The Guardian and the Wikileaks Encryption Key

rtfa-troll writes "Bruce Schneier has a good article explaining how the Guardian released the encryption key for the WikiLeaks cables and destroyed the main protection against the release of informers' personal information. The comments in Schneier's blog fill in details of how exactly WikiLeaks' secondary file security protections were also bypassed. Now the Guardian has an article that Assange risks arrest by Australia over the latest leaks, which include information about an Australian intelligence officer. They even say, 'We deplore the decision of WikiLeaks to publish the unredacted state department cables, which may put sources at risk,' and go on to state that 'The decision to publish by Julian Assange was his, and his alone,' something which seems clearly debunked in the analysis on Schneier's blog."

Links & hints to the data

[mcantsin]

http://cryptome.org/z/z.7z (368MB) pwd: ACollectionOfDiplomaticHistorySince_1966_ToThe_PresentDay# http://pastebin.com/SBq9Xpsr http://cryptome.org/xyz/x.gpg.torrent (Returns xyz_x.gpg, 409MB. No passphrase yet) http://cryptome.org/xyz/y.gpg.torrent (Returns xyz_y.gpg, 88MB. No passphrase yet) http://cryptome.org/xyz/y-docs.gpg.torrent (Returns xyz_y-docs.gpg, 8MB. No passphrase yet) http://cryptome.org/xyz/z.gpg.torrent (Returns xyz_z.gpg, 368MB. Passphrase below) "xyz_z.gpg" and "z.gpg" appear to be identical and both decrypt to "z.7z." The decrypted file is "z.7z," 368MB, which unzips to "cables.csv," about 1.7GB in size, dated 4/12/2010.

Re:Links & hints to the data

[a_nonamiss]

Information wants to be free, and I do appreciate your eagerness to propagate this information, but people will die as a result of these leaked cables.

Re:Links & hints to the data

[Ironchew]

They accepted the risks when they engaged in the covert operations to begin with. People who uncover secrets are not responsible for deaths -- killers are.

Re:Links & hints to the data

[mcantsin]

... for the LULZ!

Pls visit this: http://nyan.cat/

Re:Links & hints to the data

[rtfa-troll]

people will die as a result of these leaked cables.

Maybe. The question is, will more or less die as a result of Wikileaks making it public knowledge that they have leaked. As DarkOX already pointed out the secret services already have the files so they are looking for the sources already. Now it's possible for a source to simply type in their name and know if they are in there.

The other question is; who should take the blame. The US government which kept the names in plaintext in a database with millions of people having access; the Guardian which when trusted with secret data seems to have failed to put their IT security people on the case (how the hell else could they expect the password to an encrypted archive to change) or Wikileaks.

P.S. If you are a source and want to check if you are in there, do this on a local copy of the archives or at least do it over https. Remember that searching the archives for your name may be enough to trigger someone coming knocking.

Re:Links & hints to the data

[YesIAmAScript]

Not everyone in these documents was involved in covert operations.

I personally know a person who was mentioned in these documents. He can't be the only one who was innocently roped into this.

Re:Links & hints to the data

If you mean that his spreading this on /. may contribute to those deaths, that's some Epic Bullshit. The info is out, and the people who care enough to kill someone over it will surely care enough to find it without his convenient links.

If you mean it simply as information with no blame attached, then it's only mild bullshit; any worthwhile intelligence agency had it decrypted within 48 hours after Leigh's book went on sale. Now it's possible some very small and poorly-connected groups (i.e. no ties to a national intelligence agency to feed them the info) will find out this way, so it's conceivable someone may die who otherwise wouldn't have, but the bulk of the harm was done well before the public became aware of the passphrase & cyphertext's coexistence.

Re:Links & hints to the data

[lgarner]

Those who assist the killers are equally responsible.

Re:Links & hints to the data

[Jeremiah+Cornelius]

These leaked cables are about HAVING KILLED PEOPLE!

Including the point-blank firing of weapons into the heads of toddlers.

Including Israeli lies about killing "terrorists" being revealed as bombing and killing 16 civilian villagers, at prayer.

Like most reactionary cranks, you fret SO over the theoretical loss of life that might occur, if illegal and anti-democratic secrecy is not punitively enforced.

Where is your concern, passion and outrage about the ACTUAL callous and criminal loss of life, that would have initiated any such threat?

Your hypocrisy and disingenuous moral posturing stinks like the foetid pool of death that you defend.

Re:Links & hints to the data

[a_nonamiss]

I'm sure you're correct in that most of the damage has already been done. I am, however, reacting to the cavalier attitude with which people seem to be treating this data. People have and will be killed over this information, and more importantly, next time someone is considering leaking something that may benefit the public as a whole, they're going to think twice about doing it. Because of that, this leak is a terrible thing for the world.

Re:Links & hints to the data

I'll take ten of your "reactionary cranks" to one of you radical leftards any day. And guess what, so does most people. Geee, by looking at your rant, we wonder why. NOT.

Re:Links & hints to the data

[Jah-Wren+Ryel]

Information wants to be free, and I do appreciate your eagerness to propagate this information, but people will die as a result of these leaked cables.

You've said that twice now. How do you know it to be true? These cables weren't internal CIA reports, most of them were not even classified and those few that were had only the lowest level of classification.

Furthermore, the information was "leaked" by the Guardian's careless publication of a password. Wikileaks officially publishing them now in an easily searchable form means anyone at risk has the ability to check for themselves if their names are mentioned - the bad guys have had the cables since at least last week, if not for the last few months following the publication of the password in February.

Re:Links & hints to the data

[mcantsin]

... aqui: http://www.tvgrama.cl/v2/images/stories/noticias/febrero/pin_pon_normal.jpg

Re:Links & hints to the data

[Oxford_Comma_Lover]

They accepted the risks when they engaged in the covert operations to begin with. People who uncover secrets are not responsible for deaths -- killers are.

If your ex will kill you if he/she knows where you live, and I know your ex will do that, and I tell your ex where you live, I am *not* blameless

If the country you're in will kill you if it knows what you do, and I know the country will do that, and I tell them what you do, I am not blameless.

Saying someone accepted the risk of a bad result does not mean that other people who cause that result are inherently blameless. You may accept the risk of an accident when you drive to work in the morning, but if I hit you with my car, it may still be my fault.

Re:Links & hints to the data

[cheekyjohnson]

but people will die

In my opinion, the most important question is: how many? I'm not implying that these leaks do a good job of exposing corruption (whether they do or do not is another matter to me), but in general, I think if it does do a "good" job of exposing corruption, the lives of the few are a worthy sacrifice (and it isn't even guaranteed that they will lose their lives).

Re:Links & hints to the data

[he-sk]

Information wants to be free, and I do appreciate your eagerness to propagate this information, but people will die as a result of these leaked cables.

You've said that twice now. How do you know it to be true?

It's true because it's in bold.

Re:Links & hints to the data

People have died which is a hard fact and they are still dying, which is also a hard fact because of the illegal Wars and occupation. People dying as a result of leaked cables is FUD propagated by the war criminals. If and when we focus on the root cause real solution becomes apparent that we should imprison the war criminals. This is the most important thing but all discussion has successfully been hijacked onto Wikileaks.

I do feel for those hypothetical victims, if any turn out to be true. Even in this case the ultimate responsibility rests with the war criminals.

