back to article All WikiLeaks' secret US cables are on BitTorrent in full

Wikileaks has accused a Guardian journalist of negligently publishing the passphrase for a database of unredacted secret US diplomatic cables in a book. The encrypted database is available on BitTorrent. The book by David Leigh, Inside Julian Assange's War on Secrecy, contains an excerpt explaining how he persuaded Julian …

COMMENTS

This topic is closed for new posts.
  1. vic 4
    FAIL

    "they have had seven months to remove the files"

    What from the internet? How do you do that then?

    1. Rattus Rattus

      @vic 4

      Ask Barbara Streisand, apparently she knows how.

      1. Danny 14
        Joke

        hmmm

        I learnt from the bourne supremacy not to trust the guardian. Seems it was true all along!

  2. Destroy All Monsters Silver badge
    Unhappy

    Oh the Guardian and its hack are TEH INNOCENT

    Yes, assume the file is "temporay", then write the password to it into a ghostwritten book. Elementary security measures? Nah!

    I hear Mr. Leigh also sold the book rights to some Hollywoodian company? Strike the iron while hot etc.

  3. Naughtyhorse

    wikilieaks secrets revealed

    the words 'petard' and 'hoist' spring to mind

  4. Anonymous Coward
    Flame

    ooooops

    lol, rofl, pmsl

    This is what happens when someone takes sensitive information and attempts to commercially exploit it. If documents had simply been leaked in the public interest then they could have been edited and published on the net for free. But no, Wikileaks and Assange had to "partner" with a select number of publishing organisations.

    There is a place for whistleblowers, and there's another place for self gratifying money grabbing wankers.

    1. Destroy All Monsters Silver badge
      Facepalm

      "they could have been edited and published on the net for free"

      Just what

    2. Scorchio!!

      Re: ooooops

      "There is a place for whistleblowers, and there's another place for self gratifying money grabbing wankers."

      Well said. I would not trust this man to wax a toy car.

      http://www.spiegel.de/international/world/0,1518,783084,00.html

      http://www.spiegel.de/international/world/0,1518,783778,00.html#ref=nlint

  5. Will 28
    FAIL

    Everybody just totally failed here

    The Grauniad shouldn't have published the passphrase, wikileaks shouldn't have given them it in the first place, and even if they did, they should have separately encrypted it to the "insurance" encrypted file that was published (I assume that's the one that was on the torrent sites). Then finally people dealing with encrypted files should have been aware that you can't "change the password" on an encrypted file.

    Just a total balls up from everyone.

    1. Jason Bloomberg Silver badge
      Headmaster

      Spilt milk and who's to blame

      Let's not forget that the US let these cables escape, and let's not forget that someone decided it was okay to have identifiable names within those cables to start with.

      1. Ian Michael Gumby
        WTF?

        Huh?

        Ok,

        So lets get this straight.

        Assange and Wikileaks puts the files on a private computer that they then use to share with journalists.

        They then pull the files off the system.

        Ok...

        So why did they then re-encrypt them with the same password and put it out on bit torrent?

        Wouldn't you use a different password?

        Silly me.

        1. Anonymous Coward
          Holmes

          @Gumby

          >So why did they then re-encrypt them with the same password and put it out on bit torrent?

          ...because an encrypted insurance archive doesn't offer much insurance if you're the only one that has the password?

          Presumably the Ass has trusted numerous journos with it....

          1. Scorchio!!

            Re: @Gumby

            All of this makes him look even sillier. No back up, no security. Nada. Zilch. Nichts The null set.

            As of now there is little credibility left, if any. The only remaining thing to be found? A connection between him and the source of the data. I suspect this is not long in coming.

          2. Ian Michael Gumby
            WTF?

            @AC Posted Friday 2nd September 2011 13:25 GMT

            "...because an encrypted insurance archive doesn't offer much insurance if you're the only one that has the password?"

            Ok so rather than re-encrypting the files with another password, and then writing down the password, putting it in a sealed envelope and sending it off to your lawyer(s) so that in the event of an emergency, they then publicly release the password to the press...

