Recently in Protecting Anonymous Whistleblowers Category

Back in December 2011:

So where exactly is the promised new WikiLeakS.org whistleblower leak submission system ? Nowhere to be seen

Now, via @a_greenberg at Wired:

WikiLeaks Finally Brings Back Its Submission System for Your Secrets

[...]

On Friday, the secret-spilling group announced that it has finally relaunched a beta version of its leak submission system,
a file-upload site that runs on the anonymity software Tor to allow uploaders to share documents and tips while protecting their
identity from any network eavesdropper, and even from WikiLeaks itself. The relaunch of that page--which in the past served as the
core of WikiLeaks' transparency mission--comes four and a half years after WikiLeaks' last submission system went down amid infighting between WikiLeaks' leaders and several of its disenchanted staffers.

[...]

The long hiatus of WikiLeaks' submission system began in October of 2010, as the site's administrators wrestled with disgruntled staff members who had come to view Assange as too irresponsible to protect the group's sources.

After 5 years of broken promises, WikiLeakS have now re-launched something which is similar to the more widely deployed open source @SecureDrop or @GlobaLealeaks platforms which several media organisations and couple of individual journalists offer, as one of the channels to contact
them securely, with or without actual leak documents.

N.B. you have to hunt for the "Submit" button link in a drop down menu on the WikiLeakS.org home page

This WikiLeakS system also relies on Tor, something which their previous efforts only used sporadically and inconsistently.

The Tor Hidden Service .onion address (which only works if you are using a Tor enabled web browser) is:

http://wlupld3ptjvsgwqw.onion

wlsubpage.png

The optional Questions on the submission form, imply that publication of the leaked data or documents can be delayed e.g. until after the
whistleblower has left their current employer, but there are no guarantees as to if, or when a document will ever be published by wikiLeakS.org.

The neglect of small scale, limited audience leaks, in favour of meglomaniacal mega leaks, is what led in part, to the revolt of so many of the early WikiLeakS volunteers against the dictatorial and cultish Julian Assange 5 years ago.

Until WikiLeakS explain in detail what happens next to a leaked document, once it has been uploaded, and exactly who has access to it, or to any
correspondence with the whistleblower, nobody, especially not "national security" whistleblowers should use this system.

Who owns the leaked documents & what is the redaction policy?

Given the previous attempts by Assange & WikiLeakS to claim exclusive ownership and copyright of, essentially, other people's stolen information,
the fact that there is no policy statement about the ownership of leaked material, is telling.

Do whistleblowers automatically hand over all rights and control over the release and any censorship or redaction of innocent 3rd parties personal details which may be in the leaked documents to Assange or to WikiLeakS ?

8192 bit GPG Key

Over 7 years after letting their first public GPG key 0x11015f8 expire without replacement,nging that there were some fake keys on (insecure) public keyservers, and whinging that some people were using PGP/GPG insecurely
(without any detailed guidance from the supposed experts at WikiLeakS.org themselves), they have now published a new 8192 bit GPG Public encryption Key:

https://wikileaks.org/index.en.html#submit_wlkey

pub   8192R/92318DBA 2015-04-10 [expires: 2016-04-09]
uid                  WikiLeaks Editorial Office High Security Communication Key (You can contact WikiLeaks at http://wlchatc3pjwpli5r.onion and https://wikileaks.org/talk) 
sub   8192R/D6DFD684 2015-04-10 [expires: 2016-04-09]

Fingerprint: A04C 5E09 ED02 B328 03EB 6116 93ED 732E 9231 8DB

They have not explained why they have chosen to publish a non-standard 8192 bit key.

The normal user interfaces to GPG software defaults to 2048 bits or a maximum of 4096 bits).

It is possible to create 8192 bit keys (or longer) using GPG command line batch mode options.

There is no cryptographic reason to use 8192 bit key - it is not in practice any stronger than an already unbreakable 2048 or 4096 bit key.

So few people have or use 8192 bit keys, that its use makes it a characteristic marker, likely providing circumstantial evidence linking, on the balance of probabilities, any seized or stolen encrypted documents on a whistleblower's computer or USB media to WikiLeakS, regardless of the use of "throw-keyids" or the fact that the encrypted file cannot be de-crypted by the authorities or thieves.

There is no advice on the WikiLeakS.org website about how whistleblowers should use the GPG software properly, on different plaformse.g.
password lengths, extra hash protection of their private keys in the keyring, physical protection of the keyring, the use of throw-keyids etc. etc.,

Link to our copy of this Public Key

Chat system

Unlike SecureDrop, there is no leak submission contact messaging channel within the submission system workflow

WikiLeakS have added a .onion Tor Hidden Service to their existing web chat system

http://wlchatc3pjwpli5r.onion and https://wikileaks.org/talk

N.B. the customised / branded first few digits of the chat system's Tor Hidden Service (presumably done using a GPU based hash generator like Scallion
which they did not bother with for the leaked document submission system.

They also publish a non-Tor Hidden Service url for this chat system, so it may be ok for general chat with WikiLeakS staff or volunteers,
but any "national security" whistleblower should steer clear of it, even via Tor as the chat servers can be tracked down (for potential seizure or man in the middle attacks) via the non-Tor users

Using any form of real time communications either encrypted chat or phone calls is too risky between genuine "national security" whistleblowers and a heavilly surveilled target like WikiLeakS.org
- there is no scope for "plausible deniability" or an alibi, unlike with e.g. programmatic ally time delayed sending of encrypted emails or other online publications

Arrogance & Obscurity

Julian Assange is still claiming that

https://wikileaks.org/Some-notes-on-the-new-WikiLeaks.html

Other submission technologies inspired by WikiLeaks, such as the European-based GlobaLeaks and the US-based Secure Drop, while both excellent in many ways, are not suited to WikiLeaks'
sourcing in its national security and large archive publishing specialities. The full-spectrum attack surface of WikiLeaks' submission system is significantly lower than other systems and is optimised for our secure deployment and development environment. Our encrypted chat system is integrated into this process because sources often need custom solutions.

No ! The "full-spectrum attack surface" of WikiLeakS's system is no better than that of any other Tor Hidden Service.

Potential whistleblowers have no way of judging whether WikiLeakS' secret internal computer and human systems are
any better or worse than those of SecureDrop or GlobaLeaks or other submission systems.

The next paragraph shows that Assange et al are still creating solutions to straw man problems, whilst ignoring the real risks to potential whistleblowers

For example, one of the problems with public-facing submission systems is bootstrapping. The fact that a source is looking at instructions that are telling them how to submit material could be used as evidence against them if there is an SSL key break. To prevent this, we deploy the full bootstrap instructions and keys on millions of WikiLeaks pages across our full server network. When the "Submit" button is pressed, there is literally zero network traffic as a result, because all these details are downloaded everytime anyone looks at nearly any page on WikiLeaks. We cover the source bootstrap process with our millions of page views by readers.

These "millions of web pages" are a red herring and do nothing to obscure the traffic generated by the whistleblower, especially when they choose to hit the Submit button.

The time, date and the number of bytes of data which the whistleblower uploads to WikiLeaks is still observable, regardless of the fact that it is encrypted.

If anyone on a government or military network visits any part of the WikiLeakS.org website from work, that is likely to be flagged as suspicious behaviour regardless of how innocuous the content of a web page may be.

Their submission system provides no tools and not even any advice or instructions on splitting up or combining or padding out documents
so as to hide their potentially characteristic size from ISP or state state communications data traffic analysis.


https://wikileaks.org/index.en.html#submit_help_tips

3. Do not talk about your submission to others

If you have any issues talk to WikiLeaks. We are the global experts in source protection - it is a complex field. Even those who mean well often do not have the experience or expertise to advise properly.

This includes other media organisations

The claim that "We are the global experts in source protection", is, of course, exaggerated.

WikiLeakS.org has not proved to be any better at avoiding infiltration and surveillance than other media organisations or activist groups or intelligence agencies .