Re:Links & hints to the data

[Jeremiah+Cornelius]

Look at this from the tin-hat angle:

David Leigh/Guardian is working in the interest of CIA/MI6 and looking not to collaborate with WikiLeaks, but to ensnare him for prosecution.
Clue: DL Insisting on seeing the actual files
Clue: DL Pressing for the GPG passphrase
Clue: DL Publishing the ENTIRE proceeding and passphrase in a book

Dumbshit-Borg is either a long-time mole or was "turned"
Clue: D-B had full access to all unredacted material
Clue: D-B acrimoniously split with Assange/WikiLeaks over ego-boundary shit and speculative "risk" issues
Clue: D-B in his schism is part of the probable exposure of these cables - portrayed as an "accident", while he was unilaterally and admittedly sabotaging WikiLeaks
Clue: D-B can now say "I told you so" over this exposure of sources - pointing to this as evidence, rather than a situation he perpetrated

The US Army Counterintelligence Agency said in 2008 that WikiLeaks was"a potential force protection, counterintelligence, OPSEC, and INFOSEC threat to the US Army" and PLANNED OPERATIONS to neutralise/discredit WikiLeaks:

"The identification, exposure, or termination of employment of or legal actions against current or former insiders, leakers, or whistleblowers could damage or destroy this center of gravity and deter others from using Wikileaks.org to make such information public."

http://www.scribd.com/doc/28385794/Us-Intel-Wikileaks

Question: Do you think that the Agency makes these declarations in vain, for their entertainment value?

Question: Do you think they are alone, and that there are not equivalent planned and current operations by the CIA, etc.?

Question: Are the combined actions of DL and D-B implausible as the intended outcome of a counter-WikiLeaks strategy, set in motion by one or more intelligence agencies, including US Army Counterintelligence?

Think about it. Once they set this down IN PRINT, internally, and don't have a "positive" outcome? Sombody goes through the ringer.

This is likely all a setup. One with a scenario that is similar to the one indicated here, if not completely identical. It is one where where David Leigh and Dumbshit-Borg are either pathetic and self-serving dupes, or sickening quislings.

Either way, this is a noose fabricated of intentional actions with plausible deniability. Identify WikiLeaks with Assange's personality, and attack the personality. Attack the credibility of WikiLeaks methodology while distracting from their effectiveness and success in exposing filth, corruption and illegal government action.

I know the will get Assange one way or another. They just created the circumstance to have him charged in Australia - their one sure bet. But watch out, DL and D-B.

When your mysterious, untimely deaths occur, I will look at it as confirmation of these speculations.

And proudly burnish my tin-hat...

Re:Links & hints to the data

[Jeremiah+Cornelius]

Don't take a job in the Mafia's typing pool.

Don't support any government with a standing army, stationed in any foreign nation.

Re:Links & hints to the data

[shic]

...people will die as a result of these leaked cables.

Will more people die as a result of more widespread distribution - in your opinion? Do you have any evidence that genuine assassins need help from Slashdot to gain access to leaked intelligence data?

My perspective is that this seems weird... JA and Wikileaks went to great lengths not to release non-redacted data... I don't believe that the Guardian mistakenly published the key... I can hardly believe that JA/Wikileaks gave it to them - and I find it inconceivable that they did this without making clear that the key was in strictest confidence. If the Guardian published the key, then the Guardian - not Wikileaks - released the data without redactions... somehow I doubt that the Guardian (journalist) will suffer the same reaction as JA/Wikileaks.

Re:Links & hints to the data

[Jeremiah+Cornelius]

OK. Go back to shooting babies in the head, and forget I said anything.

Re:Links & hints to the data

[Anonymous+Brave+Guy]

They accepted the risks when they engaged in the covert operations to begin with.

OK, here's a new plan.

Firstly, we must stop using human intelligence sources to anticipate and try to prevent criminal acts, because the sources are often inherently at risk and you don't want to protect them.

Because the public will not stand for the damaging acts that are likely to result, we need a new source of information to help prevent them. Let's make disclosure of all communications to the state mandatory, declare any use of encryption in communications or storage reasonable grounds to suspect criminal intent, and treat anyone who does it as a suspected terrorist until proven otherwise. If you've got nothing to hide, you've got nothing to fear, so obviously this won't have any chilling effects.

Also, we should stop conducting quiet diplomacy behind closed doors, because not everyone knows what their government is doing under those circumstances, and that is just wrong. Everyone needs to know everything that goes on in government immediately or the very fabric of society is at risk.

Instead of making deals with the devil, we must ensure that we fight any opposing philosophy to the bitter end, no matter the cost and no matter how long it takes. We have, after all, been highly successful in places like the Middle East using that strategy. Meanwhile, it's not as if developments like the Northern Irish peace process started with a few brave individuals on both sides meeting secretly to see if decades of bloodshed could be brought to an end or anything. That probably didn't save anyone's life or improve the quality of life across a whole country anyway.

While we're at it, we should probably also ban witness protection programmes. Courts must be open and impartial, and there is no risk to their effectiveness in cases relating to gang violence, sexual assaults, and corruption if everything is always heard with the press present.

Finally, we should definitely televise all official government meetings in real time. Politics can be kept at bay, and we are bound to wind up with more sensible policies if decisions are made based on which sound-bite will sound best on the evening news rather than the considered opinions of experts who are familiar with more subtle arguments than "Five minutes ago you agreed with part of something I almost said in another discussion, so if you don't back me up now that's a U-turn!!!!111!eleven!"

OK, here's another plan.

First, we could use just the tiniest bit of common sense. Some things are secret for good reasons, and whatever the conspiracy theorists like to say, I'm betting that most people in government, in the police, in the security services, and in the armed forces in my country are basically decent people doing their best to protect the rest of us from not-so-decent people. Those who abuse authority should be dealt with appropriately, but we could consider a less black-and-white view and not throw out the whole fridge because a bit of cheese got mouldy.

Transparency is important, and checks and balances are important, and oversight is important, and respect for democratic roots is important, and secrets should only be kept from the general public for legitimate reasons and for as long as absolutely necessary. However, I don't think we would like to live in a world where only the bad guys kept secrets at all, and I don't think we would like to live in a world where no-one was brave enough to stand up for what is right for fear of the repercussions when they were inevitably compromised.

Re:Links & hints to the data

[genjix]

Blaa blaa and if women dress provocatively then they are to blame for getting raped.

Nice one shifting the blame away from the perpetrator.

Re:Links & hints to the data

[Jeremiah+Cornelius]

Just an aside here, I don't know how relevant it is.

I love how all the small-government types - the ones who think that the notions of commonwealth are somehow equivalent to boogieman socialism - get all righteously pro-State, when it comes to WikiLeaks. It is a curious kind of cognitive dissonance.

I propose that this psychological maladaptation is the expected outcome of an authoritarian personality forming in the context of what is, nominally, a republic.

George Orwell was impossibly subtle and perceptive in his fictional exposition of this as "DoubleThink". He demonstrates it as obvious, oxymoronic contradiction - a caricature of the actual mental state of those who enable and support totalitarian positions.

"Freedom isn't Free" Christ! That's the knee-jerk truism for "War is Peace", "Freedom is Slavery" and "Ignorance is Strength" in one, compact portmanteau!

