Recently in Technical issues Category

The Wired.com Danger Room preview article WikiLeaks Defector Slams Assange In Tell-All Book by Kim Zetter, about Daniel Domscheit-Berg's forthcoming book, seems to confirm many of the suspicions and speculations about the apparent internal rifts within the WikiLeakS.org project, which this blog has commented on over the years.

[...]

WikiLeaks founder Julian Assange lost control of his site's submission system in an internal revolt last fall, and has never regained it, according to a tell-all book penned by the organization's top defector, who accuses Assange of routinely exaggerating the security of the secret-spilling website and lying to the public about the size and strength of the organization.

Although WikiLeaks has claimed for months that its submission system is down due to a backlog of documents it has no time to process, Daniel Domscheit-Berg writes in Inside WikiLeaks that he and a top WikiLeaks programmer seized the submission system when they defected from the organization last September, along with documents in the system at the time.

[...]

Last August, in the wake of rape allegations against Assange as well as criticism that the site had mishandled the names of informants in Afghan documents the site published with media partners, Domscheit-Berg and two WikiLeaks programmers fed up with the way things were being run, staged a halfhearted mutiny. They disabled the WikiLeaks wiki and changed the passwords to the Twitter and e-mail accounts. In response, Assange shut down the whole system, causing the mutineers to cave in. But within weeks, Domscheit-Berg and one of the programmers had left WikiLeaks for good and taken the submission system with them.

They seized the system because they had doubts Assange would handle the documents securely, due to lack of care he had allegedly shown for submissions in the past.

"Children shouldn't play with guns," Domscheit-Berg writes. "That was our argument for removing the submission platform from Julian's control ... We will only return the material to Julian if and when he can prove that he can store the material securely and handle it carefully and responsibly."

The submission system had been recrafted by the programmer, whom Domscheit-Berg refers to only as "the Architect", after he became frustrated with the jerry-built infrastructure Assange, and perhaps others, had set up when Wikileaks launched in December 2006, according to the book. WikiLeaks had been running on a single server with sensitive backend components like the submission and e-mail archives connected to the public-facing Wiki page. The Architect separated the platforms and set up a number of servers in various countries.

In a statement Wednesday, WikiLeaks essentially confirmed Domscheit-Berg's version of why the site's submission system is missing. The organization said the system remains down months after Domscheit-Berg left because his "acts of sabotage" forced the organization to "overhaul the entire submission system" and the staff lacks time to do so.

The statement does not explain why Assange had previously claimed the submission system was down by design to stop an already huge backup of documents from growing even larger.

Domscheit-Berg writes that he and the Architect won't release the unpublished documents and will return them to WikiLeaks once Assange builds a secure system. Noting that the current site has no SSL support, Domscheit-Berg warns that anyone who visits the site to read submission instructions could be monitored.

"The current system has become a security risk for everyone involved," he writes.

Domscheit-Berg told Threat Level in an interview on Sunday that the hijacked leaks only include those submitted since the time the system came back online in July following an outage, and the time it went down permanently. Anything submitted before then, or via other methods, would still be in Assange's possession.

[...]


Domscheit-Berg began working with Assange after meeting him at a hacker conference in Germany in December 2007. Although WikiLeaks claimed to have hundreds of volunteers and an untold number of staffers, the organization consisted essentially of Assange and Domscheit-Berg, who pored through submissions, did little more than simple Google searches to verify documents and posed as non-existent staffers in e-mail and other correspondence to make WikiLeaks seem heftier than it was.

The two were later joined by "the Technician" in 2008 and "the Architect" in 2009, both of whom assumed responsibility for the technological infrastructure, while Assange and Domscheit-Berg handled content and media relations. That is, until internal fighting began in 2009. Initially, the fights were over Assange's lack of transparency in handling donated funds, but eventually encompassed everything from the security of sources and submissions, to Assange's lack of trust in Domscheit-Berg, and Assange's relations with women.

[...]

When journalists asked about problems with WikiLeaks' infrastructure, Domscheit-Berg would purposely confuse them with technobabble. He writes that it was amazing how often their obfuscation strategy worked. "To create the impression of unassailability to the outside world, you only had to make the context as complicated and confusing as possible," he writes. "It was the same principle used by terrorists and bureaucrats. The adversary can't attack as long as he has nothing to grab hold of." The truth was, he notes, their "technical infrastructure was a joke and irresponsible. If someone knew where the server was located they could have shut WL down permanently ... We were acting irresponsibly, playing a risky game with our sources' trust and our supporters' donations."

Until WikiLeaks began working with media partners in 2010, it did little vetting of submissions beyond simple Google searches to see if documents seemed legitimate. This proved to be a problem when someone identified in a Julius Baer document as having a secret Swiss bank account claimed he'd been misidentified. Domscheit-Berg says the source who gave them the documents had also "included some background information he had researched about the bank's clients." But the source had apparently confused a Swiss account holder with a German man who had a similar name. When the German threatened to sue for slander, Assange and Domscheit-Berg added a caveat to the document saying, "according to three independent sources" the information might be false or misleading. The three independent sources, however, didn't exist. Domscheit-Berg says they made them up.

[...]