Given how the main WikiLeakS source Bradley now Chelsea Manning (now serving 35 years in prison) was not handled properly as a source by Assange (publication seems to have been more important to him than the welfare of Manning) it seems unlikely that WikiLeakS will ever again be handed large scale leaks or any "national security" leaks via this submission system.

It is very telling that despite the help that Sarah Harrison later gave to Edward Snowden between Hong Kong and Moscow, he did not trust WikiLeakS or Julian Assange with his revelations.

Assange is still in self exile in the Ecuadorian Embassy in London, trying to evade extradition to Sweden on alleged sex offences.

As such, given the millions of pounds UK taxpayers' money & the Metropolitan Police Service overtime being wasted on him he is likely a very high profile target for GCHQ and other signals and human intelligence agencies.

If, as we suspect, he is still heavily involved in the WikiLeakS editorial process, he himself is probably the greatest risk to the anonymity and safety of any "national security" whistleblowers stupid enough to contact WikiLeakS.org


Even though Julian Assange could very well be extradited from the UK to Sweden next week, to face non-wikleaks related sexual offences allegations

https://twitter.com/#!/JudiciaryUK/status/129846526171287552

Julian Assange appeal against extradition - the High Court will hand down judgment on Wednesday 2 November.

10:06 AM Oct 28th 2011

he has announced a new, re-engineered WikiLeakS.org submission system to be launched on November 28th 2011.

https://twitter.com/#!/wikileaks/status/128455207490293762

@wikileaks WikiLeaks
Assange: On November 28th WikiLeaks will launch new generation submissions system http://www.ustream.tv/recorded/18082417

1:58 PM Oct 24th 2011

http://www.ustream.tv/recorded/18082417

Julian Assange speaking at the Frontline international press club in London, on Tuesday 24th October 2011

Approx 1 hour 5 minutes near the end of the video clip:

The fallout from that was the we viewed that our submission system could not be trusted any more

So did everyone else with any clues about computer security and anonymity, including Daniel Domscheit-Berg and the "Architect", which is partly why they left in the first place.

As a result we have had to completely re-engineer, from scratch, a new generation submission system.

On November 28th, the one year anniversary of CableGate, we will

Now, wikileaks has never had only the one submission system. We've received information in a wide variety of means, just like intelligence agencies and professional, mainstream media organisations, receive their information from a wide variety of means.

It has been important to us, to always have a wide variety of means, so no one mean becomes the sole, the sole subject of infiltration or investigation.

However, for the last, for the last 12 months, for the last 12 months, you haven't been able to go through the front door to submit wikileaks sensitive, information

You've had to establish, contacts, with the organisation and transmit us the material through other mechanisms.

Is Assange claiming that people have actually been stupid enough to submit sensitive material to him in the last 12 months, through other means ?

Why has he not bothered to publish any of this new, "non-Bradley Manning" sourced stuff then ?

How exactly are these "other means" actually Anonymous or Secure ?

Remember that wikileaks stopped publishing a PGP Public Encryption Key years ago and their incompetence in using PGP as a means of symmetric encryption and then stupidly publishing their CableGate archive online around the world and the re-using the same pass phrase with Guardian journalist David Leigh, was an

Similarly, they stopped publishing a Tor Hidden Service even before they stopped accepting new submissions.

On November 28th, the one year anniversary of CableGate, we will launch our new generation submission system.

That includes, not just, a public interface, but also several other mechanisms that are necessary to deal with an attack on the entire internet security system, that has been established over the last few years, by intelligence agencies and criminal groups.

Right now, it is not possible to trust any https:// connection on the internet.

Utter rubbish !

Even wikileaks.org itself has, at various times, published a Self Signed Digital Certificate and has published the MD5 and SHA-1 cryptographic hash fingerprints, without relying on any built in web browser trust of Certificate Authorities.

It is not possible your banking system, it is not possible to trust any, regular, web based secure encryption system

What about banks which use SSL v3 Client Side Digital Certificates for mutual client / server authentication, without the need for any external Certificate Authority ?

That is because, intelligence agencies have infiltrated , a number of Certificate Authorities. Certificate Authorities are those authorities which
sign the cryptographic keys that are used for secure internet communication.

On November 28th, we will release our alternative to that system, which is independent of all Certificate Authorities

Is the something which Julian and his cult have created from scratch, or will they just steal / borrow the work of Moxie Marlinspike and SSLLabs etc. with Convergence ?

Remember that SSL / TLS encryption only provides Secrecy about most of the contents of an encrypted session, it does not provide any Anonymity, and, may in fact provide less anonymity than a non-SSL connection via a shared proxy server.

A question from the floor:

"I understand that you may be limited in what you can say, but how have you manage to get around the fact, that in your eyes, Certificate Authorities can't be trusted, with this particular submission system ?"

01:08:57

We will give full details here, on a conference, on November 28th

Full details ?? Don't hold your breath.

Will they publish the source code of their system, or even a detailed security architecture of what is is intend to actually do and protect against ?

On past performance, this is extremely unlikely.

I would like to say, that in that, this problem has been brewing over a number of years, and we were aware of it before, back in 2010, and we had a number of mechanisms to ameliorate that, ahh, thousands of robots that went out over the internet, to simulate being sources, to check to see, whether these "men-in-the-middle" or fabricated certificates existed.

So we had a number of different mechanisms to try to ameliorate that problem, but it is our view that the problem has now gone so severe, that even those attempts to ameliorate it, can no longer be trusted to the degree, that our sources expect us, to be able to solve the problem

More nonsense from the deliberately deceptive Julian Assange:

"thousands of robots" ??

At the time they claimed that this was to provide "cover traffic" to help to confuse Communications Traffic Analysis and thereby to improve the Anonymity of the submission system

This could not and would not have tested for any SSL "man-in-the-middle" attacks on the Security / Privacy of submissions.

Neither could it have detected compromised Certificate Authorities around the world, especially in places where the Government also controls international internet access.

Even if it was meant to do so, they obviously failed to detect a single example of such an attack aimed at wikileaks, or if they did, they must have covered it up.

Regardless of the technical merits of this new submission system, any whistleblower with really sensitive, life threatening information to publish, would have to be suicidal to trust Julian Assange and his WikiLeakS.org cult followers with it.

Various German language online media are reporting that Daniel Domscheit-Berg has been expelled from the Chaos Communication Club after his presentation of the state of play of his OpenLeaks.org project at the 5 day Chaos Computer Camp at an ex-soviet airfield / military aircraft museum north of Berlin this week.

Chaos Computer Club schließt Domscheit-Berg aus

CCC feuert gegen OpenLeaks

This is only the second expulsion of a member in the 30 year history of the Chaos Computer Club - the previous one was, apparently some neo-nazi who had been abusing their infrastructure.

There is no mention of this bickering on either the official https://ccc.de or https://openleaks.org web pages, the participants have, instead decided to give interviews to the media, without bothering to inform their supporters directly (a couple of thousand of whom were gathered at the campsite).

leaks_taz_de_screenshot_450.jpg
(click for a larger screenshot image of https://leaks.taz.de in a new window)

https://leaks.taz.de

The test setup

From 12th to 14th of August 2011 this public platform is offered by German daily taz die tageszeitung, German weekly der Freitag, Portuguese weekly Expresso, Danish daily Dagbladet Information as well as the consumer protection organization Foodwatch; in cooperation with OpenLeaks. During this time you can upload documents, which will be worked on by the involved parties.

The goal of this setup is to invite you to do a security evaluation of the system during the Chaos Communication Camp 2011.

Surely nobody in the rest of the world, who is interested in the anonymity and security of whistleblowing website projects, ever considered that the temporary test server, set up in a in a tent on the outskirts of the main camp site infrastructure, was actually somehow being "officially" tested and "approved" by the CCC ?

Obviously, most of the people at the CC campsite were busy with the many other projects and causes, but some of the people with expertise and experience of whistleblowing website anonymity and security infrastructure, and relations with the mainstream media, were present and may have contributed to the discussions and the preview "testing".

