Wikileaks has accused a Guardian journalist of negligently publishing the passphrase for a database of unredacted secret US diplomatic cables in a book. The encrypted database is available on BitTorrent. The book by David Leigh, Inside Julian Assange's War on Secrecy, contains an excerpt explaining how he persuaded Julian …
"they have had seven months to remove the files"
What from the internet? How do you do that then?
Ask Barbara Streisand, apparently she knows how.
I learnt from the bourne supremacy not to trust the guardian. Seems it was true all along!
Oh the Guardian and its hack are TEH INNOCENT
Yes, assume the file is "temporay", then write the password to it into a ghostwritten book. Elementary security measures? Nah!
I hear Mr. Leigh also sold the book rights to some Hollywoodian company? Strike the iron while hot etc.
lol, rofl, pmsl
This is what happens when someone takes sensitive information and attempts to commercially exploit it. If documents had simply been leaked in the public interest then they could have been edited and published on the net for free. But no, Wikileaks and Assange had to "partner" with a select number of publishing organisations.
There is a place for whistleblowers, and there's another place for self gratifying money grabbing wankers.
"they could have been edited and published on the net for free"
"There is a place for whistleblowers, and there's another place for self gratifying money grabbing wankers."
Well said. I would not trust this man to wax a toy car.
wikilieaks secrets revealed
the words 'petard' and 'hoist' spring to mind
Everybody just totally failed here
The Grauniad shouldn't have published the passphrase, wikileaks shouldn't have given them it in the first place, and even if they did, they should have separately encrypted it to the "insurance" encrypted file that was published (I assume that's the one that was on the torrent sites). Then finally people dealing with encrypted files should have been aware that you can't "change the password" on an encrypted file.
Just a total balls up from everyone.
Spilt milk and who's to blame
Let's not forget that the US let these cables escape, and let's not forget that someone decided it was okay to have identifiable names within those cables to start with.
Who gives a passphrase to a journalist??
No seriously. WHY did anybody revealed this passphrase?
So lets get this straight.
Assange and Wikileaks puts the files on a private computer that they then use to share with journalists.
They then pull the files off the system.
So why did they then re-encrypt them with the same password and put it out on bit torrent?
Wouldn't you use a different password?
>So why did they then re-encrypt them with the same password and put it out on bit torrent?
...because an encrypted insurance archive doesn't offer much insurance if you're the only one that has the password?
Presumably the Ass has trusted numerous journos with it....
All of this makes him look even sillier. No back up, no security. Nada. Zilch. Nichts The null set.
As of now there is little credibility left, if any. The only remaining thing to be found? A connection between him and the source of the data. I suspect this is not long in coming.
The US didn't 'let' these escape, they were deliberatately and with malice aforethought swiped by someone with authorized access.
As for identifiable names, well, if you don't source your intelligence accurately, there's no way for higher levels to check - some low-level ambitious idiot could just making stuff up as he goes. So there *must* be names, or the content of cable becomes essentially meaniningless.
@AC Posted Friday 2nd September 2011 13:25 GMT
"...because an encrypted insurance archive doesn't offer much insurance if you're the only one that has the password?"
Ok so rather than re-encrypting the files with another password, and then writing down the password, putting it in a sealed envelope and sending it off to your lawyer(s) so that in the event of an emergency, they then publicly release the password to the press...
Now that would have been the smurt thing to do. The smart thing would have been to not touch the stolen files in the first place, but until Manning talks, we don't know to the extent of Assange's involvement, now do we?
Haven't you ever seen the movie 'The Firm' ?
In the interests of fairness
I hope The Guardian journalist responsible is treated with the same malice by US authorities as Julian Assange is,.. but I suspect that won't be the case.
Top notch work by David Leigh. What a pillock.
Why would you even put the proper password into the book?
Would it make any difference if you'd put "Swordfish" in place of the real, actual proper password? Did it require any extra authenticity?
The password was some sort of statement in itself
I forget what it was (look it up on the Guardian website) but if I were writing a book and was explicitly told that the password was a one-time only thing and the password itself had interest then putting it in the book wouldn't seem unreasonable.
