"they have had seven months to remove the files"
What from the internet? How do you do that then?
Wikileaks has accused a Guardian journalist of negligently publishing the passphrase for a database of unredacted secret US diplomatic cables in a book. The encrypted database is available on BitTorrent. The book by David Leigh, Inside Julian Assange's War on Secrecy, contains an excerpt explaining how he persuaded Julian …
lol, rofl, pmsl
This is what happens when someone takes sensitive information and attempts to commercially exploit it. If documents had simply been leaked in the public interest then they could have been edited and published on the net for free. But no, Wikileaks and Assange had to "partner" with a select number of publishing organisations.
There is a place for whistleblowers, and there's another place for self gratifying money grabbing wankers.
"There is a place for whistleblowers, and there's another place for self gratifying money grabbing wankers."
Well said. I would not trust this man to wax a toy car.
http://www.spiegel.de/international/world/0,1518,783084,00.html
http://www.spiegel.de/international/world/0,1518,783778,00.html#ref=nlint
The Grauniad shouldn't have published the passphrase, wikileaks shouldn't have given them it in the first place, and even if they did, they should have separately encrypted it to the "insurance" encrypted file that was published (I assume that's the one that was on the torrent sites). Then finally people dealing with encrypted files should have been aware that you can't "change the password" on an encrypted file.
Just a total balls up from everyone.
Ok,
So lets get this straight.
Assange and Wikileaks puts the files on a private computer that they then use to share with journalists.
They then pull the files off the system.
Ok...
So why did they then re-encrypt them with the same password and put it out on bit torrent?
Wouldn't you use a different password?
Silly me.
"...because an encrypted insurance archive doesn't offer much insurance if you're the only one that has the password?"
Ok so rather than re-encrypting the files with another password, and then writing down the password, putting it in a sealed envelope and sending it off to your lawyer(s) so that in the event of an emergency, they then publicly release the password to the press...
Now that would have been the smurt thing to do. The smart thing would have been to not touch the stolen files in the first place, but until Manning talks, we don't know to the extent of Assange's involvement, now do we?
Haven't you ever seen the movie 'The Firm' ?
The US didn't 'let' these escape, they were deliberatately and with malice aforethought swiped by someone with authorized access.
As for identifiable names, well, if you don't source your intelligence accurately, there's no way for higher levels to check - some low-level ambitious idiot could just making stuff up as he goes. So there *must* be names, or the content of cable becomes essentially meaniningless.
I forget what it was (look it up on the Guardian website) but if I were writing a book and was explicitly told that the password was a one-time only thing and the password itself had interest then putting it in the book wouldn't seem unreasonable.
The Guardian journalist was too trusting of Wikileaks though, I'd have double-checked that they weren't ever going to reuse the password but I'm an ex sysadmin and so I have that sort of paranoia.
If this wasn't so serious it would be funny, man goes to the government he stole it from to attempt to 'take action' over loss of control of said stolen information.
Having the redacted ones release was one thing, the unredacted information can cause problems in so many more ways, some not immediately obvious.
Either you can encrypt the file and make it available with one password, then later delete the encrypted version and make another one with a second password, or you can use the temporary password as a means of accessing the actual encryption password.
It sounds like they were trying for something closer to the former. The encrypted hard drives we use here seem to be using the latter.
Of course, neither of those do anything to stop someone from decrypting the file and then making copies of the decrypted data.
".....how can a password that's been used to encrypt a file ever be "temporary"?..." You could have a combined decryption script that takes the system date and hashes it to make one key, then the password to make the second key. When the "temporary" date passes, the value of key one will become invalid and the decryption will fail even if the correct password was used to generate key two. The user never knows about the first key, unless they can get to the script to reverse engineer it, and if the actual file is hosted on your server and all you do is present a webpage for them to enter the password into, they will not even be aware that it is a two key process. All they see is that the password is valid one day but fails the next.
""When did the Guardian ever behave ethically?"