            Now that would have been the smurt thing to do. The smart thing would have been to not touch the stolen files in the first place, but until Manning talks, we don't know to the extent of Assange's involvement, now do we?

            Haven't you ever seen the movie 'The Firm' ?

      2. laird cummings
        FAIL

        @Spilt milk

        The US didn't 'let' these escape, they were deliberatately and with malice aforethought swiped by someone with authorized access.

        As for identifiable names, well, if you don't source your intelligence accurately, there's no way for higher levels to check - some low-level ambitious idiot could just making stuff up as he goes. So there *must* be names, or the content of cable becomes essentially meaniningless.

    2. ratfox
      FAIL

      Who gives a passphrase to a journalist??

      No seriously. WHY did anybody revealed this passphrase?

  6. oldredlion
    Facepalm

    Pillock

    Top notch work by David Leigh. What a pillock.

    Why would you even put the proper password into the book?

    Would it make any difference if you'd put "Swordfish" in place of the real, actual proper password? Did it require any extra authenticity?

    1. Toby 10

      The password was some sort of statement in itself

      I forget what it was (look it up on the Guardian website) but if I were writing a book and was explicitly told that the password was a one-time only thing and the password itself had interest then putting it in the book wouldn't seem unreasonable.

      The Guardian journalist was too trusting of Wikileaks though, I'd have double-checked that they weren't ever going to reuse the password but I'm an ex sysadmin and so I have that sort of paranoia.

  7. Anonymous Coward
    Anonymous Coward

    In the interests of fairness

    I hope The Guardian journalist responsible is treated with the same malice by US authorities as Julian Assange is,.. but I suspect that won't be the case.

  8. bitmap animal
    Facepalm

    Ahh, the hypocrisy

    If this wasn't so serious it would be funny, man goes to the government he stole it from to attempt to 'take action' over loss of control of said stolen information.

    Having the redacted ones release was one thing, the unredacted information can cause problems in so many more ways, some not immediately obvious.

    1. Destroy All Monsters Silver badge
      Big Brother

      I'm sorry?

      My hypocrisy meter is keeping stum except when I point it in the Guardian's direction where it goes off-scale.

      Who exactly stole something from whom? Do we have Intellectual Property issues here? Maybe patents? Could you clarify?

  9. Brent Longborough
    WTF?

    Pardon my stupidity...

    ... but how can a password that's been used to encrypt a file ever be "temporary"?

    Who are these people, and when were they let out of their cave?

    1. Anonymous Coward
      Anonymous Coward

      I can think of two ways.

      Either you can encrypt the file and make it available with one password, then later delete the encrypted version and make another one with a second password, or you can use the temporary password as a means of accessing the actual encryption password.

      It sounds like they were trying for something closer to the former. The encrypted hard drives we use here seem to be using the latter.

      Of course, neither of those do anything to stop someone from decrypting the file and then making copies of the decrypted data.

    2. Matt Bryant Silver badge
      Boffin

      RE: Pardon my stupidity...

      ".....how can a password that's been used to encrypt a file ever be "temporary"?..." You could have a combined decryption script that takes the system date and hashes it to make one key, then the password to make the second key. When the "temporary" date passes, the value of key one will become invalid and the decryption will fail even if the correct password was used to generate key two. The user never knows about the first key, unless they can get to the script to reverse engineer it, and if the actual file is hosted on your server and all you do is present a webpage for them to enter the password into, they will not even be aware that it is a two key process. All they see is that the password is valid one day but fails the next.

    3. Evan Essence
      Paris Hilton

      Re: Pardon my stupidity...

      "Who are these people"

      Seems to me that what David Leigh was told and what he *thought* he was told are two different things. How much knowledge and experience does Leigh have of cryptography? I guess not a lot.

      Paris, cos she's so clever.

  10. Ian Johnston Silver badge
    Thumb Down

    Let's not forget Sarah Tisdall

    When did the Guardian ever behave ethically?