Re:Links & hints to the data

[ObsessiveMathsFreak]

If your ex will kill you if he/she knows where you live, and I know your ex will do that, and I tell your ex where you live, I am *not* blameless

If the country you're in will kill you if it knows what you do, and I know the country will do that, and I tell them what you do, I am not blameless.

Who is Glenn Beck? What is Fox News?

I'll take "Non-Edible Fruits" for $800 please Alex.

Re:Links & hints to the data

[FoolishOwl]

Including the point-blank firing of weapons into the heads of toddlers.

I'm guessing you meant this:

WikiLeaks: Iraqi children in U.S. raid shot in head, U.N. says

Bradley Manning did the right thing.

Re:Links & hints to the data

[a_nonamiss]

Most of the damning information in the cables about corrupt governments and civilian casualties was leaked over a year ago. What was leaked in February, and recently publicized, were the sources of those leaks. So all the moral people who risked their lives and the lives of their families to expose corruption are now being rooted out and killed by said corrupt governments.

So next time someone comes across something horrible and thinks about leaking it, they'll probably remember this incident and all of the attention that it generated and think better of doing it. Where's your indignation over that?

Re:Links & hints to the data

[Pseudonym]

It's been a year, and so far, nobody has died as a result of the leaked cables. Not saying it won't happen, but it hasn't happened so far.

On the other hand, the cables contain information about people who have been murdered. These crimes would not be known, nor their murderers known, were it not for the release of the cables. So you seem to be advocating the cover-up an actual crime to potentially stop a future, theoretical crime. That'd be a great one for an undergraduate philosophy class to work through.

Re:Links & hints to the data

[ToasterMonkey]

Furthermore, the information was "leaked" by the Guardian's careless publication of a password. Wikileaks officially publishing them now in an easily searchable form means anyone at risk has the ability to check for themselves if their names are mentioned - the bad guys have had the cables since at least last week, if not for the last few months following the publication of the password in February.

It was encrypted _once_ with a symmetric key algorithm apparently, and the same encrypted data was distributed to multiple parties and the whole Internet, as an insurance policy.

_S_t_u_p_i_d_

If Wikileaks REALLY cared that this would happen (they didn't) they would have encrypted it with a different symmetric key per recipient, or used a PKI system.

I'm not going to add to all the "journalists shouldn't be expected to understand crypto" malarky. They were told the password was temporary which would have been true if their cipher text wasn't spread to the far corners of the Internet. Since it was all encrypted with the same key, who knows who spread the data, it does't even matter. Bad crypto practice, BAD!

Everyone wondering "who really torrented the symmetrically encrypted data" is a retard. The word "Guardian" could have been put in the passphrase, problem solved. Trust me, WL did not give a shit that this would eventually happen.

the bad guys have had the cables since at least last week

I like how "bad guys" getting the data matters only when you think the buck can be safely passed. Hilarious.
Before this it was all "good guys" reading it right?

Re:Links & hints to the data

[Pseudonym]

On the other hand, if the information in the cables isn't released, people who have already committed actual crimes will go unpunished.

It's unfortunate that they weren't redacted before release, but the genie is out of the bottle now. I'll wager that evil dictator governments, amoral multinational corporations, organised crime gangs and terrorist organisations won't be getting their copy from the Slashdot comments.

Re:Links & hints to the data

[Pseudonym]

People have and will be killed over this information [...]

[citation needed]

Re:Links & hints to the data

[Jeremiah+Cornelius]

No "few bad apples".

An airstrike was called in, to try and destroy evidence of the scene.

These are beginning to emerge as "business as usual" occurrences from Iraq and Afghanistan.

But, in history, we revile the Wehrmacht of Nazis for this same activity.

Re:Links & hints to the data

[MimeticLie]

You're an idiot. He's not blaming the victim, he's (rightly) laying some of the blame at the feet of the people who revealed the victim. The post he was replying to what the one that said "you leak something, you deserve what you get, hurr".

Re:Links & hints to the data

[Jeremiah+Cornelius]

I propose that this "leak" was the planned outcome of an operation, probably by the US Army Counterintelligence Agency. This agency has documents that revealed their plan to cause this EXACT kind of exposure, to discredit and subvert WikiLeaks.
url:http://www.scribd.com/doc/28385794/Us-Intel-Wikileaks

When two of the three critical players, Dumbshit-Borg and David Leigh have demonstrated themselves to be mendacious, disingenuous, self-serving and un-trustworthy? I look to them, with their insider roles, to be plausible suspects for the execution of this operation.

Re:Links & hints to the data

[poena.dare]

Dude! I saw you on Salon. Sure, it's normal for me to sink that low, BUT YOU???

Serial comment systems suck donkeys!

Re:Links & hints to the data

[MimeticLie]

I know the will get Assange one way or another. They just created the circumstance to have him charged in Australia - their one sure bet.

If that does happen, it'll be Assange's own fault. I don't buy for a minute that shadowy TLAs forced him into this; they just gave him an excuse to do what he wanted to do anyway: http://www.reuters.com/article/2011/09/02/us-wikileaks-cables-assange-idUSTRE7816SM20110902

Re:Links & hints to the data

[MimeticLie]

Oh, and by "they" I meant the Guardian.

Re:Links & hints to the data

[Jeremiah+Cornelius]

You are missing a key piece.

He didn't want them all dumped un-redacted.

Re:Links & hints to the data

[Jeremiah+Cornelius]

Heh.

I want to contrast reactions. That is one of three postings of this theory.

Re:Links & hints to the data

[suomynonAyletamitlU]

They accepted the risks when they engaged in the covert operations to begin with. People who uncover secrets are not responsible for deaths -- killers are.

If your ex will kill you if he/she knows where you live, and I know your ex will do that, and I tell your ex where you live, I am *not* blameless

If you got in bed with a psycho, deliberately betrayed him/her without his/her knowledge, and then broke up and went into hiding--but they didn't know you did anything--then me telling your ex that it was you, and what you did, is karma. Don't get me wrong, it's also me being an asshole, unless I'm friends with your ex and care more about him/her than you, but you did something wrong, you knew you did, you knew they'd be mad, and whatever your reason, it's on your damn head.

You're painting "Psycho ex" as something inevitable, a force of nature. Don't. Don't make them something mythical. They exist, and they exist because people were assholes to them and fucked up their lives. Surprise surprise, when you do the same, you get reamed for it. Similarly, don't consider tyrants and other corrupt assholes to be a force of nature, just because you can't do anything about them. Every single one of the situations in the world has a history, even if you don't care, even if you had nothing to do with it, even if you can't change it, now or ever.

Re:Links & hints to the data

[bhcompy]

Secrets aren't totalitarian or authoritarian. They're a necessary part of any functional diplomacy.

And my own aside. I love how stupid these "truthers" are(we'll call them that, since they always want the truth). Information doesn't want to be free. It's not sentient. It has no feelings. Hard truth, right there.

Re:Links & hints to the data

[bhcompy]

On the other hand, if the information in the cables isn't released, people who have already committed actual crimes will go unpunished.

Like Assange, right?

Re:Links & hints to the data

[bhcompy]

Assange already claimed responsibility for that one. No citation necessary.

Re:Links & hints to the data

[ATMAvatar]

When dealing with a trusted keeper of secrets, there is a very fine line between "common sense, let them keep secrets" and simply being a dupe to a predatory and potentially crimial entity. Wikileaks wouldn't exist if the various governments of the world gave us even the slightest reason to trust them.