Will WikiLeakS.org ever resume operations for new whistleblower leak submissions ?

So will OpenLeakS.org really be any better than the WikILeakS.org smoke and mirrors confidence trick which this article portrays ?

N.B. OpenLeakS.org currently appears to have lost its https://OpenLeakS.org capability, despite, quite wisely, publishing the Digital Certificate details on

http://openleaks.org/content/contact.shtml

The SSL certificate we use for this website has the following fingerprints:

* SHA-1: 2F:A8:72:54:8F:CB:06:F1:02:39:D2:8C:1F:6B:FF:0A:22:1F:EB:36
* SHA-256: 5B:DE:F3:19:70:E7:D7:68:41:AE:75:20:C2:20:CB:78:1D:DE:81:A7:FE:8D:7D:0F:64:BD:69:E6:3E:AC:FE:47

The serial of the certificate is 01:00:00:00:00:01:2C:F1:12:3A:99.

The WikiLeakS.org domain name is currently no longer resolving to an IP address.

DynaDot,com, the California USA based Domain Name Registrar, which was successfully defended against interference in Bank Julian Baer court case does still have the WikiLieakS.org domain name registered..

Do remember this core wikileaks.org "brand" Domain Name was, incompetently, allowed to expire in the past. (see WikiLeakS.org domain name expires at Dynadot.com)

However, this Domain Name registration only points to a single, free Domain Name Service provider, EveryDNS.net, which supports lots of free, community based domain names.

They have now decided to protect the thousands of other people who rely on them from the "collateral damage" of Denial of Service attacks aimed at WikiLeakS.org.

WIkiLeakS.org, as usual, did not bother to respond to the termination of service warnings until it was too late.

EveryDNS.net, a provider of free managed DNS services, supports nearly 500,000 websites worldwide.

At 10PM EST, on Wednesday December 1, 2010 a 24-hour termination notification email was sent to the email address associated with the wikileaks.org account. In addition to this email, notices were sent to Wikileaks via Twitter and the chat function available through the wikileaks.org website.

Any downtime of the wikileaks.org website has resulted from its failure to, with plentiful advance notice, use another DNS solution.

Yesterday, pursuant to the EveryDNS.net Acceptable Use Policy the primary DNS hosted domains were disabled. Today, also in accordance with the EveryDNS.net Acceptable Use Policy, the secondary DNS hosted domains, including wikileaks.ch, were disabled.

EveryDNS.net is not taking a position on the content hosted on the wikileaks.org or wikileaks.ch website, it is following established policies. No one EveryDNS.net user has the right to put at risk, yesterday, today or tomorrow, the service that hundreds of thousands of other websites depend on.

As usual, rather than issuing a full press release by email or on a web page, the self important one way broadcast via the Twitter account has been used to state that wikileaks has been under Denial of Service attacks.

https://twitter.com/wikileaks/status/9578593516523520

We are currently under another DDOS attack

Tue Nov 30 12:04:49 UTC 2010

and

https://twitter.com/wikileaks/status/9609091915718656

DDOS attack now exceeding 10 Gigabits a second.

Tue Nov 30 14:06:00 UTC 2010

However when it come to EveryDNS.net,

https://twitter.com/wikileaks/status/10567274838622208

WikiLeaks,org domain killed by US everydns.net after claimed mass attacks KEEP US STRONG [...]

Fri Dec 03 05:33:29 +0000 2010

Note the use of the words "killed" and "claimed " and "US".

Instead of some words of thanks or understanding, to an organisation which has supported WikiLeakS.org throughout its lifetime, for free, this Tweet implies that EveryDNS.net are lying about their understandable reasons for dropping wikileaks.org from their DNS name servers.

Is this what you get for supporting the wikileaks technical infrastructure ?

The WikiLeakS.org team have now set up

http://wikileaks.ch

facilitated by the Swiss Branch of the Pirate Party (http://piratenpartei.ch)

At least this domain name does now have Domain Name Servers from more than one provider, based in two legal jurisdictions (.ch - Switzerland and .net - USA)

They have also modified the set up of

http://wikileaks.nl [46.59.1.2]

and

http://wikileaks.de [88.80.13.160]

which resolves back to one of the original WikiLeakS.org machines in Sweden

These simply now use 301 Permanent Redirects to point to

http://213.251.145.96/

the http://wikileaks.ch webserver running on the

213.251.145.96 - 213.251.145.111

IP address range allocated to Wikileaks by the Internet Service Provider OVH based in France.

More on this new website in a future blog article.

Why they have not bothered to update their DynaDot.com registration to point to new Domain Name Servers could be due to:

a) Incompetence.

b) A cynical ploy to gather sympathy for being censored.

c) More evidence of an internal rift or lack of communications between different parts of the the wikileaks team.


WikiLeakS.org again has a Tor Hidden Service for encrypted anonymised uploads - http://suw74isz7wqzpmgu.onion/ over 7 months after the previous one was abandoned.

The Official Tor "Blog" , which does not accept any comments or feedback from the public, has this report of the Keynote Speech given on behalf of Julian Assange at the HOPE hackers' conference in New York, by Jacob Appelbaum.

