory Reform Bill (and other issues)

Open_Rights_Group.png
Open Rights Group

The Big Opt Out Campaign - opt out of having your NHS Care Record medical records and personal details stored insecurely on a massive national centralised database.

Tor - the onion routing network
Tor - the onion routing network - "Tor aims to defend against traffic analysis, a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security. Communications are bounced around a distributed network of servers called onion routers, protecting you from websites that build profiles of your interests, local eavesdroppers that read your data or learn what sites you visit, and even the onion routers themselves."

Tor - the onion routing network
Anonymous Blogging with Wordpress and Tor - useful Guide published by Global Voices Advocacy with step by step software configuration screenshots (updated March 10th 2009).

irrepressible_banner_03.gif
Amnesty International's irrepressible.info campaign

anoniblog_150.png
BlogSafer - wiki with multilingual guides to anonymous blogging

ngoiab_150.png
NGO in a box - Security Edition privacy and security software tools

homeofficewatch_150.jpg
Home Office Watch blog, "a single repository of all the shambolic errors and mistakes made by the British Home Office compiled from Parliamentary Questions, news reports, and tip-offs by the Liberal Democrat Home Affairs team."

rsf_logo_150.gif
Reporters Without Borders - Reporters Sans Frontières - campaign for journalists 'and bloggers' freedom in repressive countries and war zones.

committee_to_protect_bloggers_150.gif
Committee to Protect Bloggers - "devoted to the protection of bloggers worldwide with a focus on highlighting the plight of bloggers threatened and imprisoned by their government."

wikileaks_logo_low.jpg
Wikileaks.org - the controversial "uncensorable, anonymous whistleblowing" website based currently in Sweden.

Syndicate this site (XML):

Recent Comments

  • James Hyams: I'm writing a thesis on Public Trust in WikiLeaks, the read more
  • rich kaplan: Hello Wikeleaks vrew. In Turkey , the islamist goverment just read more
  • wikileak: Cryptome have a few more extracts from this book http://cryptome.org/0003/ddb-book/ddb-book.htm read more
  • wikileak: OpenLeaks.org have now launched their website with some details of read more
  • wikileak: Bahnhof Internet seem to be hosting two Wikileaks servers in read more
  • teresa: I THANK THEY JUST TO SHUT HIM UP. THEY THINK read more
  • wikileak: Clay Shirky has posted a rough transcript of Daniel Domscheit-Berg's read more
  • wikileak: @ N - you can still see the "1.2 million read more
  • N: @wikileak - Exactly, these cables are _from_ the United States, read more
  • wikileak: Openleaks.org is now displaying this meassage: Coming soon! While we read more

December 2014

Sun Mon Tue Wed Thu Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31