In the US, our elected officials are one step shy of openly taking bribes, and in the last few months, two of the three branches have been mired in what boils down to little more than a dick waving contest. We have spent a decade occupying two countries we invaded without the slightest bit of reliable intel that would give us reason to do so. Our economy was raped by Wall Street parasites that subsequently got written a big check and left without so much as a slap on the wrist.

I have absolutely zero faith that our government has the best interests of its people in mind. While I would not personally go as far as actively work to release classified documents, I find it particularly difficult to chastise anyone who believes they need to do so for the good of the public.

Re:Links & hints to the data

[MarkvW]

They accepted the risks when they engaged in the covert operations to begin with. People who uncover secrets are not responsible for deaths -- killers are.

I'm sure that the killers have their excuses too . . .

Re:Links & hints to the data

[Pseudonym]

I don't know if he's committed an actual crime or not, and unless you're the troll account for one of two particular Swedish women, neither do you.

Re:Links & hints to the data

[Pseudonym]

Assange has claimed responsibility for a death? Whose?

Re:Links & hints to the data

[Anonymous+Brave+Guy]

In the US, our elected officials are one step shy of openly taking bribes, and in the last few months, two of the three branches have been mired in what boils down to little more than a dick waving contest. We have spent a decade occupying two countries we invaded without the slightest bit of reliable intel that would give us reason to do so. Our economy was raped by Wall Street parasites that subsequently got written a big check and left without so much as a slap on the wrist.

And yet all of this has happened out in the wide open, without your population doing anything to remove those elected officials. What sort of difference is telling a few citizens who might actually care about a few more minor infractions (relatively speaking) going to make, when affronts like the above are carried on with apparent impunity?

Meanwhile, this year has seen the biggest forcible assertion of democratic values in generations. How much of the result is down to a few nameless heroes who fought from within, we will probably never fully know. However, I think it is a safe bet that had the authoritarian regimes in question known who they were, they would not be alive today and some or all of the rebellions in the Arab Spring would have failed.

Re:Links & hints to the data

[bhcompy]

He's an accessory to any crime committed as a result of this information.

Re:Links & hints to the data

[bhcompy]

"1,300 people were eventually killed, and 350,000 were displaced. That was a result of our leak," says Assange. It's a chilling statistic, but then he states: "On the other hand, the Kenyan people had a right to that information..."

1,300 accessories to murder, I'd say.

Re:Links & hints to the data

[Sepodati]

The US government which kept the names in plaintext in a database with millions of people having access

All this is going to lead to is the State Dept, DoD and other agencies going back to stovepiped info systems, since having a shared common operation like this is obviously flawed.

I don't know that "millions" have access to the secure networks where these cables were originally transmitted, either. It was "plaintext" but on a secure network where the user was the vulnerability.

Re:Links & hints to the data

[SteveTheNewbie]

Following that logic, so too would the US State Department

Can we also blame the Guardian and anyone that downloaded the files ?

Also, has anyone actually been hurt from this as yet ? or is this more posturing on the side of the ignorant masses ? (that's actually a serious question)

Re:Links & hints to the data

[Sepodati]

That "cable" is documenting a letter received by the Embassy asking if the account of the scenario is true. The letter is asking, "hey, I heard this happened. Can you confirm or deny?" There is no documentation as to what the response was, either from the military or the embassy.

I have no idea what happened, but rather than this being proof in the cables of assassinations, it's simply someone documenting a request received at the Embassy.

Re:Links & hints to the data

[bhcompy]

See Nuremberg. When the US is the authority, it doesn't punish itself. When it's on the losing side, you can sure bet it will be punished.

As far anyone being hurt, from the horses mouth: "1,300 people were eventually killed, and 350,000 were displaced. That was a result of our leak," says Assange regarding a leak dealing with Kenya

Re:Links & hints to the data

[DavidTC]

There is nothing in the story that supports the idea that Wikileaks used the same password for all the encrypted files they gave out, you idiot. The file decrypted was the file they gave the Guardian, and the password was the one they gave the Guardian.

What happened is the Wikileaks site was attacked and hence mirrors were made of the site, including a mirror of the ciphertext by accident. Which is not any sort of security breach...in the actual real world, having the ciphertext lets you do jack-squat, and the assumption should be that intelligence agencies have downloads from the Wikileaks site intercepted anyway. You're not supposed to worry about copies of ciphertext...they get backed up and stored all over the damn place, although admittedly ending up as a torrent is a bit extreme. (The idea of [hostile country] sending their equivalent of the CIA to break into the Guardian, however, is not extreme at all.)

And then the Guardian and David Leigh published the password. Let's pretend it hadn't been torrented: They had personally accounted for every copy of ciphertext and made sure they weren't in the wrong hand. Right? They made sure that Wikileaks didn't have any copies laying around, or that the internet hadn't cached it. Right? Every backup erased, every hard drive wiped, all NSA taps disabled before download, every janitor who had access to their computer while they weren't there memory-scanned, that no one broke in and made a copy of the file. Right?

Oh, wait, no, that would be impossible, and more importantly, they're idiots. Idiots who just fucking published all the information that Wikileaks carefully had newspapers redact because the goddamn password would make it a more exciting story, and they didn't understand in this day of cloud storage and backups and giant hard drives and browser caches, the way we keep encrypted information secret is to not give out the password to it, not control the fucking ciphertext. (If we could control that, we wouldn't need encryption.) The password that Wikileaks carefully transferred by hand and speech, in what was possibly the most paranoid manner I've ever seen.

In their universe, the real 'secret' was the file that had moved over the internet, and it's impossible that anyone could have intercepted that or made copies of that. Because they're goddamn imbeciles that no knowing about the internet and that no one should ever trust again.

If the file hadn't been torrented, we never would have realized that was the real password, and Iran would have happily continued to decrypt the file they had someone steal off the Guardian's backup server. (For a hypothetical.)

Re:Links & hints to the data

[Sepodati]

There's no proof for anything in that cable. It's essentially a copy-and-paste of a request received at the Embassy.

I'm not making excuses for anyone. If the accounts are true, then someone should have faced court-martial and given the death penalty if found guilty (my opinion). The evidence isn't in that cable, though, imo.

Re:Links & hints to the data

[Sepodati]

On the other hand, the cables contain information about people who have been murdered. These crimes would not be known, nor their murderers known, were it not for the release of the cables.

Which cables show that? Please provide links.

Re:Links & hints to the data

[Oxford_Comma_Lover]

> See Nuremberg. When the US is the authority, it doesn't punish itself.

The U.S. wasn't "the authority." The victorious powers together were the authority. The U.S. presence meant there was actually a trial.

Re:Links & hints to the data

[bhcompy]

I wasn't indicating that the US was the authority, just that when you're on the losing side, you pay for your crimes, just like any other criminal. As long as, today, the US is the authority(or has authority), it won't be the criminal

Re:Links & hints to the data

[KahabutDieDrake]

That's because the Nazi's lost the war.

Re:Links & hints to the data

[Pseudonym]

Here's the latest one.

Re:Links & hints to the data

[Sepodati]

The cable provides a new second hand account of what allegedly happened. It appears that this was already a "known" event, although maybe not reported to the public or covered in enough detail Valid example of a potential murder, though... I'll give you that.