The usual rumours abound that there were FBI or other US Government Agents waiting to arrest / "talk" to him at this conference, but why they would wait until then and not do so as he came through US Passport Control is never explained by the media.

There is also a very rare, very brief, status report about the WikiLeakS.org website infrastructure:

HOPE 2010 Talk / Current status

Hello,

Jacob Appelbaum is speaking today on behalf of the project at the HOPE2010 conference. He will cover past, present and future developments of the project. For further information please visit the conference website: http://www.thenexthope.org/.

Now some general NEWS.

The submission system is up and running again (yes also reachable via Tor for those that do not trust SSL). Some important changes that you should be aware of:

* we moved the location of the submission system to https://sunshinepress.org/

Without telling anybody and without establishing a link of trust between the two domain names (see our previous blog article)

* The tor submission path uses a new hidden service address located at http://suw74isz7wqzpmgu.onion/

Some good news at last !

Although slow, a Tor enabled session (download and install the software from https://www.torproject.org/easy-download.html.en) does End to End Encryption between your Web Browser and three randomly chosen Tor relay servers in the Tor anonymity cloud, almost certainly some or all of which will be in foreign countries.

The final 4th hop to the Tor Hidden Service is also encrypted.

More importantly Tor makes Communications Traffic Data Analysis very much harder , even for well resource opponents like Government intelligence agencies (who obviously also make use it themselves)

SSL for the other services like the websites will take some more time until it is available.

What is so difficult about purchasing and installing another Digital Certificate to replace the old one, before making other changes to the infrastructure ?

Those users that do not like to install a generic IRC client can use the webchat again which is located at https://chat.wikileaks.org/ and connects to our internal IRC server. We added some additional means of protection to the IRCd to prevent the leakage of users identities.

This IRC chat system is all very well for reporting errors on the website etc. but is is absolutely not suitable for preserving the anonymity of potential whistleblowers.

The archive is now back for some time and we are still working on it. The most visible changes so far are the support for torrents and magnet links for files referenced in the archive, a facelift of the design, content cleanup. Public edits are still disabled but will be enabled again. Public comments will be disabled until we have an appropriate solution in place. We removed some stuff to hide the identities of the users working on the wiki as well as protecting the identity of people visiting the site. For example external links always use a trampoline now to make sure that 3rd party sites do not know where you came from. Furthermore we deleted all accounts not used for a year as part of the cleaning process.

We have meant to comment on the "trampoline" before. Why did they waste their time with this feature ?

It just looks and feels like another creepy hidden visitor tracking system, even if it is not meant to be that.

If they had not disabled the SSL version of the website, then there would already have protection against sending HTTP_REFERER environment variables to the external web pages which are linked to in the WIkI. Similarly if people do not simply click on a link, but Open in a New Tab or New Window, especially in the Private Browsing modes of most modern web browsers, then this information is not sent anyway.

Generally the technical staff is pretty busy putting the resources you granted us to good use. We are still extending the network with new machines, but will provide a dedicated interface for this type of help soon (email just does work for this kind of task).

Should this read "email just does not work for this kind of task" ?

Please do not make it a Twitter interface !

We have switched the complete system to a new architecture.

What was wrong with the old one ? Did it not scale properly ?

Why not publish a high level description of this architecture, so that WikiLeakS.org can be advised on how not to make elementary mistakes, again.

Until they do so, their hopes for lots of local versions of WikiLeakS.org to spring up organically around the world in parallel, will be still born.

If you notice that something does not work as expected please drop into the chat and talk to the staff there.

WikiLeakS.org has a world wide audience.

Is there really someone lurking in the IRC chat room 24 / 7 ?

They will be able to either relay your message or get you in contact with someone who can look at the problem.


The WL teams want to thank everybody for their support and patience.


By WikiLeaks on July 17, 2010

We are glad that someone is trying to sort out the technological mess that the WikiILeakS.org project deteriorated into.

We can dream that they will publish some PGP keys....

There is also the whole question of anonymous Mobile Phone Communications. Many more people have access to these than to fast computers and internet connections.

Surely the WikiLeakS.org technical team should be creating or promoting mobile phone SMS text and MMS message anonymous submissions systems ?


We have had an email pointing out that:

Wikileaks still uses a broken MD5 hash function for its supposedly
secure SSL connection, that is used to upload sensitive documents to them.

In an attack on MD5 published in December 2008, a group of researchers
used a new technique to fake the validity of SSL certificates. US-CERT
of the U.S. Department of Homeland Security said MD5 "should be
considered cryptographically broken and unsuitable for further use, and
most U.S. government applications will be required to move to the SHA-2
family of hash functions after 2010. This broken md5 hash function is
however still in use by the https://secure.wikileaks.org/ SSL connection.

Take a look by going to: https://secure.wikileaks.org/ and
highlight their certificate, and click View certificate under the
security tab.

Then choose the Details tab and check the Certificate Signature
Algorithm, this will show the use of MD5.

Background information:
http://blogs.zdnet.com/security/?p=2339

secure_wikileaks_org_digital_certificate_1_450.jpg

secure_wikileaks_org_digital_certificate_MD5_450.jpg

We did welcome this Digital Certificate back in 2008, before the MD5 weakness was demonstrated in public.