As anybody who has attended these sort of hacker conventions should know, the mere act of putting up a webs server on the campsite network, will mean that it will be "stress tested" in a very hostile network environment, with lots of port scans and probes and attempts to hack into it and run denial of service attacks, but these would also happen if it was hosted at a major data centre.

But that should not be the only proper testing that the system gets before going live, a point on which here we agree with the CCC and which Daniel Domscheit-Berg also probably agrees with.

Endorsement by mainstream media brand names mentioned above provide far more public trust and credibility, whatever that is actually worth regarding a currently non-operational system, than any (non-existent) "CCC" branding or approval.

The CCC have never been known for having any kind of "approved by the CCC" branding or "approval" of computer or telecommunications projects and they are deluding themselves if they think they would ever be trusted internationally if they did so.

The CCC leaders' action (it is a properly registered legal entity with a board of directors, a constitution etc.) now gives the impression of siding with Julian Assange (who was never a member) against Daniel Domscheit-Berg.

As mentioned in his book, Daniel Domscheit-Berg and the other former WikiLeakS.org technical staff defector "the Architect", took away their own intellectual property and thereby disabled the "improved" WikileakS.org submission system

Julian Assange and his cult of supporters have never bothered to replicate even the shaky anonymity and security infrastructure which they were left with or re-launch a different, better, whistleblower leak submission and publication system, despite having plenty of volunteers and money to do so.

The president of the CCC Andy Müller-Maguhn, who some of us once elected to the board of the ICANN which regulates internet domain name registration and appeals procedures, seems to have been trying to mediate between Julian Assange and Daniel Domscheit-Berg for nearly a year over the return of this encrypted data to Julian Assange.

Since there is no evidence that the current WikiLeakS.org team is capable of handling the data securely (their current website does not even bother to use an SSL / TLS Digital certificate any more) they cannot be trusted any more than Daniel Domscheit-Berg can be.

The current OpenLeaks.org project may not yet have published its software as an Open Source project, which is what the purists at the CCC would like, but then neither has WikiLeakS.org nor any other whistleblower website.

Even if they did so, there is no guarantee that the specific computer and networking configuration settings and infrastructure used by a particular website are not actually counteracting any anonymity or security functions built in to the Open Source software.

All that the CCC board needed to do was to issue a press release making it clear that there was no official CCC endorsement of the OpenLeaks.org project.

The breakdown in mediation attempts the CCC may have tried between Julian Assange and Daniel Domscheit-Berg are not proper grounds for expelling the latter from the Club.

Some of the wrongdoers who have something to hide from public scrutiny and might therefore fear the OpenLeaks.org project, will be smiling to themselves at this display of disunity amongst the German section of the tiny minority of people around the world with the technical skills and attitude to make a difference.

Expelling Daniel Domscheit-Berg, without also criticising the current WikiLeakS.org cult, has damaged the reputation of the Chaos Computer Club internationally.

What about the Wau Holland Foundation and OpenLeaks.org ?

The registered charity the Wau Holland Foundation, which is controlled by CCC sympathisers, may not now be available the Openleaks.org project, as a channel for receiving financial donations from supporters, a service it currently performs for WikiLeakS.org.

If OpenLeaks.org gets some money from its media partners, this may not matter too much, but until there is a virtuous circle of whistleblower trust and actual mainstream media publication of leaks via OpenLeaks.org, they will always be short of money.

OpenLeaks.org may still be able to make use of PayPal etc., to receive financial donations from individuals, something which WikiLeakS.org no longer can do, as they have managed to annoy and get banned over the years, due to their lack of financial transparency and their perceived anti-American political bias.


WikiLeakS.org has a new IRC chat setup https://chat.wikileaks.org

[hat tip to IRC user "Odin" for spotting a typo in a previous reference to the old IRC system]

The new WikiLeakS.org Chat Page still claims that this is

(also good for safe interviews with anonymous sources).

which is simply not true of IRC or any other "live" chat or messaging system which is likely to be subjected to Communications Traffic Data Analysis by intelligence or law enforcement agencies.

Unless the anonymous whistleblower or potential whistleblower, takes extra precautions, then all of these systems could easily betray his or her identity, regardless of the fact that the content of what they type has been strongly encrypted.

The new IRC chat URL is now

https://chat.wikileaks.org/

or

ircs://chat.wikileaks.org:9999/wikileaks

Instead of the old self-signed Digital Certificate, which they used from January 2010 on httpps://secure.wikileaks.org:9999, they have now installed one from the same commercial Certificate Authority (GlobalSign nv-sa ) which is used for the htps://sunshinepress.org Wikileaks Upload web form

chat_wikileaks_org_dc.jpg

To be consistent and to help too establish trust in this Digital Certificate in case of Man--in-the-Middle attacks, WikiLeakS.org should really publish the cryptographic hash fingerprints
for this certificate, as they have done with the httpps://sunshinepess.org web pages

N.B. they should also have published the hash fingerprints on an actual WikiLeakS.org web page, since very few people will have heard of sunshinepress.org.and some of them will, correctly, be suspicious of it.

Since WikIleakS.org have not yet done so, here are the hash fingerprints for the benefit of web search engines queries:

https://chat.wikileaks.org
Serial Number: 1000000000129DC536192
SHA1: 8E:15:E9:2E:39:6F:F8:32:8B:49:A1:F3:E2:E3:14:AF:10:2A:B4:42
MD5: 43:EB:23:08:AF:E2:14:87:FC:DA:A3:43:F0:60:93:AD

IRC should not really be the primary method of contacting the WiiKiLeakS.org technical staff.

WikiLeakS.org again has a Tor Hidden Service for encrypted anonymised uploads - http://suw74isz7wqzpmgu.onion/ over 7 months after the previous one was abandoned.

The Official Tor "Blog" , which does not accept any comments or feedback from the public, has this report of the Keynote Speech given on behalf of Julian Assange at the HOPE hackers' conference in New York, by Jacob Appelbaum.

The usual rumours abound that there were FBI or other US Government Agents waiting to arrest / "talk" to him at this conference, but why they would wait until then and not do so as he came through US Passport Control is never explained by the media.

There is also a very rare, very brief, status report about the WikiLeakS.org website infrastructure:

HOPE 2010 Talk / Current status

Hello,

Jacob Appelbaum is speaking today on behalf of the project at the HOPE2010 conference. He will cover past, present and future developments of the project. For further information please visit the conference website: http://www.thenexthope.org/.

Now some general NEWS.

The submission system is up and running again (yes also reachable via Tor for those that do not trust SSL). Some important changes that you should be aware of:

* we moved the location of the submission system to https://sunshinepress.org/

Without telling anybody and without establishing a link of trust between the two domain names (see our previous blog article)

* The tor submission path uses a new hidden service address located at http://suw74isz7wqzpmgu.onion/

Some good news at last !

Although slow, a Tor enabled session (download and install the software from https://www.torproject.org/easy-download.html.en) does End to End Encryption between your Web Browser and three randomly chosen Tor relay servers in the Tor anonymity cloud, almost certainly some or all of which will be in foreign countries.

The final 4th hop to the Tor Hidden Service is also encrypted.

More importantly Tor makes Communications Traffic Data Analysis very much harder , even for well resource opponents like Government intelligence agencies (who obviously also make use it themselves)

SSL for the other services like the websites will take some more time until it is available.

What is so difficult about purchasing and installing another Digital Certificate to replace the old one, before making other changes to the infrastructure ?

Those users that do not like to install a generic IRC client can use the webchat again which is located at https://chat.wikileaks.org/ and connects to our internal IRC server. We added some additional means of protection to the IRCd to prevent the leakage of users identities.

This IRC chat system is all very well for reporting errors on the website etc. but is is absolutely not suitable for preserving the anonymity of potential whistleblowers.