    1. Owen Carter
      Facepalm

      Yes, lets not.

      "When did the Guardian ever behave ethically?"

      Maybe when they fought this as far as they could in the courts, but eventually complied with the law. Well, it was that or go to jail, bankrupt, while all your employees look for new jobs in Thatchers recession.

      1. Scorchio!!
        FAIL

        Re: Yes, lets not.

        ""When did the Guardian ever behave ethically?"

        Maybe when they fought this as far as they could in the courts, but eventually complied with the law. Well, it was that or go to jail, bankrupt, while all your employees look for new jobs in Thatchers recession."

        'Twas no more Thatcher's recession than this one is Cameron's or Clegg's; only a short while before Thatcher took office the bungling Labour party in government had called in the IMF to bail us out; in fact it was their bankrupt policies that stimulated her formulation of basic economics; don't spend money that you do not have. That's what happened just recently to the Greeks, whose spending and taxing policies were as bankrupt as the last Labour government's policy on selling treasury reserve gold (at a low point in the market, announcing it in advance, selling it en bloc, all of which depressed the price still further; it is an age old truism that precious metals are the best way to protect wealth against the market, but Labour do not do economics), making illegal wars, destroying NHS dentistry, sacrificing the NHS on the altar of 'big build projects', silly IT projects that wasted billions, making the forces pay for their wars rather than using the contingency reserve, a clandestine immigration policy which, combined with slackness on border controls and failure to understand the impact of extended EU membership resulted in more than 4 million extra citizens in this country, which was already not self sufficient in food and energy, at a time when we face energy and phosphate shortages and much worse.

        Oh yes. Thatcher called in the IMF, not the Labour party, even though they were the party in power at a time when the unions held their party to ransom, when bodies were not buried, when rubbish was piled high in the streets attracting rats and other vermin (see any online photographic archive more more on that story), and tanks could only travel a few hundred 'track miles' to train in warfare at a time when the Soviets were muscling across the world, supplying soldiers like me with sub standard kit, bad accommodation and making it necessary for the wives of married soldiers on active duty to claim supplementary/housing benefits because they could not afford their MQs.

        Oh yes. Thatcher's recession.

        I despise revisionism, especially when it appears to be of the ad hominem theological variety.

  11. Anonymous Coward
    Happy

    pot + kettle

    + the boys from the Department of State, who just couldn't resist: "

    What we have said all along about the danger of these types of things... Once WikiLeaks has these documents in its possession, it loses control and information gets out whether they intend [it] to or not." Wonderful.

  12. Owen Carter
    Big Brother

    No doubt what state depoartment wanted.

    So a Guardian journo publishes the key to an encrypted file.. thinking it can somehow 'expire', or that that file is super-secure and will never find it's way out of the hands of a select few. Probably done mostly for 'see what we know! na-na-naaa! willy-waving reasons, but maybe requested by someone? If you want to blame Assange then at least do it for the act of providing the leaks to journos in the first place; he is not directly responsible for publishing the password.

    Also; for this to be 'devastating' the file needs to come out too; and how did that happen? it miraculously pops up on the Entertainment Industries favourite whipping boy, bittorrent! humm. lots of idiots and dark actors about.

    It's quite possible that the Hillary, or rather the manipulative thugs in real power, wanted this out. It will undoubtedly be used to try and convince the grand jury that the argument the leaks were redacted is false, and that somehow Assange is culpable for this leak too. Maybe they can get that indictment they so crave.

    The spooks wont really care for all the little people who will suffer; stopping this dangerous idea that free speech applies to us all, and not just the powerful, is far more important. And in the meantime they get one step closer to extraditing their nemesis; and garner a vast amount of righteous indignation from the mouthpieces of Fox etc.. These are people who think they are chessmasters; losing a few pawns is no matter.

  13. Anonymous Coward
    Anonymous Coward

    WL not to blame here

    The Guardian is at fault here. David Leigh, the editors brother-in-law, has single-handedly released more US cables than Wikileaks, and done so in an unredacted form. He did this in a book he personally profited from, yet he probably did so out of negligence and gross stupidity. The Guardian have compounded this by falsely claiming that they were told the password was time-limited - it can't have been, so even if they were assured of this they should have known this.