See: New SSL digital certificate for secure.wikileaks.org - not before time

There really is no excuse for using a relatively weak cryptographic hash algorithm in the Digital Certificate which is supposed to protect the encrypted SSL/TLS communications internet sessions of the WikiLeakS.org whistleblower leak submission web pages.

Since the the resources of several Government intelligence agencies are very likely to have been deployed against this encrypted traffic, surely WikiLeakS.org can afford to pay for a proper Digital Certificate using an as yet currently unbroken secure cryptographic hash function e.g. SHA-1 or the forthcoming SHA-2 ?

Surely they can spend a few tens or hundreds of dollars , out of the $360,000 raised out of the the target of / $600.000 this year on some proper Digital Certificates ?

Interestingly, the parallel computing resources used to create the MD5 signatures and fake example Digital Certificates, are probably not too different to that used by WikiLeakS.org and their friends to supposedly password guess and decrypt the Iraq Apache helicopter attack video.

If an attacker duplicated the secure.WikiLeakS.org Digital Certificate, something which is obviously possible with the current MD5 hash, but not with the stronger versions which most other SSL/TLS protected websites now use, then they could do a Man in the middle attack on the WikiLeakS.org "secure" content submission system.

One of the potential weakness of this system has always been its vulnerability to Communications Traffic Analysis, since SSL/TLS encryption does not hide the source and destination IP addresses.

SSL/TLS encryption does not hide the amount of data which is transmitted.,so it can be sometimes be very obvious, which IP address uploaded a particular whistleblower leak document, if it is of a characteristic size, on a particular date, which may narrow down the list of suspects for a "leak" investigation.

To be fair to WikiLeakS.org, they used to also offer a much more Communications Traffic analysis resistant encrypted submission method via a Tor Hidden Service:

http://gaddbiwdftapglkq.onion/

but this has not been publicised (presumably as it no longer works) since last Christmas, when the WikiLeakS.org main website was shut down, to beg for money.

Since the WikiLeakS.org activists still refuse to publish a new PGP Public Encryption key, it seems that WikiLeakS.org is now less secure than they used to be.

If your life or even if just your career, might be threatened by exposure as a WikiLeakS.org whistleblower, you should think very carefully before submitting any "whistleblower leak" documents via the currently crippled WikiLeakS.org website.

WikiLeakS.org is currently unavailable until 6th [UPDATED 7th January] 11th January 2010, as they are appealing for your money and technical and legal support.

Have they run out of money ?

wikileaks_25dec09_appeal_for_money_450.jpg

We protect the world--but will you protect us?

"Wikileaks has probably produced more scoops in its short life than the Washington Post has in the past 30 years"
-- The National, November 19. 2009

To concentrate on raising the funds necessary to keep us alive into 2010, we have very reluctantly suspended all other operations, until Jan 6.

The Sunshine Press (WikiLeaks) is an non-profit organization funded by human rights campaigners, investigative journalists, technologists and the general public. Through your support we have exposed significant injustice around the world--successfully fighting off over 100 legal attacks in the process. Although our work produces reforms daily and is the recipient of numerous prestigious awards, including the 2008 Economist Freedom of Expression Award as well as the 2009 Amnesty International New Media Award, these accolades do not pay the bills. Nor can we accept government or corporate funding and maintain our absolute integrity. It is your strong support alone that preserves our continued independence and strength.

We have received hundreds of thousands of pages from corrupt banks, the US detainee system, the Iraq war, China, the UN and many others that we do not currently have the resources to release. You can change that and by doing so, change the world.

They want your money:

Support us financially


Pay by credit card or PayPal worldwide

[...]

(Processed for us by the Wau Holland foundation; PayPal, VISA, Mastercard and more accepted)

We hope that this PayPal account is not compromised like the previous one was - see: Follow the money - WikiLeakS.org partial financial donors list email

Bank transfers

To contribute via direct wire transfer, please make your donation to one of the following organizations that can accept support on our behalf. Tax deductibility is possible where indicated.

Europe

Use our account at the tax-deductible Wau Holland foundation:

Wau Holland Stiftung, Postfach 640236, 10048 Berlin, Germany
Commerzbank Kassel, BLZ: 52040021, KTO: 277281204
(international: IBAN: DE46520400210277281204, BIC: COBADEFF520)
(inquiries: wl-supporters@sunshinepress.org)

United States

Banking details available on request.

Email wl-supporters@sunshinepress.org with the name of your state to be guided through this simple process.

Australia & New Zealand

Use our tax-exempt infrastructure foundation:

WikiLeaks ICT, Australia
Full bank details available on request. Email wl-supporters@sunshinepress.org to be guided through this simple process.

All other countries

Use our account at the non-profit Wau Holland foundation in Europe:

Wau Holland Stiftung, Postfach 640236, 10048 Berlin, Germany
Commerzbank Kassel, BLZ: 52040021, KTO: 277281204
(international: IBAN: DE46520400210277281204, BIC: COBADEFF520)
(enquiries: wl-supporters@sunshinepress.org)

Other bank accounts are available on request from wl-supporters@sunshinepress.org

The Wau Holland Foundation has charitable tax status in Germany, and was set up in memory of German Chaos Computer Club pioneer and anti-censorship activist Herwart Holland-Moritz.