I guess I'm still waiting / looking for the "big secret coverup" cable to be found that details some atrocity that was never known about by anyone but those privy to this "secret" cable network... Something that would really justify a whistleblowing campaign rather than a data dump.

Re:Links & hints to the data

[Sepodati]

Actually, this article has more details on the response, or lack of one. This is still a "known" event and the cable provides another second hand account of what allegedly happened.

Re:Links & hints to the data

[ravenshrike]

In order to guarantee freedom, one must be willing to back it up with force. Being an expenditure of energy which is only done to protect freedom, by definition freedom has a cost. Thus, is not free.

Re:Links & hints to the data

[ravenshrike]

Horseshit. While some psychotics were driven that way through nurture, there are plenty that are the way they are through nature alone.

Re:Links & hints to the data

[Jah-Wren+Ryel]

If Wikileaks REALLY cared that this would happen (they didn't) they would have encrypted it with a different symmetric key per recipient, or used a PKI system.

And that's precisely what they did - the file was intended ONLY for The Guardian and they got the password hand-delivered to them. You've confused the "insurance" file with the file that the Guardian's password decrypted.

That The Guardian's individualised file made out into the wild would not have been a problem if they had kept the password to themselves. After all, that's why it was encrypted especially for them in the first place - on the chance that somewhere, somehow it would be intercepted.

Trust me, WL did not give a shit that this would eventually happen.

Given your rather poor understanding of events, I don't think anyone should trust what you have to say about them.

Re:Links & hints to the data

[ravenshrike]

It's only flawed cause they allowed political correctness to infect the security clearance system. Manning had had plenty of emotional outbursts that in a sane system would have seen him stripped of any clearance beyond confidential. The man underwent multiple psych evaluations. MULTIPLE. Even if they didn't return anthing, the fact that he was sent for more than one should have automatically DQed him.

Re:Links & hints to the data

[AliasMarlowe]

I love how all the small-government types - the ones who think that the notions of commonwealth are somehow equivalent to boogieman socialism - get all righteously pro-State, when it comes to WikiLeaks. It is a curious kind of cognitive dissonance.

It is a cognitive dissonance which forms part of a larger pattern. There is even a freely downloadable book on the topic, written by a psychology professor.

Re:Links & hints to the data

You live under a rock? One of the cables proved that the country I'm living in is completely run by the US. This was not know to the greater populace and if you ever said anything about you thought it was you were labelled a "conspiracy theorist".

We'll use this info in forthcoming elections.

Re:Links & hints to the data

Your hypocrisy and disingenuous moral posturing stinks like the foetid pool of death that you defend.

The post you replied to said absolutely nothing whatsoever that could even remotely be construed as "defending" any of the actions you refer to.

Nor did he state or imply any kind of support for "illegal and anti-democratic secrecy".

  And you know it. You deliberately made up those positions and pretended he was advocating them when you knew he was not. You knowingly, willingly, consciously lied. You did it because you knew that you were not capable of refuting his actual position. No other reason is possible. You desperately wish you didn't agree with me, but you do, and the feeble attempt you're now making to deny it are not even convincing yourself.

Re:Links & hints to the data

[rtfa-troll]

Originally full release was certainly what I understood him to want. He's also been under pressure from places like Cryptome (heartwarming story of recovering "the Beast" there). I can quite believe that he's glad that someone has given him the excuse. That doesn't take away from the fact that the Guardian's release of the files completely changes the game.

Re:Links & hints to the data

[hxnwix]

"1,300 people were eventually killed, and 350,000 were displaced. That was a result of our leak," says Assange. It's a chilling statistic, but then he states: "On the other hand, the Kenyan people had a right to that information..."

1,300 accessories to murder, I'd say.

Let's put that in context:

The leak exposed massive corruption by Daniel Arap Moi, and the Kenyan people sat up and took notice. In the ensuing elections, in which corruption became a major issue, violence swept the country. "1,300 people were eventually killed, and 350,000 were displaced. That was a result of our leak," says Assange. It's a chilling statistic, but then he states: "On the other hand, the Kenyan people had a right to that information and 40,000 children a year die of malaria in Kenya. And many more die of money being pulled out of Kenya, and as a result of the Kenyan shilling being debased."

Removing the context as you did such that Assange apparently confessed to murder strikes me as rather dishonest. Assange has made real mistakes; focus on those unless your intent is merely to discredit his critics.

Re:Links & hints to the data

[rtfa-troll]

Nice the way we don't bother to give the context and at the same time cut off the statement at the point that it's about to claim part of reducing tens of thousands more deaths (looks even worse when we see the way you've done it twice)

The leak exposed massive corruption by Daniel Arap Moi, and the Kenyan people sat up and took notice. In the ensuing elections, in which corruption became a major issue, violence swept the country. "1,300 people were eventually killed, and 350,000 were displaced. That was a result of our leak," says Assange. It's a chilling statistic, but then he states: "On the other hand, the Kenyan people had a right to that information and 40,000 children a year die of malaria in Kenya. And many more die of money being pulled out of Kenya, and as a result of the Kenyan shilling being debased."

Selective quotation does not help your credibility. By the way, which of the the Founding Fathers would you charge with war for their involvement in the American Civil War?

Re:Links & hints to the data

[rtfa-troll]

There is nothing in the story that supports the idea that Wikileaks used the same password for all the encrypted files they gave out, you idiot.

This. Only even more, the good thing about the Schneier article is that he and his posters have actually traced this down and verified that the password does not work for the insurance file.

Re:Links & hints to the data

[SteveTheNewbie]

I had a long drawn out reply to this that got eaten. You'll have to live with the short form, sorry.

Your 1300 quoted is only half the text, you should read and consider the rest in the context it was said. People are trying to claim that the cables reveal names of possible informants who's lives subsequently become in danger. Can you please point to where the Kenya cables listed these 1300 people ? or was it possibly that the data highlighted corruption in the government that subsequently lead to an uprising in which 1300 people were killed ? Hopefully I really don't need to point out the difference to you in finer detail.

Added to this, I am puzzled by the focus on Assange as a figure to hate. In all the releases up until recently (and there is a reason that changed - Thanks Guardian, not Assange) the media were handling the releases, not Assange, if there were names not redacted, then the Media outlets that posted the cables are responsible for any harmful outcome, not Assange. If you want to hold Assange responsible then you could also equally hold the original leaker responsible, as well as the people that improperly secured the data, and while you are at it, the embassy for not obsficating things a little better, or maybe the original government that perpetrated these crimes (or individuals in many cases).

Why the hate on Assange ? it almost seems irrational.

Re:Links & hints to the data

[mcvos]

He may originally intended to release them unredacted, but he clearly changed his mind, quite possibly because a lot of human rights organisations insisted that they needed to be redacted. The plans to redact them have now been ruined by a combination of Assange's (probably justified) paranoia (publishing the encrypted files, but not the encryption key), and The Guardian's ill-conceived publication of the encryption key.

Re:Links & hints to the data

[mcvos]

You mean that information prefers not to be anthropomorphized?

Re:Links & hints to the data

The U.S. presence meant there was actually a whole lot of hypocritical bullshit acting as justification for doing exactly what you wanted to do.
FTFY.

Americans -- can't even do the right thing without being hypocrites.