Maybe when they fought this as far as they could in the courts, but eventually complied with the law. Well, it was that or go to jail, bankrupt, while all your employees look for new jobs in Thatchers recession."
'Twas no more Thatcher's recession than this one is Cameron's or Clegg's; only a short while before Thatcher took office the bungling Labour party in government had called in the IMF to bail us out; in fact it was their bankrupt policies that stimulated her formulation of basic economics; don't spend money that you do not have. That's what happened just recently to the Greeks, whose spending and taxing policies were as bankrupt as the last Labour government's policy on selling treasury reserve gold (at a low point in the market, announcing it in advance, selling it en bloc, all of which depressed the price still further; it is an age old truism that precious metals are the best way to protect wealth against the market, but Labour do not do economics), making illegal wars, destroying NHS dentistry, sacrificing the NHS on the altar of 'big build projects', silly IT projects that wasted billions, making the forces pay for their wars rather than using the contingency reserve, a clandestine immigration policy which, combined with slackness on border controls and failure to understand the impact of extended EU membership resulted in more than 4 million extra citizens in this country, which was already not self sufficient in food and energy, at a time when we face energy and phosphate shortages and much worse.
Oh yes. Thatcher called in the IMF, not the Labour party, even though they were the party in power at a time when the unions held their party to ransom, when bodies were not buried, when rubbish was piled high in the streets attracting rats and other vermin (see any online photographic archive more more on that story), and tanks could only travel a few hundred 'track miles' to train in warfare at a time when the Soviets were muscling across the world, supplying soldiers like me with sub standard kit, bad accommodation and making it necessary for the wives of married soldiers on active duty to claim supplementary/housing benefits because they could not afford their MQs.
Oh yes. Thatcher's recession.
I despise revisionism, especially when it appears to be of the ad hominem theological variety.
+ the boys from the Department of State, who just couldn't resist: "
What we have said all along about the danger of these types of things... Once WikiLeaks has these documents in its possession, it loses control and information gets out whether they intend [it] to or not." Wonderful.
So a Guardian journo publishes the key to an encrypted file.. thinking it can somehow 'expire', or that that file is super-secure and will never find it's way out of the hands of a select few. Probably done mostly for 'see what we know! na-na-naaa! willy-waving reasons, but maybe requested by someone? If you want to blame Assange then at least do it for the act of providing the leaks to journos in the first place; he is not directly responsible for publishing the password.
Also; for this to be 'devastating' the file needs to come out too; and how did that happen? it miraculously pops up on the Entertainment Industries favourite whipping boy, bittorrent! humm. lots of idiots and dark actors about.
It's quite possible that the Hillary, or rather the manipulative thugs in real power, wanted this out. It will undoubtedly be used to try and convince the grand jury that the argument the leaks were redacted is false, and that somehow Assange is culpable for this leak too. Maybe they can get that indictment they so crave.
The spooks wont really care for all the little people who will suffer; stopping this dangerous idea that free speech applies to us all, and not just the powerful, is far more important. And in the meantime they get one step closer to extraditing their nemesis; and garner a vast amount of righteous indignation from the mouthpieces of Fox etc.. These are people who think they are chessmasters; losing a few pawns is no matter.
The Guardian is at fault here. David Leigh, the editors brother-in-law, has single-handedly released more US cables than Wikileaks, and done so in an unredacted form. He did this in a book he personally profited from, yet he probably did so out of negligence and gross stupidity. The Guardian have compounded this by falsely claiming that they were told the password was time-limited - it can't have been, so even if they were assured of this they should have known this.
Brief history. WL stupidly chose the Guardian as a partner, but were smart enough to get three agreements in writing.
1. The material is for review only, and not to be published without the express consent of Julian Assange or his authorised representative.
2. The material will be held in strict confidence and will not be shown to any third party.
3. The material will not be viewed at any time on any computer terminal which is open to the internet.
The Guardian broke 1&2 by releasing it to the NYT - and the US state dept - against the express wishes of Assange. The Guardian admit this in their book and confirmed in the NYT book. Seeemingly the Guardian also admit that they broke the third sensible condition, although my only source for this is WL. By breaking a legal agreement Rusbridger is criminally liable.