Cash or cheques

You can support us by posting cash, cheques or international money grams to one of the following addresses:

All countries

WikiLeaks ICT
BOX 4080, University of Melbourne
Victoria 3052, Australia

USD, EUR, AUD preferred. International cheques are best over $800 to avoid fees. If sending cash, please place it in a non-transparent envelope or a CD case for maximum security.

Remember that banknotes, and especially plastic CD cases, are good for fingerprints and DNA sample forensic evidence.

Kenya

WikiLeaks ICT
PO Box 8098-00200
Nairobi
Kenya

Other addresses are available on request from wl-supporters@sunshinepress.org

Apart from these payment methods

I f you are interested in contributing to our mission using another payment method or with a shares, property, bonds, a grant, matched contribution, bequest, interest free loan, or have any other questions, please write to wl-supporters@sunshinepress.org

None of these methods of funding allow financial supporters of the WikiLeakS.org project to remain anonymous.

Financial transactions are even easier for governments and law courts etc. to trace than IP addresses are.

The wl-supporters@sunshinepress.org email address must surely be monitored and intercepted by various Government law enforcement and intelligence agencies.

Since there is no longer any WikiLeakS.org published PGP Public Encryption Key (see Why have WikiLeakS.org abandoned the use of PGP Encryption ?), any such financial correspondence will be at risk of being snooped on, and is likely to reveal the identities of potential and actual WikiLeakS.org financial supporters.

If you do plan to contact that target email address, you should not use your usual, personally identifiable email account.

What about limited liability ? Are you "jointly liable" with them, for any debts or legal fines or legal costs ?

If you become a supporter of WikiLeakS.org. and some Judge awards massive, inflated legal costs against WikiLeakS.org in a court case, do your financial assets become targets for avaricious lawyers or governments ?

Desperate lawyers and government bureaucrats will lash out at any identifiable people, e.g. identifiable financial supporters, in order to put censorship pressure on WikiLeakS.org.

Surely, in order to minimise the risk of this, WikiLeakS.org would need to employ exactly the same sort of sophisticated financial techniques involving investment trusts, nominee accounts and private bank accounts in tax havens etc., as used by the likes of Bank Julius Baer or Barclays etc. who have tried to sue WIkiLeakS.org to suppress details of such tax avoidance or tax evasion schemes and the rich people who have used them ?

Alternatively, some sort of Hawala informal banking /money transfer scheme would be needed, which is increasingly suspected of terrorism money laundering etc. by various suspicious and / or greedy governments.

Perhaps, as used in some African countries, pre-paid mobile phone credit vouchers could be used, to transfer small amounts of money to WikiLeakS.org.- just send the 12 digit voucher number to someone who can make use of it on a particular mobile phone network, perhaps for voice or data calls,or for "m-commerce" to buy goods or services.

When will WikiLeakS.org publish any sort of financial accounts ?

There now seems to be a new Secure Sockets Layer (SSL) or Transport Layer Security (TLS) Digital Certificate installed on https://secure.wikileaks.org

Issuer
CN = Equifax Secure Global eBusiness CA-1
O = Equifax Secure Inc.Validity

Not before
11/06/2008 17:14:01
(11/06/2008 16:14:01 GMT)

Not After
12/06/2010 17:14:01
(12/06/2010 16:14:01 GMT)

Subject
CN = secure.wikileaks.org
OU = Domain Control Validated - RapidSSL(R)
OU = See www.rapidssl.com/resources/cps (c)08
OU = GT46622659
O = secure.wikileaks.org
C = US

Attempts to access https://wikileaks.org, or any of the other Cover Name DNS aliases, via SSL session encryption, should pop up a warning by your browser software about the name mismatch.

This is, however, more acceptable and trustworthy now that there is a valid, unexpired Digital Certificate installed.

It is extremely disappointing that there is no official note of explanation about this major change to the fundamental trust infrastructure of WikiLeakS.org, on the website itself.

We have been remiss in not keeping the controversial, allegedly "secure and anonymous" whistleblowing website WikiLeakS.org under proper scrutiny recently.

Their Secure Sockets Layer (or Transport Layer Security encryption web server Digital Certificate for https://secure.wikileaks.org has expired over 2 weeks ago, on 16th May 2008.

Some details from the Digital Certificate:

Issuer

CN = Equifax Secure Global eBusiness CA-1
O = Equifax Secure Inc.
C = US

Validity

Not Before
16/05/2007 14:43:49
(16/05/2007 13:43:49 GMT)

Not After
16/05/2008 14:43:49

(16/05/2008 13:43:49 GMT)

Subject

CN = secure.wikileaks.org
OU = Domain Control Validated - RapidSSL(R)
OU = See www.rapidssl.com/resources/cps (c)07
OU = GT46622659
O = secure.wikileaks.org
C = US

Neither of the issuing Trusted Third Parties i.e. RapidSSL and Equifax, now have any legal duty to guarantee the integrity of an expired Digital Certificate. Most web browser software will pop up warning messages, which will, inevitably, either put some people off from reading the website or from submitting new documents.