The archive is now back for some time and we are still working on it. The most visible changes so far are the support for torrents and magnet links for files referenced in the archive, a facelift of the design, content cleanup. Public edits are still disabled but will be enabled again. Public comments will be disabled until we have an appropriate solution in place. We removed some stuff to hide the identities of the users working on the wiki as well as protecting the identity of people visiting the site. For example external links always use a trampoline now to make sure that 3rd party sites do not know where you came from. Furthermore we deleted all accounts not used for a year as part of the cleaning process.

We have meant to comment on the "trampoline" before. Why did they waste their time with this feature ?

It just looks and feels like another creepy hidden visitor tracking system, even if it is not meant to be that.

If they had not disabled the SSL version of the website, then there would already have protection against sending HTTP_REFERER environment variables to the external web pages which are linked to in the WIkI. Similarly if people do not simply click on a link, but Open in a New Tab or New Window, especially in the Private Browsing modes of most modern web browsers, then this information is not sent anyway.

Generally the technical staff is pretty busy putting the resources you granted us to good use. We are still extending the network with new machines, but will provide a dedicated interface for this type of help soon (email just does work for this kind of task).

Should this read "email just does not work for this kind of task" ?

Please do not make it a Twitter interface !

We have switched the complete system to a new architecture.

What was wrong with the old one ? Did it not scale properly ?

Why not publish a high level description of this architecture, so that WikiLeakS.org can be advised on how not to make elementary mistakes, again.

Until they do so, their hopes for lots of local versions of WikiLeakS.org to spring up organically around the world in parallel, will be still born.

If you notice that something does not work as expected please drop into the chat and talk to the staff there.

WikiLeakS.org has a world wide audience.

Is there really someone lurking in the IRC chat room 24 / 7 ?

They will be able to either relay your message or get you in contact with someone who can look at the problem.


The WL teams want to thank everybody for their support and patience.


By WikiLeaks on July 17, 2010

We are glad that someone is trying to sort out the technological mess that the WikiILeakS.org project deteriorated into.

We can dream that they will publish some PGP keys....

There is also the whole question of anonymous Mobile Phone Communications. Many more people have access to these than to fast computers and internet connections.

Surely the WikiLeakS.org technical team should be creating or promoting mobile phone SMS text and MMS message anonymous submissions systems ?


Perhaps as a result of the recent publicity in Wired magazine about their broken security technology promises and systems, which this blog has been commenting on for a while, WikiLeakS.org now appear to have brought back their SSL / TLS session encrypted web form, for "secure" Uploads of electronic documents to the website..

wl_upload_form_1.jpg

No announcement or explanation or apology

Typically this has been done without any explanation or apology, on the main web site or via the Wikileaks Twitter propaganda broadcasts or press release emails.

Neither has there been any announcement or discussion of this major development on the as yet unused new Official Wikileaks Blog:

This blog is to discuss technical or community issues related to WikiLeaks and Sunshine Press that do not have a natural fit on the main WikiLeaks pages.

Note that the word "blog", like the word "wiki", has been redefined in WikiLeakS.org's Orwellian newspeak - they really mean "another channel for propaganda broadcasts, which does not allow any feedback via comments from the public", the very opposite of their usual meanings.

As always with WikiLeakS.org, there is still no clear explanation of the advantages and disadvantages or actual risks to your anonymity of using this re-launched and modified document submission method, if you are a potential whistleblower.

Worryingly, there could also be hidden tracking of the IP addresses and other web browser details of each upload submission with this new Upload Form. (see below)

Still no SSL encryption for Downloads, as there used to be

There still does not appear to be any re-introduction of the SSL / TLS encrypted web session Download option on the couple of thousand whistleblower leaked document pages, as there used to be. The only options are still the unencrypted "File" and the bittorrent Peer to Peer options "Torrent | Magnet ", which are likely to be blocked in many places.

N.B. despite the hype, there has never been "over a million" documents published on WikiLeakS.org as various media reports have claimed,
a misconception which WikiLeakS.org have deliberately never corrected.

The new Wikileaks Upload form

The new web submission form links from the main WikiLeakS.org website, as before, but instead of going to https://secure.wikileaks.org the new web form is at

https://sunshinepress.org

A positive point is that they do publish the Digital Signature hashes which correspond to this
correspond to the new Digital Certificate:

Before submitting anything verify that the fingerprints of the SSL certificate match!
SHA256 85:C3:77:8E:7F:BC:96:42:CF:EE:03:B0:AC:4A:2A:26:15:18:CB:50:41:EC:7A:2A:CC:9F:56:60:67:94:04:7E
SHA1 68:C3:4B:3D:05:7A:53:E3:8C:FE:71:F1:30:3D:8A:AD:8E:33:0A:76
MD5 4B:6F:6A:D8:A2:29:7F:06:F3:4F:33:EE:74:32:1C:F8

The laudable intention is to provide some sort of authentication that this data file upload form is being run by WikiLeakS.org, but not for the first time, WikiLeakS.org have made a mistake with the fundamental trust model.

However WikiLeakS.org are establishing the chain of trust from the wrong place - the new Digital Certificate and its cryptographic hash "fingerprints" help to verify that this is a sunshinepress.org web page, but they do not verify that it is a wikileaks.org one.

The Upload Form almost certainly is being run by WikiLeakS.org, only because those of us who are familiar with the history of WikiLeakS.org and who have carefully explored that website, will notice that that the WikiLeakS.org Contact Page now exclusively publishes contact email addresses using

@sunshinepress.org

The sunshinepress.org domain name has been a "cover name" since the beginning of the project and has been used to help collect financial donations.

Given the risks of DNS poisoning or Man-in-the-Middle attacks, WikiLeakS.org should have published these hash values on a WikiLeaks.org web page, certainly not just on the unfamiliar to most people, sunshinepress.org one.

Anyone familiar with fake internet banking "phishing" websites should have noticed this error.

The web form retains what may be the the original submission system's delayed publication / embargo request facility.

The old scheme used to explain that there was a deliberate, random delay between submission and publication, in order to help to confuse Communications Data Traffic Analysis, but perhaps, like so much else, this was not true, and just relied on the editorial approval process to introduce a delay.

It is unclear if any of this still applies with the new Upload Form.

Making a hash of the footnote

The footnote which repeats the SHA1 cryptographic hash of the Web Server's Digital Certificate, which appears on each of the subsequent pages during the data file upload process, is a bit confusing.

Each of the Leaked Document pages publishes, from the previous "secure" submission system is published with a cryptographic hash of the file which was uploaded e.g.

Cryptographic identity SHA256 27b41de6409afc666abd12e65de417439a78b94dbe37bfd601f02e531a2f15a3

but without giving or pointing the website visitor or the original whistleblower to any tools to use this "fingerprint" to actually verify that the file being downloaded has not been tampered with or corrupted.

Similarly, the weaker but still adequate SHA1 hash on the footnote of Upload Form pages does not actually prove that the content of each web page it appears on has not been tampered with or corrupted - it would have to be a Digital Signature for each individual page to do that, using something like PGP (which WikiLeaks.org are stupidly still boycotting).

Courage is contagious.
SHA1 68:C3:4B:3D:05:7A:53:E3:8C:FE:71:F1:30:3D:8A:AD:8E:33:0A:76

At first glance it appears to be a hash of the words "Courage is contagious", which it is not. (it is debatable if the slogan is true or not).

GlobalSign Digital Certificate

The new Digital Certificate is from a recognised commercial Certificate Authority, GlobalSign nv-sa unlike the self signed one used by the WikiLeakS.org IRQ IRC chat server.

wl_digital_certificate_1.jpg


CN = GlobalSign Domain Validation CA
O = GlobalSign nv-sa
OU = Domain Validation CA
C = BE

[...]

CN = sunshinepress.org
O = sunshinepress.org
OU = Domain Control Validated
C = SE

The GlobalSign Certificate Authority is based in Belgium, which may make it a little more resilient against a US or UK court order attempt to force them to revoke this Digital Certificate.

Lawyers have already gone after the equally neutral and illegal content free wikileaks.org domain name, so it is only a matter of time before they try the same sort of legal trickery and threat of expensive court costs, even if you win the case, with SSL Certificate Authorities as they have done with Internet Service Providers and with Domain Name registrars.

