WikiLeaks published its full cache of unredacted US diplomatic cables on Friday. The decision to release the 251,287 US embassy cables in searchable format follows in the wake of revelations that a book by a Guardian journalist published in February disclosed the secret key to the raw archive file which became available on file- …
Chain of events
This will probably be the beginning of a not-too-prolonged chain of events will which lead to death-penalty-eligible charges being preferred against Assange, Manning, and possibly some of their cohorts.
And they will all richly deserve it.
The death penalty isn't an option.
Never really was.
Besides, Bubba says Assange has a pretty mouth....
Bubba says Assange has a pretty mouth....
Surely, that's "purty"?
No, thats a common misconception.
Bubba received his GED while in prison and is well on his way to getting his college education all paid for by the State.
Oh I love that
Wikileaks accuses the Grauniad of being technically inept - priceless.
Not that the Graun is technically ept of course - but in re-using passwords WL did just do probably the biggest security woopsie right there for the whole world to see.
Anyway - looks to me that this is mostly about Assange and Dumbshit having handbags at twenty paces.
RE: Oh I love that
And worse, they were using PGP!?!? Been broken for a while, the Yanks probably knew what was in the stash within twenty-four hours of it going online. Hopefully they did and managed to move or warn any sources that would have been made vulnerable by the leaks.
how is PGP 'broken'?
That one must have passed me by. As far as I know, PGP just uses widely known algorithms (IDEA/DES/AES/Blowfish etc.) that are currently not known to have been "broken". Any chance you could point me to a citation for that...?
RE: PGP broken?
Go read http://www.pgp.net/pgpnet/pgp-faq/pgp-faq-security-questions.html, especially the bit about Blacknet. PGP relies on making the job of factoring the key too computationally intensive for most parties, but the massive strides in computing power (matched with the massive growth in budget of the NSA) have meant the PGP key standard has had to increase in size to try and stay ahead. PGP keys were originally 128-bit IIRC, now much larger, the most paranoid users choosing 1024-bit keys
So, how do we know PGP is being "broken"? PGP was the encryption tool of choice for Al Quaeda during the Nineties and Noughties, until the CIA admitted they had used material from several captured laptops to help them find AQ hidey-holes in Pakistan. It's suspected that the CIA and NSA simply used brute force to break the AQ encryption. The two key AQ communication guys picked up, Noor and Tsoulis, both were known PGP users from their careers prior to AQ, and an 82-page AQ Internet security manual, written by Noor and distributed to AQ Worldwide, talked users through setting up PGP and generating keys.
Several zombie nets have been found running PGP-breaking tools, though what they were being run against is unknown (probably the encrypted material beloning to rival hackers, or maybe government or commercial secrets, no-one knows). All you need to do is break the factoring task down into small chunks and the average zombie PC becomes a great PGP breaker, especially if you have several thousand you can turn to the task. An old 50MHz 486 CPU can do 26MIPS, so just imagine what several thousand modern cores can do. Then think of several million server cores, as used by the NSA.
And then there are short-cuts you can take in the factoring (example, http://veriat.com/pgp-security-hole.html). Some are known and have been addressed in newer versions, but PGP is just more man-made code - who's to say there aren't nmore bugs and holes being exploited already that users don't know about?
So, the NSA and CIA have the motive to break PGP, the skills and the computational means, so anyone (like Assnut) stupid enough to annoy them should really think about double encryption with more than one tool, and not make PGP one of those tools.
So who leaked the encrypted archive?
That is the important thing isn't it? Was it Wikileaks, thinking that the Grauniad would keep the password secret? Or was it the Guardian, demonstrating how clueless they are?
The Wikileaks decision is arguably rational... But they are not helping either.
Fail all over this one.
Try keeping up in the back rows!
Bestest overview in Der Spiegel:
"A Dispatch Disaster in Six Acts"
"Not how PGP files work"
That phrase makes me distrust whoever said it. Of course it isn't how PGP files work, but it's just a smoke screen - the file was only supposed to exist for a few hours, and be on a secure server. That's what makes it temporary.
@Tobin Let me get this straight...
Assange puts the files up in an encrypted package on a closed/private server using one password. Tells Guardian that its a one time password.
Later Assange puts same files out on the internet as a bit torrent, as its insurance policy.
Unknown to the Guardian, Assange was dumb enough to reuse the 'one time' password.