Since even the Talk pages require the use of https://secure.wikileaks.org, there is now no method of submitting comments or analyses "securely" either.

Remember that WikiLeakS.org only published PGP public key encryption and digital signing key for wikileaks@wikileaks.org (ID: 0x11015F80), has also expired since 2nd November 2007.

This gives a poor impression of the competence and trustworthiness of the WikiLeakS.org project.

See: Discussion on the lack of a current WikiLeakS.org PGP public encryption key

Technically you can still use these expired encryption credentials to send messages or documents to WikiLeakS.org, but why should anyone trust them ?

Even a self-signed, but valid Digital Certificate, (with appropriate documentation as to why you should trust it) , would be preferable to a standard commercial Digitial Certificate, which has obviously expired. By convention and common usage, such an invalid Digital Certificate, and by extension the formerly "secure" webserver on which it resides, and can no longer to be trusted.


There has been a fair amount of publicity in the blogosphere promoting the actual IP address 88.80.13.160 of the WikiLeakS.org servers at IPQ Internet in Stockholm, Sweden.

There have been some inaccurate reports in the the mainstream media about lots of "mirror sites". There do seem to be some sites which are mirroring actual copies of the disputed documents in the Bank Julius Baer legal action against Wikileaks in California e.g. Cryptome.org, and the documents are available via the BitTorrent distributed peer to peer file sharing network.

However most of these alleged mirrors hold no actual copies of the documents at all, and just point some of their Domain Name Service sub-domains at the 88.80.13.160 IP address in Stockholm. This is important, as many of these Cover Names are not legally under the jurisdiction of the United States of America or the People's Republic of China etc. which are trying to censor WikiLeakS.org.

There are other alternative ways of getting your web browser software to connect to this website, some of which may be useful for getting around some crude methods of PC client or local router based censorware, if some organisations may choose to add this IP address to their banned lists.e.g.

There are all sorts of other possibilities including padding with leading zeros, hex encoded ascii characters, double byte Unicode representations etc., and mixing some or all of these formats within a single URL. Modern web browser will usually translate all of these variants into the real IP address.

Unless any Court Orders catch all of these possible variants, it may be that you can legally evade any censorship.

Remember that some other "wikileaks" domain names
are specifically mentioned in the second Temporary Restraining Order, and they all use the services of the California based EasyDNS.net, which will , no doubt, comply with the Order, if and when it is actually served on them specifically.

including on the websites operated at wikileaks.org, wikileaks.org.au, wikileaks.org.uk, wikileaks.la, wikileaks.cn, wikileaks.in, wikileaks.org.nz (collectively the “Wikileaks Websites”), and any other websites under their ownership, control and/or which they can post or edit any content;

wikileaks.cn was already out of action due to the Chinese Government censors.

wikileaks.org.au and wikileaks.org.nz frame forward to point to wikileaks.cx instead of the now US censored wikileaks.org

wikileaks.org.uk, wikileaks.la, and wikileaks.in point directly to 88.80.13.160

The published Wikileaks Connection Anonymity page has an out of date list of Cover Names:

Below is a List of Wikileaks Cover Names, which worked on 24th February 2008:

Somewhat naively, WikiLeakS.org claim that

Most documents come in from journalists. Frauds are extremely rare, but possible.

How can they possibly make that assumption ?

It appears that the WikiLeakS.org editors have had second thoughts and now doubt the authenticity of some allegations of tax evasion by a German Architect Juergen Grossman, amongst the documents uploaded and published in the Bank Julius Baer section

This document, its description below as well as comments posted to it are false or falsified according to different sources and investigation into them. Wikileaks is investigating as to why false documents in context to Bank Julius Baer have been put up

The reason why "false documents... have been put up" should be obvious - it is because WikiLeakS.org have created a channel which allows this to be done.

It is also a bit simplistic to think that even reliable sources always provide truthful, accurate and complete information.

Similarly, untested or previously unreliable sources can provide good information, sometimes.

Perhaps WikiLeakS.org need to tag the leaked / published documents like, for example, UK Police Forces do under under the National Intelligence Model, and their 5x5x5 Intelligence Grading form system:

For example:

Intel Source or Intel Source Ref. No:

Police Intelligence databases usually try to keep this secret

See also the previous blog article:

Does linking "Peryton" to several leaks partially betray the WikiLeakS.org promise of anonymity ?

They give an A to F rating for the reliability of the source

Source Evaluation:

  • A = Always Reliable
  • B = Mostly Reliable
  • C = Sometimes Reliable
  • D = Unreliable
  • E = Untested Source

Then there is a 1 to 5 rating for the accuracy of the information

Intelligence Evaluation:

  • 1 = Known to be true without reservation (usually technical forensic information or database records, which is not, of course, always strictly the case))
  • 2 = Known personally to the source but not to the officer
  • 3 = Not known personally to the source but corroborated
  • 4 = Cannot be judged
  • 5 = Suspected to be false

The third "x 5" in the UK Police Intelligence Grading scheme is the level Protective Marking and handling restrictions applied to the intelligence data, something which might, perhaps, be of use internally within WikiLeakS.org, but which is redundant for published material.

Handling Code - To be completed at time of entry into an intelligence system and reviewed on dissemination.