See our censorship threats from Lawyers category archive

Whether this Belgium based CA will secretly hand over the private de-cryption keys for this sunshinepress.org / wikileaks.org upload web server when faced with a Mutual Legal Aid Agreement or European Evidence Warrant from foreign intelligence or police agencies or a Belgian police warrant or Court order, remains to be seen.

At least now, this current Digital certificate from a commercial Certificate Authority is, by default, trusted by the vast majority of web browser software, which will therefore not pop up warning messages, which would certainly put off some or all sensible or paranoid whistleblowers.

Like all modern Digital Certificates it uses SHA1 and does not rely on the potentially foregable MD5 cryptographic hash, which the old WikileakS.org Digital Certificate used to.

This Digital Certificate is valid from Friday 16th July 2010 for a year:

Not Before:
16/07/2010 10:47:50
(16/07/2010 10:47:50 GMT)

Not After:
17/07/2011 10:47:46
(17/07/2011 10:47:46 GMT)

It covers 3 possible domain name aliases:

wl_digital_certificate_2.jpg

sunshinepress.org
www.sunshinepress.org
submit.sunshinepress.org

All of these domain names resolve to the same IP address that the wikileaks.org ones do i.e. to

IP address: 88.80.2.32
Host name: wikileaks.org

IP address: 88.80.2.32
Host name: sunshinepress.org

They all appear to use the same kind of Reverse Proxy Server:

Via: 1.1 https-www
Server: Sun-Java-System-Web-Server/7.0
Proxy-agent: Sun-Java-System-Web-Server/7.0
X-powered-by: Servlet/2.4

With this new Digital Certificate, WikiLeakS.org is back to the situation it was between its May re-launch and 12th June , when the old Digital Certificate was unprofessionally allowed to expire with any rollover to a new one.

Still no return of the Tor Hidden Service

There is still no Tor Hidden Service end to end encryption through the Tor anonymity cloud, like there used to be before the self-imposed shutdown of the website last Christmas 2009.

UPDATE:


http://suw74isz7wqzpmgu.onion/

has been announced on the Official Wikileaks Blog and by Jacob Applebaum standingin for Julian Assange at the HOPE hackers' conference in New York.

Potential snooping via the WikiLeaks.org Upload form

wl_upload_thank_you_1.jpg

If you click on the link on the WikiLeakS.org Upload Form to the Disclaimer link, or actually selct a local file from your computer and press the Submit button, or if you read the HTML source code of the form, you will see something like

https://sunshinepress.org/upload/A52CFA2183C87B6B2AC792FC535EC83EB9DBA669/meta

in your web browser address bar.

i.e. a dynamically generated URL, which is different for each visitor or visit to the Upload Form.

If we took a charitable view, this could simply be a badly configured database driven web page Content Management System, which is producing human unfriendly URLs.

This might make sense, if WikIleakS.org was selling the content of its web pages and wanted to track each visitor's viewing habits or if they were trying to make it more difficult for valuable digital content to be indexed by web search engines.

To have this feature only on the supposedly "secure" and document file upload web form, to a supposedly "anonymous" whistleblower website makes no sense at, unless either incompetence or deliberate snooping are involved.

How can sceptical, suspicious people like us or any sane , cautious whistleblower, be assured that the 40 character 0-9, A-F, probably hexadecimal string, is not being logged by the web server hosting infrastructure e.g. the web server(s), proxy server(s) , etc. ?

Because this "unique identifier" appears in the URL path of the multi-page web form, it is visible as Communications Traffic Data to your local Internet Service Provider and other commercial and government snoopers, regardless of the fact that the rest of the web page and your actual upload is encrypted via TLS / SSL using the web server's Digital Certificate. In the European Union, for example, this Communications Data is, by law, retained for up to 3 years.

This "unique identifier" reduces the chances of the "plausible deniability" excuse during any "leak investigation" i.e. the claim that the computer used to upload some leaked document or other was not yours, but must have been someone else's within the same organisation or another customer of the same Internet Service Provider etc.

Coupled with the lack of any explicit statement by WikilLeakS.org that no web server or firewall or intrusion detection or anti-virus scanning or reverse proxy server or traffic management or load balancer etc. infrastructure at the PRQ web hosting company in Stocholm , Sweden, does not retain any IP address or other details in their log files (as all of these internet components tend to do by default) , any cautious whistleblower should assume that their supposedly secure SSL encrypted web upload session will leave electronic traces which may very well betray their identity, especially to the Swedish police and intelligence agencies and to WikiLeakS.org insiders.

Unless and until WikIleakS.org either clearly explain these unique identifiers in the web pages, or , better still, simply remove them, then we will advice people not to use this new, supposedly secure and anonymous, whistleblower document data file upload form.

This IDG interview of Julian Assange should worry potential whistleblowers:

Wikileaks founder reflects on Apache helicopter video

The mainstream media ignored some of the other material Wikileaks published, says Julian Assange

By Jeremy Kirk, IDG News Service
July 12, 2010 12:22 PM ET

[...]

Assange spoke on Friday at the Center for Investigative Journalism at City University in London,

[...]

The second half of the article contains this extraordinary claim:

Assange said about one in six people affiliated with the U.S. military who enter Wikileaks' secure chat room end up passing information to the Web site. He said those who come to the chat room often possess evidence of something that is making them angry.

"At that point, they come to us, and maybe we can help them," Assange said.

But turning those visitors into sources is delicate, and different approaches have to be used. "You really have to establish a connection at that moment," Assange said.

Is the WikiLeakS.org "secure chat" system effectively a honey pot trap for US Military whistleblowers ?

It is unclear just how many "people affiliated with the U.S. military who enter Wikileaks' secure chat room" there have been.

Why would any real whistleblowers "affiliated with the U.S. military " or not, be stupid enough to contact WIkiLeakS.org , or anybody else, via Internet Relay Chat ?

WIkiLeakS.org Chat web page gives instructions on how to connect to their Internet Relay Chat (IRC) chat system.

There are no warnings and no advice about how to use this Internet Relay Chat system anonymously, even though that web page claims

Whistleblower? Journalist? Citizen journalist? WikiLeaks writer, volunteer, supporter or techie? Get advice and talk with people like you on the WikiLeaks secure chat (also good for safe interviews with anonymous sources).

"also good for safe interviews with anonymous sources" ???

Not if they expect to remain anonymous for long if there is any sort of "leak investigation" !

It is irrelevant whether or not the chat system is "encrypted" using SSL - that does not protect the Communications Traffic Data i.e. IP address, time, date and how much data has been transferred in a session.

The SSL encryption certificate for secure.wikileaks.org:9999 is a self signed one, apparently issued by WIkiLeakS.org itself, but there is no explanation of why this should be trusted on the website.

secure_wikileaks_org_9999_450.jpg

There is no mention of how , for example, to use Tor to connect to this IRC system to try to protect your Communications Traffic Data from snoopers.

The IDG article continues

Assange said Wikileaks is currently re-engineering its submissions engine, an important security tool that can help protect sources who are passing sensitive information to the site. The submissions engine has been described as having military-grade encryption.

Assange contested a Wired magazine story from June 30 titled "With World Watching, Wikileaks Falls Into Disrepair." The story said that the submission engine has been degraded for months and that its SSL (Secure Sockets Layer) certificate had expired. Assange contended he told Wired magazine that it was being redesigned but that article said that he declined comment.

So why have neither Julian Assange nor any of the other WikiLeakS.org activists bothered to update any of their website pages with this news ? Even now the website still gives the impression that there is a working "secure" submission service.

Is that incompetence or deliberate deceit ?


secure_wikileaks_org_Digital_Cert_expiry_12June2010_450.jpg

(at 09:00 GMT Saturday 12th June 2010)

Most reputable, professional, organisations with a pubic website, which ask for personal or financial details etc. use Transport Layer Security (TLS) / Secure Sockets Layer (SSL) encrypted web sessions, especially for web forms which include sensitive data.