The Guardian journalist was too trusting of Wikileaks though, I'd have double-checked that they weren't ever going to reuse the password but I'm an ex sysadmin and so I have that sort of paranoia.
Ahh, the hypocrisy
If this wasn't so serious it would be funny, man goes to the government he stole it from to attempt to 'take action' over loss of control of said stolen information.
Having the redacted ones release was one thing, the unredacted information can cause problems in so many more ways, some not immediately obvious.
My hypocrisy meter is keeping stum except when I point it in the Guardian's direction where it goes off-scale.
Who exactly stole something from whom? Do we have Intellectual Property issues here? Maybe patents? Could you clarify?
pot + kettle
+ the boys from the Department of State, who just couldn't resist: "
What we have said all along about the danger of these types of things... Once WikiLeaks has these documents in its possession, it loses control and information gets out whether they intend [it] to or not." Wonderful.
Pardon my stupidity...
... but how can a password that's been used to encrypt a file ever be "temporary"?
Who are these people, and when were they let out of their cave?
I can think of two ways.
Either you can encrypt the file and make it available with one password, then later delete the encrypted version and make another one with a second password, or you can use the temporary password as a means of accessing the actual encryption password.
It sounds like they were trying for something closer to the former. The encrypted hard drives we use here seem to be using the latter.
Of course, neither of those do anything to stop someone from decrypting the file and then making copies of the decrypted data.
RE: Pardon my stupidity...
".....how can a password that's been used to encrypt a file ever be "temporary"?..." You could have a combined decryption script that takes the system date and hashes it to make one key, then the password to make the second key. When the "temporary" date passes, the value of key one will become invalid and the decryption will fail even if the correct password was used to generate key two. The user never knows about the first key, unless they can get to the script to reverse engineer it, and if the actual file is hosted on your server and all you do is present a webpage for them to enter the password into, they will not even be aware that it is a two key process. All they see is that the password is valid one day but fails the next.
Re: Pardon my stupidity...
"Who are these people"
Seems to me that what David Leigh was told and what he *thought* he was told are two different things. How much knowledge and experience does Leigh have of cryptography? I guess not a lot.
Paris, cos she's so clever.
Let's not forget Sarah Tisdall
When did the Guardian ever behave ethically?
Yes, lets not.
"When did the Guardian ever behave ethically?"
Maybe when they fought this as far as they could in the courts, but eventually complied with the law. Well, it was that or go to jail, bankrupt, while all your employees look for new jobs in Thatchers recession.
Re: Yes, lets not.
""When did the Guardian ever behave ethically?"
Maybe when they fought this as far as they could in the courts, but eventually complied with the law. Well, it was that or go to jail, bankrupt, while all your employees look for new jobs in Thatchers recession."
'Twas no more Thatcher's recession than this one is Cameron's or Clegg's; only a short while before Thatcher took office the bungling Labour party in government had called in the IMF to bail us out; in fact it was their bankrupt policies that stimulated her formulation of basic economics; don't spend money that you do not have. That's what happened just recently to the Greeks, whose spending and taxing policies were as bankrupt as the last Labour government's policy on selling treasury reserve gold (at a low point in the market, announcing it in advance, selling it en bloc, all of which depressed the price still further; it is an age old truism that precious metals are the best way to protect wealth against the market, but Labour do not do economics), making illegal wars, destroying NHS dentistry, sacrificing the NHS on the altar of 'big build projects', silly IT projects that wasted billions, making the forces pay for their wars rather than using the contingency reserve, a clandestine immigration policy which, combined with slackness on border controls and failure to understand the impact of extended EU membership resulted in more than 4 million extra citizens in this country, which was already not self sufficient in food and energy, at a time when we face energy and phosphate shortages and much worse.
Oh yes. Thatcher called in the IMF, not the Labour party, even though they were the party in power at a time when the unions held their party to ransom, when bodies were not buried, when rubbish was piled high in the streets attracting rats and other vermin (see any online photographic archive more more on that story), and tanks could only travel a few hundred 'track miles' to train in warfare at a time when the Soviets were muscling across the world, supplying soldiers like me with sub standard kit, bad accommodation and making it necessary for the wives of married soldiers on active duty to claim supplementary/housing benefits because they could not afford their MQs.
Oh yes. Thatcher's recession.