  • 1 = May be disseminated to other law enforcement and prosecuting agencies, including law enforcement with the EEA and EU compatible (no Code or Conditions)
  • 2 = May be disseminated to UK non-prosecuting parties (Code 3.7 conditions apply)
  • 3 = May be disseminated to non-EEA law enforcement agencies (Code 4.7 and/or conditions apply, specify below)
  • 4 = Only disseminate within originating agency / force. Specify internal recipient(s)
  • 5 = Disseminate: Intelligence Receiving agency to observe conditions as specified below.

The European Economic Area (EEA) and the European Union (EU), are covered by similar Data Protection laws, other countries, generally have weaker protections in law, like the USA.

Other Intelligence Agencies and mainstream media organisations presumably do something similar, although they never seem to bother to publish these reliability assessments, and tend to just quote "Government" or "Police" or "Security" sources anonymously.

Another similar model is used by the website GlobalSecurity.org, as caveats and disclaimers on its Terrorist suspect profiles:


Key to bullets

greenbullet.gif - High confidence

yellowbullet.gif - Some confidence

redbullet.gif - Low confidence

blackbullet.gif - No confidence

More explanation of the GlobalSecurity.org classifications:

The BBC's online and broadcast news technology programme Click has a report by David Reid: - Bloggers' search for anonymity

This examines some of the reasons for the need for anonymity and some of ways to get around some of repressive Government censorship of the internet.

It shows some peaceful direct action at an international tourism promotion show by Reporters Sans Frontièrs (Reporters Without Borders), who pointed out that some of the countries trying to attract Western tourists were also busy locking up and torturing journalists and bloggers, simply for publishing even mild or implied criticisms of the regime.

The programme also mentioned RSF's Handbook for bloggers and cyber-dissidents

hfbacd.gif

This should read in conjunction with the more recent and complementary
hints and tips for whistleblowers, journalists and bloggers by Spy Blog, and the Digital Security and Privacy for Human Rights Defenders manual by Front Line.

The programme mentioned the use of proxy servers to help overcome some of the Government internet censorship , which led on to a simple (cookery based) illustration of TOR, The Onion Routing scheme, which is apparently going to be used, together with other software, by the WikiLeak.orgproject.

The programme contributors give some obvious but important advice i.e. not to actually write blog articles under your real name.

There is some low tech advice about circumventing some internet censorship
e.g.by the inseration of extra punctuation around and between keywords like Tiananmen Square, e.g. perhaps +Tiananmen+Square+, which are still readable by humans, in much the same way as various spam emails attempt to overcome Bayesian heuristic anti-spam filter censorship

For a mainstream media programme, aimed at a worldwide audience, this is quite a good flavour of what this blog and the WikiLeaks.org project is about.

If a few more people out of the BBC Click programme's large online and broadcast audience are encouraged to try out say TOR, then that will be a good thing.

About this blog

This blog here at WikiLeak.org (no "S") discusses the ethical and technical issues raised by the WikiLeakS.org project, which is trying to be a resource for whistleblower leaks, by providing "untraceable mass document leaking and analysis".

These are bold and controversial aims and claims, with both pros and cons, especially for something which crosses international boundaries and legal jurisdictions.

This blog is not part of the WikiLeakS.org project, and there really are no copies of leaked documents or files being mirrored here.

Email Contact

Please feel free to email us your views about this website or news about the issues it tries to comment on:

email: blog@WikiLeak[dot]org

Before you send an email to this address, remember that this blog is independent of the WikiLeakS.org project.

If you have confidential information that you want to share with us, please make use of our PGP public encryption key or an email account based overseas e.g. Hushmail

LeakDirectory.org

Now that the WikiLeakS.org project is defunct, so far as new whistleblower are concerned, what are the alternatives ?

The LeakDirectory.org wiki page lists links and anonymity analyses of some of the many post-wikileaks projects.

There are also links to better funded "official" whistlblowing crime or national security reporting tip off websites or mainstream media websites. These should, in theory, be even better at protecting the anonymity and security of their informants, than wikileaks, but that is not always so.

New whistleblower website operators or new potential whistleblowers should carefully evaluate the best techniques (or common mistakes) from around the world and make their personal risk assessments accordingly.

Hints and Tips for Whistleblowers and Political Dissidents

The WikiLeakS.org Submissions web page provides some methods for sending them leaked documents, with varying degrees of anonymity and security. Anybody planning to do this for real, should also read some of the other guides and advice to political activists and dissidents:

Please take the appropriate precautions if you are planning to blow the whistle on shadowy and powerful people in Government or commerce, and their dubious policies. The mainstream media and bloggers also need to take simple precautions to help preserve the anonymity of their sources e.g. see Spy Blog's Hints and Tips for Whistleblowers - or use this easier to remember link: http://ht4w.co.uk

BlogSafer - wiki with multilingual guides to anonymous blogging

Digital Security & Privacy for Human Rights Defenders manual, by Irish NGO Frontline Defenders.

Everyone’s Guide to By-Passing Internet Censorship for Citizens Worldwide (.pdf - 31 pages), by the Citizenlab at the University of Toronto.