This is implemented through the https:// prefix in the address bar or embedded Uniform Resource Locator (URL) web page links in the vast majority of modern web browser software.

The encryption software is built in by default into your web browser and operating system, but for an encrypted session to be established, a Digital Certificate needs to be installed on the web server.

These bind an official web server DNS domain name and and organisation name to a particular asymmetric public encryption key, which then allows your web browser to establish an encrypted session with the web server, which protects that session with a private, symmetric cryptographic algorithm key e.g. AES, 3DES, RC4 etc.

You can create your own Digital Certificate and "self sign" it, but most web browser software will then flash up various warnings and ask you to make "do I really trust this website" decisions, which will certainly scare off any cautious people.

Most reputable organisations fork out some money for a Digital Certificate bought from one of the main Certification Authorities, which at least insist on (usually) only issuing a Digital Certificate to the domain name owners of the particular web server and perhaps running some sort of elementary credit check / company name and address check.

Since these major Certificate Authorities are trusted by default by your web browser software (you can usually choose to remove them from the trusted list, if you can be bothered) no warnings will frighten off potential customers etc, if a current Digital Certificate is in use.

Since such Digital Certificates are bought and renewed usually on an annual or multi-year basis, when they expire, then Invalid Certificate or Expired Certificate warnings automatically appear.

Professional, trustworthy organisations do not let their Digital Certificates expire, they purchase a new Digital Certificate before hand either to be valid from the expiry of the old one, or more usually, with an overlap period, so that they have time to correct any administrative or technical configuration errors with the new Certificate, whilst the old one is still valid.

A new Digital Certificate usually requires the generation or installation of a new Private Encryption Key on each of the Web Servers which it applies to. This may require physical access to the data centre, or at least secure remote control of those servers.

Will WikIleakS.org manage this Digital Certificate rollover properly and professionally ?

Will they replace their obsolete, potentially forgeable RapidSSL MD5 signed Digital certificate with a new one ?

They have until 16:14:01 Greenwich Mean Time today, Saturday 12th June 2010 to do so,

If they do not do this , then their https://secure.wikileaks.org web form, the only secure method of uploading "whistleblower leaks" via their website will be broken, as they seem to have abandoned both Tor Hidden Services and PGP email / file encryption

UPDATE 18:00 GMT

Sadly, we are not surprised that the https://secure.wikileaks.org Digital Certificate has not been properly rolled over and replaced.


secure_wikileaks_org_This_Connection_is_Untrusted_450.jpg

We have had an email pointing out that:

Wikileaks still uses a broken MD5 hash function for its supposedly
secure SSL connection, that is used to upload sensitive documents to them.

In an attack on MD5 published in December 2008, a group of researchers
used a new technique to fake the validity of SSL certificates. US-CERT
of the U.S. Department of Homeland Security said MD5 "should be
considered cryptographically broken and unsuitable for further use, and
most U.S. government applications will be required to move to the SHA-2
family of hash functions after 2010. This broken md5 hash function is
however still in use by the https://secure.wikileaks.org/ SSL connection.

Take a look by going to: https://secure.wikileaks.org/ and
highlight their certificate, and click View certificate under the
security tab.

Then choose the Details tab and check the Certificate Signature
Algorithm, this will show the use of MD5.

Background information:
http://blogs.zdnet.com/security/?p=2339

secure_wikileaks_org_digital_certificate_1_450.jpg

secure_wikileaks_org_digital_certificate_MD5_450.jpg

We did welcome this Digital Certificate back in 2008, before the MD5 weakness was demonstrated in public.

See: New SSL digital certificate for secure.wikileaks.org - not before time

There really is no excuse for using a relatively weak cryptographic hash algorithm in the Digital Certificate which is supposed to protect the encrypted SSL/TLS communications internet sessions of the WikiLeakS.org whistleblower leak submission web pages.

Since the the resources of several Government intelligence agencies are very likely to have been deployed against this encrypted traffic, surely WikiLeakS.org can afford to pay for a proper Digital Certificate using an as yet currently unbroken secure cryptographic hash function e.g. SHA-1 or the forthcoming SHA-2 ?

Surely they can spend a few tens or hundreds of dollars , out of the $360,000 raised out of the the target of / $600.000 this year on some proper Digital Certificates ?

Interestingly, the parallel computing resources used to create the MD5 signatures and fake example Digital Certificates, are probably not too different to that used by WikiLeakS.org and their friends to supposedly password guess and decrypt the Iraq Apache helicopter attack video.

If an attacker duplicated the secure.WikiLeakS.org Digital Certificate, something which is obviously possible with the current MD5 hash, but not with the stronger versions which most other SSL/TLS protected websites now use, then they could do a Man in the middle attack on the WikiLeakS.org "secure" content submission system.

One of the potential weakness of this system has always been its vulnerability to Communications Traffic Analysis, since SSL/TLS encryption does not hide the source and destination IP addresses.

SSL/TLS encryption does not hide the amount of data which is transmitted.,so it can be sometimes be very obvious, which IP address uploaded a particular whistleblower leak document, if it is of a characteristic size, on a particular date, which may narrow down the list of suspects for a "leak" investigation.

To be fair to WikiLeakS.org, they used to also offer a much more Communications Traffic analysis resistant encrypted submission method via a Tor Hidden Service:

http://gaddbiwdftapglkq.onion/

but this has not been publicised (presumably as it no longer works) since last Christmas, when the WikiLeakS.org main website was shut down, to beg for money.

Since the WikiLeakS.org activists still refuse to publish a new PGP Public Encryption key, it seems that WikiLeakS.org is now less secure than they used to be.

If your life or even if just your career, might be threatened by exposure as a WikiLeakS.org whistleblower, you should think very carefully before submitting any "whistleblower leak" documents via the currently crippled WikiLeakS.org website.

WikiLeakS.org, are still "on strike", awaiting more financial donations, but they do continue to publish a few headline grabbing "leaks", without the full wiki system which used to allow readers to analyse and comment on them on the website itself.

They are claiming that:

U.S. Intelligence planned to destroy WikiLeaks

http://file.wikileaks.org/files/us-intel-wikileaks.pdf

We cannot see much evidence of any actual "plan", only a statement of the obvious, that if US Military whistleblowers are tracked down and disciplined or prosecuted, this may have a deterrent effect on future leaks, in general and to Wikileaks in particular.

WikiLeakS.org point out that none of that has happened, as yet, in the couple of years since this intelligence report was compiled.

There is mention of foreign i.e. non-USA potential Computer Network Exploitation (CNE) and / or Computer Network Attacks (CNA) on wikileaks, but with no mention of any US military capabilities or policies in these areas.

This document appears to be:

SECRET//NOFORN

ACIC Home

(U) Wikileaks.org--An Online Reference to Foreign Intelligence Services, Insurgents, or Terrorist Groups?

NGIC-2381-0617-08

Information Cutoff Date: 28 February 2008
Publication Date: 18 March 2008


[...]


Prepared by:

Michael D. Horvath


Cyber Counterintelligence Assessments Branch
Army Counterintelligence Center

External Coordination: National Ground Intelligence Center[1]

This product responds to HQ, Department of Army, production requirement C764-97-0005.

ACIC Product Identification Number is RB08-0617.

[...]

(U) This special report assesses the counterintelligence threat posed to the US Army by the Wikileaks.org Web site.

Julian Assange, one of the main WikiLeakS.org activists, uses this paragraph (marked as Secret / Not for Foreigners), at the end of the Executive Summary on page 3 of 32 (also as the start of the Conclusions on page 21 of 32) , to make the "claim that "U.S.Intelligence planned to destroy WikiLeaks"

(S//NF) Wikileaks.org uses trust as a center of gravity by assuring insiders, leakers, and whistleblowers who pass information to Wikileaks.org personnel or who post information to the Web site that they will remain anonymous. The identification, exposure, or termination of employment of or legal actions against current or former insiders, leakers, or whistleblowers could damage or destroy this center of gravity and deter others from using Wikileaks.org to make such information public.