    Brief history. WL stupidly chose the Guardian as a partner, but were smart enough to get three agreements in writing.

    1. The material is for review only, and not to be published without the express consent of Julian Assange or his authorised representative.

    2. The material will be held in strict confidence and will not be shown to any third party.

    3. The material will not be viewed at any time on any computer terminal which is open to the internet.

    The Guardian broke 1&2 by releasing it to the NYT - and the US state dept - against the express wishes of Assange. The Guardian admit this in their book and confirmed in the NYT book. Seeemingly the Guardian also admit that they broke the third sensible condition, although my only source for this is WL. By breaking a legal agreement Rusbridger is criminally liable.

    A few asides on this that struck me. In their articles and book, the Guardian came across as technically ignorant of basic security procedures when approached by WL. Their responses today seem disingenous, and yet one Guardian journalist attempted to deflect culpability by blaming WL for using symmetrical encryption. For an organisation to claim a PGP password should be time-expired, only later to claim the encryption wasn't up-to-scratch is obvious dishonesty. They can claim ignorance, or they can blame others ignorance, but they can't do both credibly.

    I witnessed the Guardian 'Libyan live blog' the other night. It's a registered forum like El Reg. A user posted a pro-Gaddafi comment under another users name, and was exposed because the actual user was online. At the same time nonsense posts by pro-Gaddafi users were getting 50 'recommends' a minute, which is unsurprising since you only have to clear your Guardian cookie to recommend and don't need to be registered. In short, the Guardian technical knowledge, security and credibility is non-existant. I was meant to be helping two of their journalists investigating a security-related issue, and I certainly won't be now.

    1. Anonymous Coward
      IT Angle

      If they got those agreements in writing

      Then how could anything go wrong.

    2. david wilson

      @AC

      >>"but were smart enough to get three agreements in writing."

      >>>"... By breaking a legal agreement Rusbridger is criminally liable."

      No, breaking the /law/ makes someone /criminally/ liable.

      Breaching a contract might make them liable to civil action, though it'd be pretty interesting to see Wikileaks trying to argue the case that they ever actually *owned* the information concerned. Somehow, I'm not sure how much sympathy they'd get from a judge *or* a jury.

  14. Flummoxed

    Guardian released the torrent

    I presume the Guardian torrented their encrypted copy of the cables. Wikileaks would stand to lose credibility and cash if the unredacted cables were released outside of their control. This threat would give the Guardian power in their relationship.

    1. LaeMing

      No, my understanding is.

      Wikileaks released the encrypted file on torrents, Guardian published the key.

  15. philbo

    Worth a limerick...

    There once was a prat called Assange

    Who couldn't discern right from wronge

    Leaks to him: OK

    Wiki-leaking? No way!

    An arrogant hypocrite with no sense of irony and all the moral fibre of a blancmange

    ..that last line might need a bit of work, but I can't see how to fit all I want to say into eight syllables

    1. sabroni Silver badge

      all those downvotes

      humourless fucks!

      1. Anonymous Coward
        Anonymous Coward

        Humourful fucks more like.

        Effulgent and all that.

  16. Anonymous Coward
    Anonymous Coward

    Never would have guessed that

    *Adds to mangled wordlist*

  17. Anonymous Coward
    Thumb Down

    no place for amateurs - but that's all there is

    Here we now have conclusive evidence, if any was needed, that everyone involved in this whole cablegate this is a moron. From US gov't executives who cavalierly dumped those secret cables on a clearly insecure network, to news editors who stupidly mishandled the keys to the kingdom, to Assange [TM] and his cohorts of private actors whose megalomania has sealed their own sorry fates. People should wake up to the fact that the "experts" they've entrusted their lives and livelihoods to are a bunch of frauds who really need to be shown the door -- of a prison cell.