A few asides on this that struck me. In their articles and book, the Guardian came across as technically ignorant of basic security procedures when approached by WL. Their responses today seem disingenous, and yet one Guardian journalist attempted to deflect culpability by blaming WL for using symmetrical encryption. For an organisation to claim a PGP password should be time-expired, only later to claim the encryption wasn't up-to-scratch is obvious dishonesty. They can claim ignorance, or they can blame others ignorance, but they can't do both credibly.
I witnessed the Guardian 'Libyan live blog' the other night. It's a registered forum like El Reg. A user posted a pro-Gaddafi comment under another users name, and was exposed because the actual user was online. At the same time nonsense posts by pro-Gaddafi users were getting 50 'recommends' a minute, which is unsurprising since you only have to clear your Guardian cookie to recommend and don't need to be registered. In short, the Guardian technical knowledge, security and credibility is non-existant. I was meant to be helping two of their journalists investigating a security-related issue, and I certainly won't be now.
>>"but were smart enough to get three agreements in writing."
>>>"... By breaking a legal agreement Rusbridger is criminally liable."
No, breaking the /law/ makes someone /criminally/ liable.
Breaching a contract might make them liable to civil action, though it'd be pretty interesting to see Wikileaks trying to argue the case that they ever actually *owned* the information concerned. Somehow, I'm not sure how much sympathy they'd get from a judge *or* a jury.
There once was a prat called Assange
Who couldn't discern right from wronge
Leaks to him: OK
Wiki-leaking? No way!
An arrogant hypocrite with no sense of irony and all the moral fibre of a blancmange
..that last line might need a bit of work, but I can't see how to fit all I want to say into eight syllables
Here we now have conclusive evidence, if any was needed, that everyone involved in this whole cablegate this is a moron. From US gov't executives who cavalierly dumped those secret cables on a clearly insecure network, to news editors who stupidly mishandled the keys to the kingdom, to Assange [TM] and his cohorts of private actors whose megalomania has sealed their own sorry fates. People should wake up to the fact that the "experts" they've entrusted their lives and livelihoods to are a bunch of frauds who really need to be shown the door -- of a prison cell.
Did he not say: "They're informants... if they get killed, they deserve it."
Source: http://www.dailymail.co.uk/news/article-1351927/WikiLeaks-Julian-Assange-new-book-Afghan-informants-deserve-killed.html
So what's all the fuzz about then? Why does he suddenly think that those documents should not be in the wild. Why did he share the password with anyone (WL-member or not) in the first place then? Is it really about whistleblowing, or could it be that Assange[tm] is only interested in one thing: his own fame and ego?
If Assange can't make up his mind, he can as well go to Sweden and stand the trial, which he is overdue to attend anyway (or hearing, more precisely). His disregard for anyone but himself is shocking anyway, and I struggle to believe in his alleged motives.
Interesting read: http://www.dailymail.co.uk/news/article-2023140/WikiLeaks-Julian-Assange-portrayed-predatory-narcissistic-fantasist-new-book.html
I appreciate the idea behind Wikileaks. Maybe someone other than Assange should take over, which is obviously happening already... Bye, bye Julian.
"seriously ?"
Firstly, whereas the truth is the property of no individual, institution or other group of individuals, it cannot be said that an individual, institution or other group of individuals are incapable of iterating the truth.
Secondly, the argumentum ad hominem that is implicit in your response does not make for good epistemology.
Thirdly, the historian Max Hastings writes articles for the DM, seriously.
Finally, I can cite you articles from, e.g., the Guardian that are as distastefully, silly and untruthful just as easily as I can from any other newspaper. Whilst there is such a thing as editorial policy, you'll find left wing stuff in the DM, and other sillies in other papers.