So in theory, there shouldn't be any problems for the Guardian to publish a password use by Assange, right? Only an idiot would reuse a 'one time' password to re-encrypt the package.
Kinda says alot, don't it?
1) "Given that the full database file is downloadable from hundreds of sites there is only one internally rational action," WikiLeaks said
Erm... can the London looters use this defence? "Everyone else was nicking stuff, so I did too."
2) '...a contention WikiLeaks argues demonstrates technical ineptitude on the part of the paper.
"It is false that the passphrase was temporary or was ever described as such. That is not how PGP files work. Ask any expert," said the leaker organisation.'
For this I assume that WikiLeaks did tell them that it was temporary. If The Guardian has to ask an expert to find out that what Wikileaks told it is wrong, it's not really negligence to believe Wikileaks. (I personally don't think you need to ask an expert, but anyway...)
Why would anyone want this
To log all searches in real time with a server hosted by the now leaky wilkileaks, or just unlock the file and search it locally ?
Go for it!
1) Go to cryptome.org, download
2) Spend a couple hours scripting and setting up website on 127.0.0.1 (finally an occasion to use Lucene!)
"Our foreign minister said WHAT?"
"Relations between the whistle-blowers and the Graun first began to sour after the liberal paper began investigating details of the sexual assault allegations against founder Julian Assange™, which remain the subject of Swedish extradition proceedings"
No, the Graun kopped a strop when WL gave the cables to other media publishers (NYT and DSp), thus losing the exclusive story rights.
Wikileaks were annoyed that the Guardian gave the NYT the full files against the express wishes of Assange. The Guardian did this to get access to the US spooks, and to cover their bums. You should read the books that the Guardian and NYT have written, they are confessionals of breaches of journalistic ethics dressed up as a secret squirrel adventure story.
Why don't you say what you believe to be the 'breach' of journalistic ethics?
"No, the Graun kopped a strop when WL gave the cables to other media publishers"
Given that from the point of view of the Graun they're foreign papers, why would they care? They've still got the UK exclusive, and I don't think it's likely people in the UK will queue up to buy the NYT or DSp.
I hope JA gets what he deserves. I have read of despotic governments who are already using what they can glean from the material reseased so far to persecute opposition figures, in some cases on "Treason" charges. This action shows up the whole WL edifice for the self serving publicity seeking bunch of uninformed adolecents they really are. I hope JA ends up in jail for a very long time. Probably a better fate than many people he has cheerfully exposed.
If the password wasn't described as temporary - show us!
Ironically, there seems to be a culture of secrecy in wikileaks. There must have been an email or some form of logged electronic communication in which that password was conveyed to the journalist. It's not like they could speak it out over the phone while someone on the other end jotted it down (well they could, but it would be impractical and too error prone). So why don't they simply put this argument to rest by leaking that email. It should show exactly how the password was described.
... and all the others throwing stones in this thread, should go read the detailed analyses of the entire situation that are but a quick google away.
Then you'd know that the password was written down, albeit with a verbal explanation of a required variation, during a meeting.
No emailed password
The passphrase was passed on a piece of paper, according to the journalist who then published it. The Guardian have already admitted that against Wikileaks instructions they kept a copy of the unencrypted file on an internet facing PC, so it could easily have been lifted from their site given how technologically unaware they have proven themselves to be - at one point Assange had to drive across town to show them how to unzip a file!
re: No emailed password #
Not only but also :)
page 139: .. "Obviously there was no way he, or any other human, could read through a quarter of a million cables. Cut off from the Guardian's own network, he was unable to have the material turned into a searchable database. Nor could he call up such a monolithic file on his laptop and search through it in the normal simple-minded journalistic way, as a word processor document or something similar: it was just too big".
"Harold Frayman, the Guardian's technical expert, was there to rescue him. Before Leigh left town, he saved the material into 87 chunks, each just about small enough to call up and read seperatly. Then he explained how Leigh could use a simple program called TextWrangler to search for the key words or phrases through all the seperate files simultaneously, and present the results in a user friendly form".
`The entire Leigh/Harding Wikileaks book is written in the thrilled tone of a girl scout's diary, clearly reveling in the secret squirrel aspect of the story'.
Couldn't have said it better ..
"...The paper stated that it had been told the PGP passphrase only allowed temporary access to a encrypted copy of the files on a secret (soon to be deleted) directory of the WikiLeaks site, a contention WikiLeaks argues demonstrates technical ineptitude on the part of the paper..."