I despise revisionism, especially when it appears to be of the ad hominem theological variety.
No doubt what state depoartment wanted.
So a Guardian journo publishes the key to an encrypted file.. thinking it can somehow 'expire', or that that file is super-secure and will never find it's way out of the hands of a select few. Probably done mostly for 'see what we know! na-na-naaa! willy-waving reasons, but maybe requested by someone? If you want to blame Assange then at least do it for the act of providing the leaks to journos in the first place; he is not directly responsible for publishing the password.
Also; for this to be 'devastating' the file needs to come out too; and how did that happen? it miraculously pops up on the Entertainment Industries favourite whipping boy, bittorrent! humm. lots of idiots and dark actors about.
It's quite possible that the Hillary, or rather the manipulative thugs in real power, wanted this out. It will undoubtedly be used to try and convince the grand jury that the argument the leaks were redacted is false, and that somehow Assange is culpable for this leak too. Maybe they can get that indictment they so crave.
The spooks wont really care for all the little people who will suffer; stopping this dangerous idea that free speech applies to us all, and not just the powerful, is far more important. And in the meantime they get one step closer to extraditing their nemesis; and garner a vast amount of righteous indignation from the mouthpieces of Fox etc.. These are people who think they are chessmasters; losing a few pawns is no matter.
WL not to blame here
The Guardian is at fault here. David Leigh, the editors brother-in-law, has single-handedly released more US cables than Wikileaks, and done so in an unredacted form. He did this in a book he personally profited from, yet he probably did so out of negligence and gross stupidity. The Guardian have compounded this by falsely claiming that they were told the password was time-limited - it can't have been, so even if they were assured of this they should have known this.
Brief history. WL stupidly chose the Guardian as a partner, but were smart enough to get three agreements in writing.
1. The material is for review only, and not to be published without the express consent of Julian Assange or his authorised representative.
2. The material will be held in strict confidence and will not be shown to any third party.
3. The material will not be viewed at any time on any computer terminal which is open to the internet.
The Guardian broke 1&2 by releasing it to the NYT - and the US state dept - against the express wishes of Assange. The Guardian admit this in their book and confirmed in the NYT book. Seeemingly the Guardian also admit that they broke the third sensible condition, although my only source for this is WL. By breaking a legal agreement Rusbridger is criminally liable.
A few asides on this that struck me. In their articles and book, the Guardian came across as technically ignorant of basic security procedures when approached by WL. Their responses today seem disingenous, and yet one Guardian journalist attempted to deflect culpability by blaming WL for using symmetrical encryption. For an organisation to claim a PGP password should be time-expired, only later to claim the encryption wasn't up-to-scratch is obvious dishonesty. They can claim ignorance, or they can blame others ignorance, but they can't do both credibly.
I witnessed the Guardian 'Libyan live blog' the other night. It's a registered forum like El Reg. A user posted a pro-Gaddafi comment under another users name, and was exposed because the actual user was online. At the same time nonsense posts by pro-Gaddafi users were getting 50 'recommends' a minute, which is unsurprising since you only have to clear your Guardian cookie to recommend and don't need to be registered. In short, the Guardian technical knowledge, security and credibility is non-existant. I was meant to be helping two of their journalists investigating a security-related issue, and I certainly won't be now.
If they got those agreements in writing
Then how could anything go wrong.
>>"but were smart enough to get three agreements in writing."
>>>"... By breaking a legal agreement Rusbridger is criminally liable."
No, breaking the /law/ makes someone /criminally/ liable.
Breaching a contract might make them liable to civil action, though it'd be pretty interesting to see Wikileaks trying to argue the case that they ever actually *owned* the information concerned. Somehow, I'm not sure how much sympathy they'd get from a judge *or* a jury.
Guardian released the torrent
I presume the Guardian torrented their encrypted copy of the cables. Wikileaks would stand to lose credibility and cash if the unredacted cables were released outside of their control. This threat would give the Guardian power in their relationship.
No, my understanding is.
Wikileaks released the encrypted file on torrents, Guardian published the key.
Worth a limerick...
There once was a prat called Assange
Who couldn't discern right from wronge
Leaks to him: OK
Wiki-leaking? No way!