    1. LaeMing
      Unhappy

      that, of course,

      applies to almost all of the modern world, not just WL et.al.

  18. Anonymous Coward
    Anonymous Coward

    so what does Ass-ange...[tm] actually want?

    Did he not say: "They're informants... if they get killed, they deserve it."

    Source: http://www.dailymail.co.uk/news/article-1351927/WikiLeaks-Julian-Assange-new-book-Afghan-informants-deserve-killed.html

    So what's all the fuzz about then? Why does he suddenly think that those documents should not be in the wild. Why did he share the password with anyone (WL-member or not) in the first place then? Is it really about whistleblowing, or could it be that Assange[tm] is only interested in one thing: his own fame and ego?

    If Assange can't make up his mind, he can as well go to Sweden and stand the trial, which he is overdue to attend anyway (or hearing, more precisely). His disregard for anyone but himself is shocking anyway, and I struggle to believe in his alleged motives.

    Interesting read: http://www.dailymail.co.uk/news/article-2023140/WikiLeaks-Julian-Assange-portrayed-predatory-narcissistic-fantasist-new-book.html

    I appreciate the idea behind Wikileaks. Maybe someone other than Assange should take over, which is obviously happening already... Bye, bye Julian.

    1. Anonymous Coward
      WTF?

      daily mail ?

      seriously ?

      1. Scorchio!!

        Re: daily mail ?

        "seriously ?"

        Firstly, whereas the truth is the property of no individual, institution or other group of individuals, it cannot be said that an individual, institution or other group of individuals are incapable of iterating the truth.

        Secondly, the argumentum ad hominem that is implicit in your response does not make for good epistemology.

        Thirdly, the historian Max Hastings writes articles for the DM, seriously.

        Finally, I can cite you articles from, e.g., the Guardian that are as distastefully, silly and untruthful just as easily as I can from any other newspaper. Whilst there is such a thing as editorial policy, you'll find left wing stuff in the DM, and other sillies in other papers.

        If you post hard hitting factual material in Guardian fora, they'll be banned should they not be to their fluffy little heads, even if you document them with links and reasoned argument. This happens in most online fora to an extent, but the Guardian is HQ fluffy, cotton wool reasoning.

    2. Scorchio!!
      Thumb Up

      Re: so what does Ass-ange...[tm] actually want?

      I've been saying this and more for months. The man is a convict, 25 times over. He has moved on to bigger offences, and his profile includes inseminating a 16 year old girl who has moved heaven and earth to remain unpublicised.

      As to St. Jules, this: http://www.youtube.com/watch?v=s2HYRXiWMsk

    3. Scorchio!!

      Re: so what does Ass-ange...[tm] actually want?

      Thank you for the link. I should have been watching for that. I find it interesting that the image this man has been projecting is beginning to break up:

      "[...] his platinum bob had been replaced by a hatch of black and blond spots."

      The data on women are very suggestive and accord with things that I have been saying for months now, in respect of profiles, offending careers and so on. Someone took exception to this, saying that the sort of offences for which Assange was convicted 25 times (breaking into USAF defence computers, Australian police computers and so on) were not remotely connected; I countered that offenders start small and progress, also mentioning that what we seem to have here are rule following offences, that is to say, not abiding by the rules that govern interpersonal behaviours. Similarly, it is also the case that not all offences are reported from an early stage, but only catch up on the offender as awareness grows. I think that we are beginning to see the real Julian Assange, as opposed to 'Mendax'.

  19. Dave 120
    FAIL

    Oh I see...

    So wikileaks is only opposed secrecy when it's not them controlling the secrets. How ironic. Its a bit like a thief going to the police when his swag is stolen by someone else.

    1. Scorchio!!
      Thumb Up

      Re: Oh I see...

      "So wikileaks is only opposed secrecy when it's not them controlling the secrets. How ironic. Its a bit like a thief going to the police when his swag is stolen by someone else."