Re:Links & hints to the data

I think this is the original Torrent, that accidentally mirrored the encrypted Files.

http://thepiratebay.org/torrent/6025982/Wikileaks_Full_Archive_(20_GB)____wikileaks-files-20100612.tar

Re:Links & hints to the data

[countertrolling]

Don't be so sure about that

Re:Links & hints to the data

I forget - Has someone published Assange's social security number, mother's maiden name, his home address, the addresses of his family members, the code to the alarm for his and their homes and any allergies he has? I mean, that's all information and all information wants to be free.

Re:Links & hints to the data

[Angostura]

Redundant? Who modded this redundant? At the very least it's an interesting point of view.

Re:Links & hints to the data

[Jeremiah+Cornelius]

Thanks. It's now in my backlist.

Re:Links & hints to the data

[Oxford_Comma_Lover]

Generally true, yes. (At least more or less--most criminals do not suffer for their crimes, except in a philisophical sense, but many criminals do.)

Your point is one of the reasons the veto ability of the permanent security council members are looked down on. On the other hand, the veto also isolates them from unfounded attacks and lets them play roles which run counter to certain prejudice. (Continuous condemnation of Israel, which is sometimes legitimate but usually racist, for example, is classically blocked by US veto.) It's power, and it's used for good and ill.

For the US in particular, you also have a problem in that for the most part, it plays a unique role in the world that generates illegitimate resentment, in addition to some legitimate resentment. Support for Israel again racism makes racists dislike the US, and when Israel does something bad and the US supports it anyway that makes everyone dislike the US (except Israel), discounted for people who perceive the legitimate condemnation as racist. The "hate the other that is the US" mentality cultivated in some countries (e.g. North Korea, Iran) likewise makes it a target, and the pictures of people cheering in the streets after 9/11 weren't fakes. Though there *should* still be accountability for US soldiers when they commit war crimes, they are also often the only country in a given alliance capable of providing most of the support. (This is a classic argument for its non-ICC-signatory status. There is a lot of anti-american sentiment, and while the ICC would could in theory be used for increasing legitimate accountability among American forces, it be used for political grudge matches left, right, and center.)

Re:Links & hints to the data

[Jeremiah+Cornelius]

This incident occurred. It has outside corroboration and photographs.

The cable indicates the level of collusion on this level of atrocity.

Re:Links & hints to the data

[Oxford_Comma_Lover]

The U.S. presence meant there was actually a whole lot of hypocritical bullshit acting as justification for doing exactly what you wanted to do.
FTFY.

Americans -- can't even do the right thing without being hypocrites.

Establishing international precedent that war criminals should be tried and proved guilty is not hypocritical bullshit. It laid foundations for the later international tribunals of Yugoslavia, Rwanda, and the International Criminal Court. It laid foundations for the truth and reconciliation commissions that are becoming part of international law.

Re:Links & hints to the data

[Jeremiah+Cornelius]

Operation Paperclip.

The Nazis were behind the successful moon landing. That's how I know it wasn't a hoax. I'm only partially joking.

Re:Links & hints to the data

[Jeremiah+Cornelius]

I am free from your rationalisations.

Re:Links & hints to the data

[Jeremiah+Cornelius]

If you wring your hands over the release of the cables for THEORETICAL deaths that MIGHT happen, while not anguishing over the REAL deaths and horrifying injustice that they expose and corroborate?

I construe that as accessory-after-the-fact. It's not even a real position. It is a jingoistic fear-mongering, to masquerade a cover-up with hypocritical false-concern for the well-being of others.

It is defence of atrocity.

Re:Links & hints to the data

[SuricouRaven]

The US supports Israel because it's a state with a good diplomatic relationship and a poor human rights record in a region full of states that consider 'death to the western devils' to be a good basis for foreign policy and 'human right' just a specification of which hand they need to cut off a thief first.

Re:Links & hints to the data

[Jeremiah+Cornelius]

But he didn't publish them - or distribute them - in encrypted form. This occurred because of Domshite-Berg's (Dumbshit-Borg) deliberate subterfuge and co-option of WikiLeaks.

He's been spinning like crazy, saying that he destroyed data, because he couldn't trust Assange to safeguard it.

In fact, this was to divert attention from the possible discovery that he had already distributed the PGP file in question, and prepare the ground for assigning blame to Assange/WikiLeaks.

Re:Links & hints to the data

[slick7]

You are missing a key piece.

He didn't want them all dumped un-redacted.

With the UK tabloid fiasco, can you really expect the news dis-services to be any better?

Re:Links & hints to the data

[Kagura]

I propose that this "leak" was the planned outcome of an operation, probably by the US Army Counterintelligence Agency. This agency has documents that revealed their plan to cause this EXACT kind of exposure, to discredit and subvert WikiLeaks. url:http://www.scribd.com/doc/28385794/Us-Intel-Wikileaks

I've got a better idea. Wikileaks has always been strongly in favor of the verbatim release of all valid documents submitted to them, with information only ever redacted to protect the submitter of the documents. They got a lot of bad press from innocents' identities being released and this apparently worried them, so they began redacting names of "innocents" from documents prior to release. This was a public relations move on Wikileaks' part, undertaken to prevent their image from being sullied. I think Wikileaks and Julian Assange intended from the very beginning for the diplomatic cables to be released in their entirety, and that they purposefully practiced ridiculously lax password security for their "insurance file". Come on, you're telling me that a serious computer "hacker" like Julian Assange, member of the CCC, couldn't prevent the release of the password to their insurance file? Anyone who even knows what GPG/PGP is already understands enough in general to practice simple security procedures.

Next, the Guardian was sued by Wikileaks over what amounted to the release of their insurance file password. Then, in less than a week, Wikileaks releases all the same documents themselves!? You may think "What's the harm if they're already out there released on the internet?" Well, Wikileaks shouldn't be offering these on their website for the same reason the U.S. State Department doesn't declassify and release all the cables that are already leaked to the news: it seriously limits their stance's credibility, especially true for an organization such as Wikileaks which is supposed to conduct themselves by certain lofty principles. Releasing the documents themselves is inconsistent with their supposed desire to protect informants' well-being.

I think Wikileaks and Julian Assange planned this from the very beginning for the cables, in order to remove themselves from blame because "those guys over there are the ones who released the password! They're the real leakers!" With so many people given the password, we can plainly see it was only a matter of time until this release happened.

Re:Links & hints to the data

[Kagura]

Which cable? Which country? I'd like to read this.

Re:Links & hints to the data

[Jeremiah+Cornelius]

But it is Assange schismatics, detractors and critics who have executed every step of this.

Is he such a puppet-master?

Re:Links & hints to the data

[Kagura]

I think you're a loony!

Re:Links & hints to the data

[t2t10]

I don't see a contradiction. Small government types believe that the function of the federal government is defense, diplomacy, and international trade, and little else; but those functions, the federal government should perform well and should have all the power to carry out. That includes keeping secrets secret.

If there is a contradiction, it is in the social engineering laws of the Republicans, when they try to prohibit gay marriage and drugs. But the part of the Republican party that wants those is the Christian conservatives, and they are distinct from the libertarians and the small government types (I'm a Democrat, and I can't stand half the people in the Democratic party either).

Re:Links & hints to the data

[t2t10]

It's not the "small government types" you have to worry about; whether they like authoritarianism or not, it's kind of hard to be authoritarian if there is so little government.

It's both progressives and Christian conservatives that are fond of totalitarian solutions to political, economic, and social problems, both historically and today.