All of that also applies to most other organisations or companies, whose confidential documents end up on WikiLeakS.org, not just those belonging to the US Army.

This one paragraph out of a 32 page report does not seem to be any sort of "plan", just a statement of the obvious.

(S/NF) stands for "Secret / Not for Foreigners", a marking which is used on many of the paragraphs in this report, which also contains (U) unclassified paragraphs as well.

Interestingly Julian does not mention this paragraph (pages 5 and 6):

(S//NF) The obscurification technology[9] used by Wikileaks.org has exploitable vulnerabilities. Organizations with properly trained cyber technicians, the proper equipment, and the proper technical software could most likely conduct computer network exploitation (CNE) operations or use cyber tradecraft to obtain access to Wikileaks.org's Web site, information systems, or networks that may assist in identifying those persons supplying the data and the means by which they transmitted the data to Wikileaks.org. Forensic analysis of DoD unclassified and classified networks may reveal the location of the information systems used to download the leaked documents. The metadata, MD5 hash marks, and other unique identifying information within digital documents may assist in identifying the parties responsible for leaking the information. In addition, patterns involving the types of leaked information, classification levels of the leaked information, development of psychological profiles, and inadvertent attribution of an insider through poor OPSEC could also assist in the identification of insiders.

Reference [9] is :

[9] (U) Obscurification technology: the science of obscuring or hiding objects and information.

The report carefully does not say that United States military, intelligence or law enforcement organisations could or should be involved in "computer network exploitation (CNE) operations or use cyber tradecraft" using these old vulnerabilities in, for example, Tor , instead suggesting that it could be Foreign organisations (FISS = Foreign Intelligence and Security Services) instead (page ):

(U) The OPSEC measures used in the submission of leaked information to Wikileaks using the Internet are designed to protect the identity and personal security of the persons or entities sending or posting information to the Web site. Wikileaks.org claims that any attempt at trace routing of IP addresses, MAC addresses, and other identifying information of a home computer submissions (as opposed to cyber café submissions) through Wikileaks.org's Internet submission system would require a knowledge of information available only to Wikileaks.org programmers and to a rights organization serving the electronic community, or would require specialized ubiquitous traffic analysis of Internet messages and routing systems. Nevertheless, it remains technically feasible for FISS, law enforcement organizations, and foreign businesses that have the motivation, intentions, capability, and opportunity to gain online access or physical access to Wikileaks.org information systems to identify and trace whistleblowers through cyber investigations, advanced cyber tools, and forensics.[11]

Reference [11]

[11] (U) School of Computer Science, Carleton University, Ottawa, Canada. ―Internet
Geolocation and Evasion.‖ URL: http://cs.smu.ca/~jamuir/papers/TR-06-05.pdf. Accessed 5
January 2008.
(U) Geocities. ―Exposing Tor Users' IPs‖ URL:
http//uk.geocities.com/osin1941/exposingtor.html. Accessed on 28 December 2007.
(U) Secunia. ―Multiple Security Vulnerabilities for Tor.‖ CVE-2006-3407, CVE-2006-3408, CVE-2006-3409, CVE-2006-3410, CVE-2006-0414, CVE-2006-3165, CVE-2006-4508, CVE-2007-4096, CVE-2007-4097, CVE-2007-4098, CVE-2007-4099, CVE-2007-4174, CVE-2007-4508, CVE-2007-4099. URL: http://archives.seul.org. Accessed on 8 January 2008.

This WikiLeak.org blog has written about the "Peryton" whistleblower code name, which is specifically discussed in the US military intelligence report:

Does linking "Peryton" to several leaks partially betray the WikiLeakS.org promise of anonymity ? (February 13, 2008 2:11 AM)

It is worth repeating the Questions raised in the Intelligence Gaps section of this document (pages 20 and 21)

(U) Intelligence Gaps

  • (S//NF) What individual persons or entities are leaking DoD sensitive or classified information to Wikileaks.org, and are they working on behalf of a foreign agent or power? What are the reasons, intentions, and motivations of the current or former insider?
  • (S//NF) Is the potential insider leaking the information to Wikileaks.org a former employee of the US government or a mole still working for the US government? How is the insider sending digital information to Wikileaks.org? What cyber or other tradecraft is the perpetrator using?
  • (S//NF) Will the Wikileaks.org Web site be used by FISS, foreign military services, foreign insurgents, or terrorist groups to collect sensitive or classified US Army information posted to the Wikileaks.org Web site?
  • (S//NF) Will the Wikileaks.org Web site be used by FISS, foreign military services, or foreign terrorist groups to spread propaganda, misinformation, or disinformation or to conduct perception or influence operations to discredit the US Army?
  • (S//NF) Will the Wikileaks.org Web site be used for operational or cyber tradecraft to pass information to or from foreign entities?
  • (S/NF) Will the Wikileaks.org Web site developers obtain new software for Web site development, management, security, encryption of messages or files, or posting anonymous information to the Web site?
  • (S//NF) Will foreign entities attempt to conduct CNE or CNA to obtain information on the posters of information or block content on the Wikileaks.org Web site?
  • (S//NF) What software, tactics, techniques, and procedures would be used by a foreign actor to conduct CNE or CNA against the Web site?

CNE = computer network exploitation
CNA = computer network attack

  • (S//NF) Will foreign persons, businesses, or countries attempt civil lawsuits or criminally prosecute whistleblowers, Wikileaks.org staff, and members who posted comments on the Web site?
  • (S//NF) Will Wikileaks.org and various users expand the data fields in the TOE SQL database to include equipment capabilities, equipment limitations and vulnerabilities, known unit locations, links to geospatial information services, or known unit personnel to develop ―battle books for targeting packages?
  • (S//NF) What other leaked DoD sensitive or classified information has been obtained by Wikileaks.org?
  • (S//NF) Will foreign organizations such as FISS, foreign military services, foreign insurgents, or terrorist groups provide funding or material support to Wikileaks.org?

It is interesting that this SECRET / NOFORN (NOFORN = Not releasable to Foreign Nationals, equivalent to "UK Eyes Only") document cites this Spy Blog article 3 times cited 3 times as references [39, 40 and 41]
e.g.

(U) Spy Blog. ―Is Wikileaks.org the Right Idea for a Whistleblowing Website? 5 January 2007.
URL: http://p10.hostingprod.com@spyblog.org.uk/blog/2007/01/is_wikileaks.org_the_right_idea_for_a_ whistleblowing_website/html. Moved from URL: www.spy.org.uk/spyblog. Accessed on 17 December 2007.

This URL has got mangled somewhat, so interested readers should go to:

Spy Blog, January 5, 2007 2:09 PM:
Is WikiLeaks.org the right idea for a whistleblowing website ?

It is worth comparing the "Intelligence Gaps" questions with the original Spy Blog questions about the whole WikiLeakS.org project, which are cited 3 times as a reference [39, 40 and 41]

Perhaps "U.S. Intelligence planned to destroy WikiLeaks", but this leaked document does not provide hard evidence of that rather sensational claim.

The intelligence report rightly pays respect to the technical work involving SQL database cross referencing of the Iraq war equipment register by WikileakS.org activists and others. The September 11th 2001 pager messages project was also impressive.

However the intelligence report is not sceptical enough about some of the unproven claims made by WikiLeakS.org e.g. where exactly are the more than a million leaked Chinese documents ? They were not available via the wiki, when it was running.

Similarly, the claim to use PGP encryption to protect whistleblowers is false and the "easy to use" encryption software for CDs and DVDs sent via postal mail, has also never materialised.

Any future revision of this intelligence report on WikiLeakS.org should perhaps look at how the core activists are not actually content with waiting for other people to send them "Leaked" documents,, but are actively trying to create new documents etc. which have never been "leaked" by anyone in the first place.

If the US Army was worried about WIkiLeakS.org a couple of years ago, then some of the recent developments might cause them further anxiety.