Didn't wikileaks realise that they were dealing with journalists, not IT security experts? This suggests that Wikileaks really don't know what they're doing - they should have as a minimum given separately encrypted versions of the same file to each organisation they were dealing with and removed them from their web site once downloaded. They certainly shouldn't have had the file left on their servers after download for exactly this sort of reason.
Anyway, the upshot is that Assange now gets to release all the files in an un-redacted format, which is what he wanted all along, before those pesky journos butted in and told him it was irresponsible.
Julian can try and polish turd as much as he likes but the whole issue is beginning to look like a sorry mess to me.
Maybe now Wikileaks can move on to some interesting projects.
A quick recap
Don't bother downloading and reading all these papers. It's old news. Example:
The Libyan freedom war is very much a success thanks to the help of NATO and US forces securing ... what else is there? Oil! Bomb them back to the whatever age you like, as long as they keep the oil flowing our way. Thankyouverymuch.
Watch the rerun in a coutry nearby pretty damn soon.
so if the whole good/evil nature of wikileaks hinges on them not releasing unedited info that will get people killed , then wtf are they doing releasing this key to - journalists, of all people, no matter how temporary. ( not temporary at all as it turns out)
so big fail to WL for that, but also equally negligent is whichever journo published the key.
the end of Wikileaks
kind of ironic how Wikileaks took all these steps to make sure that no one could destroy them as an organization, yet they seem to be doing it to themselves. In a matter of days, they have destroyed their credibility and proven their incompetence. Who is going to trust these bumbling group of clowns now?
love him or hate him
Thanks to Julian, lots of people, innocent and guilty as sin alike, are in for a world of shit.
So JA is the sole guilty party in all this? Not Manning? Not US military security (or lack thereof) that allowed a private to access and download classified stuff? Not the newspapers that too gladly are publishing the material? Not Joe Public that want to read all about it?
Or on a deeper philosophical level, not the society you have that consists of borders and distrust and dirty secrets between (so-called) sentient beings that share the same damn friggen dna and pale blue dot in this universe?
And then you, using the handle zen, which implies a deeper and balanced and spiritual understanding, blame the bullet for the killing. That is quite pathetic. But not surprising as far as your species go...
>>Thanks to Julian, lots of people, innocent and guilty as sin alike, are in for a world of shit.
Yep. Truth's a bitch innit?
Someone should assassinate Assange and and anyone else who thinks that free information is better than censored information. Nobody would dare to publish facts afterwards, and the world would be safe.
What concerns me
Is it will be the soldiers that suffer, not the politicans, prime ministers, presidents or senators.
Rightly or wrongly, these guys and girls put themselves on the frontline to defend their fellow country people.
What Assange did was reckless and was just done to make himself well known, the arrogant [insert expletive here].
Maybe he wouldn't be so calm if he was being shot at.
In that case, before condemning Assange, look at your politicians and government and their reasons for putting their young men (and women) in harms way.
Their reasons are even more questionable than those you accuse Assange of.
Assange (wikileaks) is a symptom. Not the problem.
From da book
' Eventually, Assange capitulated. Late at night, after a two-hour
debate, he started the process on one of his little netbooks that would
enable Leigh to download the entire tranche of cables. The Guardian
journalist had to set up the PGP encryption system on his laptop at home
across the other side of London. Then he could feed in a password.
Assange wrote down on a scrap of paper:
ACollectionOfHistorySince_1966_ToThe_PresentDay#. “That’s the
password,” he said. “But you have to add one extra word when you type it
in. Y have to put in the word ‘Diplomatic’ before the word ‘History’. Can
you remember that?”
“I can remember that.”
Leigh set off home, and successfully installed the PGP software. He
typed in the lengthy password, and was gratified to be able to download a
huge file from Assange’s temporary website. Then he realized it was
zipped up – compressed using a format called 7z which he had never
heard of, and couldn’t understand. He got back in his car and drove
through the deserted London streets in the small hours, to Assange’s
headquarters in Southwick Mews. Assange smiled a little pityingly, and
unzipped it for him.'
- Hi-torque tank engines: EXTREME car hacking with The Register
- Review What's MISSING on Amazon Fire Phone... and why it WON'T set the world alight
- Product round-up Ten excellent FREE PC apps to brighten your Windows
- Product round-up Trousers down for six of the best affordable Androids
- Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...