Pigeon Feed
View unanswered posts | View active topics It is currently Wed Jan 17, 2018 1:59 am



Reply to topic  [ 1 post ] 
 2011 diplomatic cables and Wikileaks 
Author Message
User avatar

Joined: Thu Mar 31, 2011 4:00 pm
Posts: 10071
Post 2011 diplomatic cables and Wikileaks
Unredacted U.S. Diplomatic WikiLeaks Cables Published

It looks as if the entire mass of U.S. diplomatic cables that WikiLeaks had is available online somewhere. How this came about is a good illustration of how security can go wrong in ways you don't expect.

Near as I can tell, this is what happened:
  • In order to send the Guardian the cables, WikiLeaks encrypted them and put them on its website at a hidden URL.
  • WikiLeaks sent the Guardian the URL.
  • WikiLeaks sent the Guardian the encryption key.
  • The Guardian downloaded and decrypted the file.
  • WikiLeaks removed the file from their server.
  • Somehow, the encrypted file ends up on BitTorrent. Perhaps someone found the hidden URL, downloaded the file, and then uploaded it to BitTorrent. Perhaps it is the "insurance file." I don't know.
  • The Guardian published a book about WikiLeaks. Thinking the decryption key had no value, it published the key in the book.
  • A reader used the key from the book to decrypt the archive from BitTorrent, and published the decrypted version: all the U.S. diplomatic cables in unredacted form.

Memo to the Guardian: Publishing encryption keys is almost always a bad idea. Memo to WikiLeaks: Using the same key for the Guardian and for the insurance file -- if that's what you did -- was a bad idea.

EDITED TO ADD (9/1): From pp 138-9 of WikiLeaks:

Assange wrote down on a scrap of paper: ACollectionOfHistorySince_1966_ToThe_PresentDay#. "That's the password," he said. "But you have to add one extra word when you type it in. You have to put in the word 'Diplomatic' before the word 'History'. Can you remember that?"

I think we can all agree that that's a secure encryption key.

EDITED TO ADD (9/1): WikiLeaks says that the Guardian file and the insurance file are not encrypted with the same key. Which brings us back to the question: how did the encrypted Guardian file get loose?

EDITED TO ADD (9/1): Spiegel has the detailed story.

Source Link


Sat Dec 24, 2016 10:12 pm
Profile
Display posts from previous:  Sort by  
Reply to topic   [ 1 post ] 

Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.