An arrogant hypocrite with no sense of irony and all the moral fibre of a blancmange
..that last line might need a bit of work, but I can't see how to fit all I want to say into eight syllables
all those downvotes
Humourful fucks more like.
Effulgent and all that.
no place for amateurs - but that's all there is
Here we now have conclusive evidence, if any was needed, that everyone involved in this whole cablegate this is a moron. From US gov't executives who cavalierly dumped those secret cables on a clearly insecure network, to news editors who stupidly mishandled the keys to the kingdom, to Assange [TM] and his cohorts of private actors whose megalomania has sealed their own sorry fates. People should wake up to the fact that the "experts" they've entrusted their lives and livelihoods to are a bunch of frauds who really need to be shown the door -- of a prison cell.
that, of course,
applies to almost all of the modern world, not just WL et.al.
Never would have guessed that
*Adds to mangled wordlist*
so what does Ass-ange...[tm] actually want?
Did he not say: "They're informants... if they get killed, they deserve it."
So what's all the fuzz about then? Why does he suddenly think that those documents should not be in the wild. Why did he share the password with anyone (WL-member or not) in the first place then? Is it really about whistleblowing, or could it be that Assange[tm] is only interested in one thing: his own fame and ego?
If Assange can't make up his mind, he can as well go to Sweden and stand the trial, which he is overdue to attend anyway (or hearing, more precisely). His disregard for anyone but himself is shocking anyway, and I struggle to believe in his alleged motives.
Interesting read: http://www.dailymail.co.uk/news/article-2023140/WikiLeaks-Julian-Assange-portrayed-predatory-narcissistic-fantasist-new-book.html
I appreciate the idea behind Wikileaks. Maybe someone other than Assange should take over, which is obviously happening already... Bye, bye Julian.
daily mail ?
Re: so what does Ass-ange...[tm] actually want?
I've been saying this and more for months. The man is a convict, 25 times over. He has moved on to bigger offences, and his profile includes inseminating a 16 year old girl who has moved heaven and earth to remain unpublicised.
As to St. Jules, this: http://www.youtube.com/watch?v=s2HYRXiWMsk
Re: so what does Ass-ange...[tm] actually want?
Thank you for the link. I should have been watching for that. I find it interesting that the image this man has been projecting is beginning to break up:
"[...] his platinum bob had been replaced by a hatch of black and blond spots."
The data on women are very suggestive and accord with things that I have been saying for months now, in respect of profiles, offending careers and so on. Someone took exception to this, saying that the sort of offences for which Assange was convicted 25 times (breaking into USAF defence computers, Australian police computers and so on) were not remotely connected; I countered that offenders start small and progress, also mentioning that what we seem to have here are rule following offences, that is to say, not abiding by the rules that govern interpersonal behaviours. Similarly, it is also the case that not all offences are reported from an early stage, but only catch up on the offender as awareness grows. I think that we are beginning to see the real Julian Assange, as opposed to 'Mendax'.
Re: daily mail ?
Firstly, whereas the truth is the property of no individual, institution or other group of individuals, it cannot be said that an individual, institution or other group of individuals are incapable of iterating the truth.
Secondly, the argumentum ad hominem that is implicit in your response does not make for good epistemology.
Thirdly, the historian Max Hastings writes articles for the DM, seriously.
Finally, I can cite you articles from, e.g., the Guardian that are as distastefully, silly and untruthful just as easily as I can from any other newspaper. Whilst there is such a thing as editorial policy, you'll find left wing stuff in the DM, and other sillies in other papers.
If you post hard hitting factual material in Guardian fora, they'll be banned should they not be to their fluffy little heads, even if you document them with links and reasoned argument. This happens in most online fora to an extent, but the Guardian is HQ fluffy, cotton wool reasoning.
Oh I see...
So wikileaks is only opposed secrecy when it's not them controlling the secrets. How ironic. Its a bit like a thief going to the police when his swag is stolen by someone else.
Re: Oh I see...
"So wikileaks is only opposed secrecy when it's not them controlling the secrets. How ironic. Its a bit like a thief going to the police when his swag is stolen by someone else."
The snowball appears to be gathering pace. Have you ordered sufficient popcorn, or beer/your choice?