If you post hard hitting factual material in Guardian fora, they'll be banned should they not be to their fluffy little heads, even if you document them with links and reasoned argument. This happens in most online fora to an extent, but the Guardian is HQ fluffy, cotton wool reasoning.
I've been saying this and more for months. The man is a convict, 25 times over. He has moved on to bigger offences, and his profile includes inseminating a 16 year old girl who has moved heaven and earth to remain unpublicised.
As to St. Jules, this: http://www.youtube.com/watch?v=s2HYRXiWMsk
Thank you for the link. I should have been watching for that. I find it interesting that the image this man has been projecting is beginning to break up:
"[...] his platinum bob had been replaced by a hatch of black and blond spots."
The data on women are very suggestive and accord with things that I have been saying for months now, in respect of profiles, offending careers and so on. Someone took exception to this, saying that the sort of offences for which Assange was convicted 25 times (breaking into USAF defence computers, Australian police computers and so on) were not remotely connected; I countered that offenders start small and progress, also mentioning that what we seem to have here are rule following offences, that is to say, not abiding by the rules that govern interpersonal behaviours. Similarly, it is also the case that not all offences are reported from an early stage, but only catch up on the offender as awareness grows. I think that we are beginning to see the real Julian Assange, as opposed to 'Mendax'.
"So wikileaks is only opposed secrecy when it's not them controlling the secrets. How ironic. Its a bit like a thief going to the police when his swag is stolen by someone else."
The snowball appears to be gathering pace. Have you ordered sufficient popcorn, or beer/your choice?
http://www.spiegel.de/international/world/0,1518,784048,00.html#ref=nlint
This post has been deleted by its author
Seems a lot of jumping to blame the Guardian here.
According to them they were told (and would expect) the password was for time limited access to get hold of the files. They assumed (as would anyone with any understanding of security) that it was a one off password, hence why publishing it in the book wouldn't be an issue.
They also claim the docs doing the round on bittorrent are not the same as those they received (and I bet they can prove it).
The book was published months ago, and never gave details of where the files were located.
I for one am prepared to trust an organisation that is effectively non-profit (the Guardian is owned by a Trust which exists to see the Guardian is published), that brought down News International over the phone hacking scandal, and spent thousands carefully redacting the cables so that that they could be published responsibly over the egomaniac Assange who seems to fall out with everyone.
I believe Wikileaks was a great idea, but Assange is an idiot who's trying to cover his own back after making a fundamentally basic security mistake. This could well be the death of Wikileaks, but the fault lies with the combination of control-freak and ego of Assange, not the Guardian.
The truth will come out in court (if Assange doesn't back down like the last 2 times he threatened to sue the Guardian after they fell out).
If I was sharing an incredibly sensitive file with someone I would not give them the master passphrase. I would re-encrypt the file with a new single-use passphrase and give them that, then securely erase the new file after sharing it. It is reasonable for the journalist to have expected this to be the case, especially if he had been told it was a "temporary passphrase". In this case, the choice of passphrase is clearly newsworthy and of interest to readers of a book about the events.
Since it's well documented that Assange(TM) had no original intention of protecting anyone named in the cables and was quite happy to release them without redaction (it was the papers that did all the work in redacting or they wouldn't help in publicising the leak), it seems likely to me that Assange deliberately leaked the file knowing that it would eventually become public and he could blame someone else for it.
Either way, it's pretty rich of Assange(TM) to be crying foul now.
Is this about the famous insurance.aes256 ? I tried to decrypt the file with Openssl and the password available online as published in the Guardian's book, followed all rules as explained in the book, but it can't decrypt.
With the option openssl enc -d aes-256-cbc or just -aes256, I am getting a bad decryptor message, decryption failed.
However, there is no error message when using the option -aes-256-ecb, but I think it's just a collision, because there is also no error message when using a password ONION (just try it, it works), and the output is again something cyphered or corrupted, or just a plain nonsense. This fuss is either it's NOT about the insurance.aes256, or the published password is fake.
I know I can browse and read the unredacted cables online, but just wondering is all this about the insurance.aes256 or some other file.