Re:Links & hints to the data

[Jeremiah+Cornelius]

Defence is allowed to mean unlimited budgets, unopposed missions and indeterminate arbitrary scope. Globally.

How anybody can hold the contradiction that believes this kind of unconstrained activity in the coercive arm of government may be isolated, is to me, folly, madness and delusional.

Ultimately, I suspect that it is the result of aggressive parenting, with limited compassion and few outward expressions of affection.

Re:Links & hints to the data

If you wring your hands over the release of the cables for THEORETICAL deaths that MIGHT happen, while not anguishing over the REAL deaths and horrifying injustice that they expose and corroborate?

I construe that as accessory-after-the-fact.

No, you don't. You wish you could, but you can't. You're only pretending that you can. You want to feel that you're raging against some enemy, and that feeling is more important to you than the truth, so you invent strawmen to attack.

It's not even a real position.

It isn't a real position because you invented it and pretended he was stating it.

It is a jingoistic fear-mongering, to masquerade a cover-up with hypocritical false-concern for the well-being of others.

And it comes entirely from you.

It is defence of atrocity.

It isn't, and you don't believe that it is.

Re:Links & hints to the data

[Jeremiah+Cornelius]

"That isn't an argument, it's merely contradiction."

"No it isn't!"

Re:Links & hints to the data

[bhcompy]

How is that different than what is happening how? It mentions nothing about those 1300 people being corrupt. Violence swept the country. That means that innocent people with nothing to do with this died because of an action he claims responsibility for. And even if it were pro-Moi security forces, how many of those people are just trying to get a paycheck in a very shitty country?

Re:Links & hints to the data

Lying didn't work for you before, and it's not working for you now. But you'll continue to try it, because you're too stupid to think of anything else. You will now prove me right again.

Re:Links & hints to the data

[uninformedLuddite]

Which number? which passport? which family? You mean 'The Family'. Have you ever looked into his past and done any digging into Ann Hamilton Byrne and her connections to Australian Intelligence? It's a dark, murky place. I don't know what to believe about any of this wikileaks stuff anymore.

Re:Links & hints to the data

[Jeremiah+Cornelius]

I can still see the pieces of human faeces, stuck between your teeth.

Re:Links & hints to the data

Your desperate attempt at deflection through trolling is indisputable evidence that you know I'm absolutely right. This is completely in line with what I said you would do. You will now do it again.

Re:Links & hints to the data

[WNight]

Bullshit. People will live because of these leaks.

Re:Links & hints to the data

[Pseudonym]

I don't know which planet you live on, but that doesn't accurately describe most Arab-majority states. You've never, I wager, heard "death to the western devils" come out of the mouth of any official from Oman, Qatar, the UAE...

Re:Links & hints to the data

[SuricouRaven]

Let's check the map. Here's an easy one: http://www.mapsofworld.com/images/middle-east-map.jpg
Don't forget Egypt - they are just off the edge there, but certainly a significent player in the politics of the region. So what do we see?

First off, you see Saudi Arabia. It's huge. It's massive. It dominates the map. Ok, it's largely desert, but it's still a bloody big country by middle-eastern standards. If you want to talk human rights issues, Saudi Arabia is the very definition of an oppressive islamic theocracy. That's a country where it's not just illegal for a woman to go to school, it's illegal for her to so much as leave her house without permission from the man in charge of her life. A country which, once a year, starts throwing anyone who sells red items in jail - just to make sure that the Christian tradition of valantines day doesn't get imported. Nor is just just religious - they are almost as good at political oppression.
Next up? Iran, second largest. In terms of oppression, they aren't *quite* up there with Saudi Arabia, but the are in the same league. Plus they also have semi-open ambitions of getting nuclear weaponry too, whereas Saudi Arabia is content to fight through the comparatively peaceful means of economics and propaganda.
Third in the importance rankings, and we've got Iraq. You can't really rank them right now, as they are in the process of regaining control of their own country and prior to that were under the total control of one person. It wouldn't be fair to pass judgement. It certainly isn't looking hopeful though, with their new constitution already making it quite clear that women are to be considered one level above property.
We're down to the bit-players now. Syria, Jordan, Yemen, Oman. In human rights terms? Better. But still not good. Gender quality is still a distant prospect, non-Muslims face severe discrimination. The UAE does fair a little better - they actually have achieved a fairly decent standard of gender equality, religious freedom, etc. It didn't come easy, and they really don't have any power in the region beyond the massive economic clout that their oil reserves give.

So inconclusion: There are Good states in the middle east, and there are Bad states... but all the big ones are very, very Bad.

Re:Links & hints to the data

[t2t10]

Defence is allowed to mean unlimited budgets, unopposed missions and indeterminate arbitrary scope. Globally.

Allowed by who? Certainly not small-government, states-rights advocates; those want the US to withdraw its troops from most of the world.

The people wanting to continue the status quo are large parts of both sides of the political spectrum, who like the vast money flows, as well as our European and Asian "allies", who can spend the money they save on defense for infrastructure and social services. Every time the US actually tries to reduce its military spending (or achieve balanced trade for that matter), those nations scream bloody murder.

Ultimately, I suspect that it is the result of aggressive parenting, with limited compassion and few outward expressions of affection.

Ultimately, I suspect your kind of reasoning is the result of pseudo-intellectual parenting and a total lack of understanding of economics. Oh, and let's throw a lack of compassion in there as well, because paying a few percent more taxes just so that you can assuage your guilty conscience and think you "did something for the poor" is a scam, and should be transparent to anybody with half a brain.

Wikileaks did the right thing sorta

[DarkOx]

They were stupid to let the Guardian to get the key in the first place but once it was out making it more available was the right call.

When you had to get the data and key together that require time, and some computer skills. People who might retaliate against leakers have the resources to marry the key and copy of the data they either already had or could get from torrents.

That might be much harder to do for some poor tribesman who has limited or intermittent access to the internet. By making the information easier to get at, it lowers the bar, makes it easier for potential victims to know if they have been outed, and need to protect themselves.

Re:Wikileaks did the right thing sorta

[Kjella]

When you had to get the data and key together that require time, and some computer skills

Not really, the file was on TPB (among many other places) and the password was being relayed all over the net. Millions of people - and I mean that literally - have the required access and skill if they have the slightest bit of interest then they'll be able to get the decrypted information. Very shortly - if not alreadty - there'd be torrents with the unencrypted information. And it'd be no hard than starting any other torrent, which I consider a rather basic task today.

Re:Wikileaks did the right thing sorta

what if WL deliberately gave out this information? - maybe we're just too naive to believe, the leak leaked "by accident"??

Re:Freedom of information

I'm usually the first person to want to propagate information, but people will die as a result of these leaked cables.

Ordinarily I'd be inclined to agree, but the avalanche has already started; it is too late for the pebbles to vote.

the guardian

are playing a stupid game right now.

In their JA will face arrest in Australia article they earlier said something like "the Guardian unknowingly publish the password in the Guardian's book" etc,

now that phrase is nowhere to be found from the article...

DER SPIEGEL has a much better writeup

[SmilingBoy]

The Schneier article is very speculative and doesn't have many facts.

DER SPIEGEL has a much better and more detailed account: http://www.spiegel.de/international/world/0,1518,783778,00.html

Re:DER SPIEGEL has a much better writeup

[rtfa-troll]

The Spiegel article is referenced by Schneier so it's there for people to read. However, in one, but the most crucial, aspect the Spiegel article is wrong. It accepts the statement that the Guardian believed password was temporary at face value.