Handbook for Bloggers and Cyber-Dissidents - March 2008 version - (2.2 Mb - 80 pages .pdf) by Reporters Without Borders

Reporters Guide to Covering the Beijing Olympics by Human Rights Watch.

A Practical Security Handbook for Activists and Campaigns (v 2.6) (.doc - 62 pages), by experienced UK direct action political activists

Anonymous Blogging with Wordpress & Tor - useful step by step guide with software configuration screenshots by Ethan Zuckerman at Global Voices Advocacy. (updated March 10th 2009 with the latest Tor / Vidalia bundle details)

WikiLeakS Links

The WikiLeakS.org Frequently Asked Questions (FAQ) page.

WikiLeakS Twitter feeds

The WikiLeakS.org website does not stay online all of the time, especially when there is a surge of traffic caused by mainstream media coverage of a particularly newsworthy leak.

Recently, they have been using their new Twitter feeds, to selectively publicise leaked documents to the media, and also to report on the status of routing or traffic congestion problems affecting the main website in Stockholm, Sweden.

N.B.the words "security" or "anonymity" and "Twitter" are mutually exclusive:

WikiLeakS.org Twitter feed via SSL encrypted session: https://twitter.com/wikileaks

WikiLeakS.org unencrypted Twitter feed http://twitter.com/wikileaks

Internet Censorship

OpenNet Initiative - researches and measures the extent of actual state level censorship of the internet. Features a blocked web URL checker and censorship map.

Temporary Autonomous Zone

Temporary Autonomous Zones (TAZ) by Hakim Bey (Peter Lambourn Wilson)

Cyberpunk author William Gibson

Campaign Button Links

Watching Them, Watching Us, UK Public CCTV Surveillance Regulation Campaign
UK Public CCTV Surveillance Regulation Campaign

NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card
NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card and National Identity Register centralised database.

Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.
Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.

FreeFarid_150.jpg
FreeFarid.com - Kafkaesque extradition of Farid Hilali under the European Arrest Warrant to Spain

Peaceful resistance to the curtailment of our rights to Free Assembly and Free Speech in the SOCPA Designated Area around Parliament Square and beyond

Parliament Protest blog - resistance to the Designated Area restricting peaceful demonstrations or lobbying in the vicinity of Parliament.

Petition to the European Commission and European Parliament against their vague Data Retention plans
Data Retention is No Solution Petition to the European Commission and European Parliament against their vague Data Retention plans.

Save Parliament: Legislative and Regulatory Reform Bill (and other issues)
Save Parliament - Legislative and Regulatory Reform Bill (and other issues)

Open_Rights_Group.png
Open Rights Group

The Big Opt Out Campaign - opt out of having your NHS Care Record medical records and personal details stored insecurely on a massive national centralised database.

Tor - the onion routing network
Tor - the onion routing network - "Tor aims to defend against traffic analysis, a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security. Communications are bounced around a distributed network of servers called onion routers, protecting you from websites that build profiles of your interests, local eavesdroppers that read your data or learn what sites you visit, and even the onion routers themselves."

Tor - the onion routing network
Anonymous Blogging with Wordpress and Tor - useful Guide published by Global Voices Advocacy with step by step software configuration screenshots (updated March 10th 2009).

irrepressible_banner_03.gif
Amnesty International's irrepressible.info campaign

anoniblog_150.png
BlogSafer - wiki with multilingual guides to anonymous blogging

ngoiab_150.png
NGO in a box - Security Edition privacy and security software tools

homeofficewatch_150.jpg
Home Office Watch blog, "a single repository of all the shambolic errors and mistakes made by the British Home Office compiled from Parliamentary Questions, news reports, and tip-offs by the Liberal Democrat Home Affairs team."

rsf_logo_150.gif
Reporters Without Borders - Reporters Sans Frontières - campaign for journalists 'and bloggers' freedom in repressive countries and war zones.

committee_to_protect_bloggers_150.gif
Committee to Protect Bloggers - "devoted to the protection of bloggers worldwide with a focus on highlighting the plight of bloggers threatened and imprisoned by their government."

wikileaks_logo_low.jpg
Wikileaks.org - the controversial "uncensorable, anonymous whistleblowing" website based currently in Sweden.

Syndicate this site (XML):

Recent Comments

  • James Hyams: I'm writing a thesis on Public Trust in WikiLeaks, the read more
  • rich kaplan: Hello Wikeleaks vrew. In Turkey , the islamist goverment just read more
  • wikileak: Cryptome have a few more extracts from this book http://cryptome.org/0003/ddb-book/ddb-book.htm read more
  • wikileak: OpenLeaks.org have now launched their website with some details of read more
  • wikileak: Bahnhof Internet seem to be hosting two Wikileaks servers in read more
  • teresa: I THANK THEY JUST TO SHUT HIM UP. THEY THINK read more
  • wikileak: Clay Shirky has posted a rough transcript of Daniel Domscheit-Berg's read more
  • wikileak: @ N - you can still see the "1.2 million read more
  • N: @wikileak - Exactly, these cables are _from_ the United States, read more
  • wikileak: Openleaks.org is now displaying this meassage: Coming soon! While we read more

November 2018

Sun Mon Tue Wed Thu Fri Sat
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30