      The snowball appears to be gathering pace. Have you ordered sufficient popcorn, or beer/your choice?

      http://www.spiegel.de/international/world/0,1518,784048,00.html#ref=nlint

  20. This post has been deleted by its author

  21. Destroy All Monsters Silver badge
    Devil

    Peachy!

    http://www.wikileaks.org/Guardian-journalist-negligently.html

  22. Destroy All Monsters Silver badge
    Devil

    Peachy 2!

    A Dispatch Disaster in Six Acts

    http://www.spiegel.de/international/world/0,1518,783778,00.html

  23. Anonymous Coward
    Big Brother

    Memo to everyone

    Do not trust journalists - ever, under any circumstances.

    1. david wilson

      @AC

      >>"Do not trust journalists"

      Well, I'd be wary of trusting them *or* net-based fellow-travellers (however well-meaning) with anything I didn't want made public.

      I guess I could *probably* trust them if what I wanted them to do was what I expected them to want to do anyway.

  24. Tim 54
    Facepalm

    Assange in action

    Seems a lot of jumping to blame the Guardian here.

    According to them they were told (and would expect) the password was for time limited access to get hold of the files. They assumed (as would anyone with any understanding of security) that it was a one off password, hence why publishing it in the book wouldn't be an issue.

    They also claim the docs doing the round on bittorrent are not the same as those they received (and I bet they can prove it).

    The book was published months ago, and never gave details of where the files were located.

    I for one am prepared to trust an organisation that is effectively non-profit (the Guardian is owned by a Trust which exists to see the Guardian is published), that brought down News International over the phone hacking scandal, and spent thousands carefully redacting the cables so that that they could be published responsibly over the egomaniac Assange who seems to fall out with everyone.

    I believe Wikileaks was a great idea, but Assange is an idiot who's trying to cover his own back after making a fundamentally basic security mistake. This could well be the death of Wikileaks, but the fault lies with the combination of control-freak and ego of Assange, not the Guardian.

    The truth will come out in court (if Assange doesn't back down like the last 2 times he threatened to sue the Guardian after they fell out).

  25. Jonathan Hogg
    WTF?

    Seems like people are being a little unfair to the Guardian journalist

    If I was sharing an incredibly sensitive file with someone I would not give them the master passphrase. I would re-encrypt the file with a new single-use passphrase and give them that, then securely erase the new file after sharing it. It is reasonable for the journalist to have expected this to be the case, especially if he had been told it was a "temporary passphrase". In this case, the choice of passphrase is clearly newsworthy and of interest to readers of a book about the events.

    Since it's well documented that Assange(TM) had no original intention of protecting anyone named in the cables and was quite happy to release them without redaction (it was the papers that did all the work in redacting or they wouldn't help in publicising the leak), it seems likely to me that Assange deliberately leaked the file knowing that it would eventually become public and he could blame someone else for it.

    Either way, it's pretty rich of Assange(TM) to be crying foul now.

    1. Anonymous Coward
      Anonymous Coward

      After you shared it

      I think that is not encryption but trust.

  26. conhoolio

    Grammar error

    Correction to a grammatical error in the headline. It should read:

    All WikiLeaks' secret US cables are belong to BitTorrent

  27. Merlin54

    Is this about the famous file ?

    Is this about the famous insurance.aes256 ? I tried to decrypt the file with Openssl and the password available online as published in the Guardian's book, followed all rules as explained in the book, but it can't decrypt.

    With the option openssl enc -d aes-256-cbc or just -aes256, I am getting a bad decryptor message, decryption failed.

    However, there is no error message when using the option -aes-256-ecb, but I think it's just a collision, because there is also no error message when using a password ONION (just try it, it works), and the output is again something cyphered or corrupted, or just a plain nonsense. This fuss is either it's NOT about the insurance.aes256, or the published password is fake.

    I know I can browse and read the unredacted cables online, but just wondering is all this about the insurance.aes256 or some other file.

    1. Danny 2

      Not the insurance file

      http://nigelparry.com/news/guardian-david-leigh-cablegate.shtml

This topic is closed for new posts.

Other stories you might like