See these recent Tweets:

http://twitter.com/wikileaks/status/7530875613

Have encrypted videos of US bomb strikes on civilians http://bit.ly/wlafghan2 we need super computer time http://ljsf.org/

8:10 PM Jan 8th 2010

and

http://twitter.com/wikileaks/status/9412020034

Finally cracked the encryption to US military video in which journalists, among others, are shot. Thanks to all who donated $/CPUs.

3:18 AM Feb 21st 2010

To whom have they made this allegedly de-crypted video (presumably intercepted from missile carrying drones or other attack aircraft) available ?

About this blog

This blog here at WikiLeak.org (no "S") discusses the ethical and technical issues raised by the WikiLeakS.org project, which is trying to be a resource for whistleblower leaks, by providing "untraceable mass document leaking and analysis".

These are bold and controversial aims and claims, with both pros and cons, especially for something which crosses international boundaries and legal jurisdictions.

This blog is not part of the WikiLeakS.org project, and there really are no copies of leaked documents or files being mirrored here.

Email Contact

Please feel free to email us your views about this website or news about the issues it tries to comment on:

email: blog@WikiLeak[dot]org

Before you send an email to this address, remember that this blog is independent of the WikiLeakS.org project.

If you have confidential information that you want to share with us, please make use of our PGP public encryption key or an email account based overseas e.g. Hushmail

LeakDirectory.org

Now that the WikiLeakS.org project is defunct, so far as new whistleblower are concerned, what are the alternatives ?

The LeakDirectory.org wiki page lists links and anonymity analyses of some of the many post-wikileaks projects.

There are also links to better funded "official" whistlblowing crime or national security reporting tip off websites or mainstream media websites. These should, in theory, be even better at protecting the anonymity and security of their informants, than wikileaks, but that is not always so.

New whistleblower website operators or new potential whistleblowers should carefully evaluate the best techniques (or common mistakes) from around the world and make their personal risk assessments accordingly.

Hints and Tips for Whistleblowers and Political Dissidents

The WikiLeakS.org Submissions web page provides some methods for sending them leaked documents, with varying degrees of anonymity and security. Anybody planning to do this for real, should also read some of the other guides and advice to political activists and dissidents:

Please take the appropriate precautions if you are planning to blow the whistle on shadowy and powerful people in Government or commerce, and their dubious policies. The mainstream media and bloggers also need to take simple precautions to help preserve the anonymity of their sources e.g. see Spy Blog's Hints and Tips for Whistleblowers - or use this easier to remember link: http://ht4w.co.uk

BlogSafer - wiki with multilingual guides to anonymous blogging

Digital Security & Privacy for Human Rights Defenders manual, by Irish NGO Frontline Defenders.

Everyone’s Guide to By-Passing Internet Censorship for Citizens Worldwide (.pdf - 31 pages), by the Citizenlab at the University of Toronto.

Handbook for Bloggers and Cyber-Dissidents - March 2008 version - (2.2 Mb - 80 pages .pdf) by Reporters Without Borders

Reporters Guide to Covering the Beijing Olympics by Human Rights Watch.

A Practical Security Handbook for Activists and Campaigns (v 2.6) (.doc - 62 pages), by experienced UK direct action political activists

Anonymous Blogging with Wordpress & Tor - useful step by step guide with software configuration screenshots by Ethan Zuckerman at Global Voices Advocacy. (updated March 10th 2009 with the latest Tor / Vidalia bundle details)

WikiLeakS Links

The WikiLeakS.org Frequently Asked Questions (FAQ) page.

WikiLeakS Twitter feeds

The WikiLeakS.org website does not stay online all of the time, especially when there is a surge of traffic caused by mainstream media coverage of a particularly newsworthy leak.

Recently, they have been using their new Twitter feeds, to selectively publicise leaked documents to the media, and also to report on the status of routing or traffic congestion problems affecting the main website in Stockholm, Sweden.

N.B.the words "security" or "anonymity" and "Twitter" are mutually exclusive:

WikiLeakS.org Twitter feed via SSL encrypted session: https://twitter.com/wikileaks

WikiLeakS.org unencrypted Twitter feed http://twitter.com/wikileaks

Internet Censorship

OpenNet Initiative - researches and measures the extent of actual state level censorship of the internet. Features a blocked web URL checker and censorship map.

Temporary Autonomous Zone

Temporary Autonomous Zones (TAZ) by Hakim Bey (Peter Lambourn Wilson)

Cyberpunk author William Gibson

Campaign Button Links

Watching Them, Watching Us, UK Public CCTV Surveillance Regulation Campaign
UK Public CCTV Surveillance Regulation Campaign

NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card
NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card and National Identity Register centralised database.

Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.
Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.

FreeFarid_150.jpg
FreeFarid.com - Kafkaesque extradition of Farid Hilali under the European Arrest Warrant to Spain

Peaceful resistance to the curtailment of our rights to Free Assembly and Free Speech in the SOCPA Designated Area around Parliament Square and beyond

Parliament Protest blog - resistance to the Designated Area restricting peaceful demonstrations or lobbying in the vicinity of Parliament.

Petition to the European Commission and European Parliament against their vague Data Retention plans
Data Retention is No Solution Petition to the European Commission and European Parliament against their vague Data Retention plans.

Save Parliament: Legislative and Regulatory Reform Bill (and other issues)
Save Parliament - Legislative and Regulatory Reform Bill (and other issues)

Open_Rights_Group.png
Open Rights Group

The Big Opt Out Campaign - opt out of having your NHS Care Record medical records and personal details stored insecurely on a massive national centralised database.

Tor - the onion routing network
Tor - the onion routing network - "Tor aims to defend against traffic analysis, a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security. Communications are bounced around a distributed network of servers called onion routers, protecting you from websites that build profiles of your interests, local eavesdroppers that read your data or learn what sites you visit, and even the onion routers themselves."

Tor - the onion routing network
Anonymous Blogging with Wordpress and Tor - useful Guide published by Global Voices Advocacy with step by step software configuration screenshots (updated March 10th 2009).

irrepressible_banner_03.gif
Amnesty International's irrepressible.info campaign

anoniblog_150.png
BlogSafer - wiki with multilingual guides to anonymous blogging

ngoiab_150.png
NGO in a box - Security Edition privacy and security software tools

homeofficewatch_150.jpg
Home Office Watch blog, "a single repository of all the shambolic errors and mistakes made by the British Home Office compiled from Parliamentary Questions, news reports, and tip-offs by the Liberal Democrat Home Affairs team."

rsf_logo_150.gif
Reporters Without Borders - Reporters Sans Frontières - campaign for journalists 'and bloggers' freedom in repressive countries and war zones.

committee_to_protect_bloggers_150.gif
Committee to Protect Bloggers - "devoted to the protection of bloggers worldwide with a focus on highlighting the plight of bloggers threatened and imprisoned by their government."

wikileaks_logo_low.jpg
Wikileaks.org - the controversial "uncensorable, anonymous whistleblowing" website based currently in Sweden.

Syndicate this site (XML):

Recent Comments

  • James Hyams: I'm writing a thesis on Public Trust in WikiLeaks, the read more
  • rich kaplan: Hello Wikeleaks vrew. In Turkey , the islamist goverment just read more
  • wikileak: Cryptome have a few more extracts from this book http://cryptome.org/0003/ddb-book/ddb-book.htm read more
  • wikileak: OpenLeaks.org have now launched their website with some details of read more
  • wikileak: Bahnhof Internet seem to be hosting two Wikileaks servers in read more
  • teresa: I THANK THEY JUST TO SHUT HIM UP. THEY THINK read more
  • wikileak: Clay Shirky has posted a rough transcript of Daniel Domscheit-Berg's read more
  • wikileak: @ N - you can still see the "1.2 million read more
  • N: @wikileak - Exactly, these cables are _from_ the United States, read more
  • wikileak: Openleaks.org is now displaying this meassage: Coming soon! While we read more

November 2018

Sun Mon Tue Wed Thu Fri Sat
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30