In a statement the Guardian rejected the accusations from Wikileaks, explaining that the paper had been told the password was temporary and would be deleted within hours. "No concerns were expressed when the book was published and if anyone at WikiLeaks had thought this compromised security they have had seven months to remove the files," the statement said. "That they didn't do so clearly shows the problem was not caused by the Guardian's book."

What's new in Schneier's article is that that is pretty clearly debunked. This was a standard GPG/PGP archive which had already been distributed. There was absolutely no reason to hand out the correct password and doing so is a clear breach of IT security norms (never give your password to anybody) for no good reason.

Re:DER SPIEGEL has a much better writeup

[solanum]

It doesn't do anything of the sort and there is nothing new in the Schneier article. Why would your average non-IT journo understand about PGP? If the journo was told it was a temporary password then they are very unlikely to say, "oh no you are wrong you IT people, I know about stuff and this can't be temporary". I've been reading Slashdot for well over a decade and if someone I thought knew what they were talking about told me they had stuff encrypted with a temporary key, I would believe them (although I'd be wondering just how it was done).

The other angle is that why would the Guardian publish the key if they new it would unlock everything for everyone? It isn't in their interest (selling newspapers), plus there are plenty of reports of other media outlets being offered the data more than a year ago, so it has hardly just got out there.

I think the real story is it is all a screw up, journo knows nothing about IT, is bullsh*tted by Assange and believes what they are told. Assange isn't doing the security by the Wikileaks protocol, everything goes to crap.

Re:DER SPIEGEL has a much better writeup

[rtfa-troll]

why would the Guardian publish the key if they new[sic] it would unlock everything for everyone?

Nobody is saying that the Guardian knew this would unlock the file. What I am saying was that you never publish your encryption keys even if you don't know anything more.

The key new thing from Schneier is in this small fragment

Memo to the Guardian: Publishing encryption keys is almost always a bad idea.

Here you have a respected crypto expert repeating a thing he has said in standard textbooks (applied cryptography) which should be known to all IT security people. This makes it 100% clear the Guardian messed up. Saying that this is a "journo" who "knows nothing about IT" beside the point. A signed agreement was made between Wikileaks and the Guardian. They should have had IT security people vetting all related communications. The journalist should not have been allowed to mess up alone.

Re:DER SPIEGEL has a much better writeup

[he-sk]

Why are you accepting what the Guardian writers are telling you at face value? From what I've read elsewhere there was at least a misunderstanding -- the Guardian thought the password was temporary but WL meant that the download site was temporary.

Whatever the case, what was the Guardian author thinking when he published the password?! That's clearly negligent.

Re:DER SPIEGEL has a much better writeup

[Solandri]

What I am saying was that you never publish your encryption keys even if you don't know anything more.

In public key encryption, you're supposed to publish your public key. So the "never publish your encryption keys" rule is not absolute. Obviously that isn't what happened here, but I don't expect a clueless journalist to be aware of these nuances, and so I wouldn't judge his behavior based on a "default' rule which is by no means absolute.

Re:DER SPIEGEL has a much better writeup

Der Spiegel has more detail, but it doesn't change the fact that the Guardian was a bunch of dufuses to publish an encryption key. Its disclosure was totally unnecessary and was done under the wrongful assumption that a secret URL would remain secret.

Re:DER SPIEGEL has a much better writeup

[drnb]

What's new in Schneier's article is that that is pretty clearly debunked. This was a standard GPG/PGP archive which had already been distributed.

Nothing is clearly debunked. My understanding is that the file given to the Guardian was something put together just for them, a temporary archive that would be deleted from the WikiLeaks system within hours - or so they were told. They had no reason to believe that Assange was reusing passwords and that a more permanent archive was using the same one.

There was absolutely no reason to hand out the correct password and doing so is a clear breach of IT security norms (never give your password to anybody) for no good reason.

Actually the password did have some newsworthiness. The password itself provided some insight into Assange's thinking and his condescending attitude towards journalists was also insightful (can you remember this missing word). Also, showing how a relatively weak password (dictionary words, domain specific, etc.) was being used for such critical data was also insightful. Perhaps as Assange wants to embarrass the US government into good actions the Guardian wanted to embarrass Assange into using good passwords.

Re:DER SPIEGEL has a much better writeup

[Jeremiah+Cornelius]

Since when is PGP cycling passphrases without re-encryption?

That was a poor mistake - but maybe D-B is the fly in the ointment, and he deliberately copied the file, before re-keying it to a new passphrase.

He certainly owned up to other acts of subversion and data-manipulation, contrary to his trusted role in WikiLeaks. He goes all Hal-9000 in his explanation: how he had to kill Cmdr. Poole to fulfil the mission.

Fuck the little traitor. He's either an intelligence agency mole, or a dupe.

Re:DER SPIEGEL has a much better writeup

Sigh... heavy sigh... don't publish your private keys.

Re:DER SPIEGEL has a much better writeup

[flonker]

http://xkcd.com/936/

Password entropy is not intuitive. This is my estimate of the entropy of the password. "ACollectionOfDiplomaticHistorySince_1966_ToThe_PresentDay#"

Capital Letters at the start of every word: 1 bit
10 domain specific words in grammatical context: 6 bits each = 60 bits
Year in recent history: 7 bits
Random no-space or underscore between words: 9 bits
punctuation mark at the end: 4 bits

1+60+7+9+4 = 81 bits of entropy
2^81 / 1000 / 86400 / 365 =
7.6Ã--10^13 years to brute force @ 1000 guesses per second

Length trumps gibberish. It is not a bad pass-phrase.

With all that said, the extra verbal word, "Diplomatic" adds 10 bits of entropy, which is pretty much inconsequential. (6 for the word, 4 for position) It's a privacy lock, pretty much only good for keeping out the curious and people who stumble upon it.

Re:DER SPIEGEL has a much better writeup

There was absolutely no reason to hand out the correct password and doing so is a clear breach of IT security norms (never give your password to anybody) for no good reason.

You mean, like when Julian handed out the password to the Guardian?

Re:DER SPIEGEL has a much better writeup

[rtfa-troll]

There was absolutely no reason to hand out the correct password and doing so is a clear breach of IT security norms (never give your password to anybody) for no good reason.

You mean, like when Julian handed out the password to the Guardian?

Possibly. Julian had a good reason to hand over the encryption key to them; they were supposed to get the archive in order to help him to filter the messages. However I have no idea (and nor do you I suspect) whether he took reasonable care to check that the people in the Guardian he was handing the data over to had adequate security to deal with it. If he failed to do that then, I personally think he was at least careless.

However, there's a meme that's going around suggesting that he should have handed out different keys to different people. That for each person he should make a separate encrypted archive. It's really important to realise that every time Assange does this he has to decrypt the archive (at least it's secret key) and re-encrypt. This is a very dangerous operation especially when you bear in mind that he was under active investigation by various secret services at the time. Furthermore, the mere existence of different keys to the same material increases cryptographic risk. Finally, there are other security problems that Assange had; perhaps he needed the ability to hand on this password in order to ensure Wikileaks could continue in the face of threat from secret services.

Re:DER SPIEGEL has a much better writeup

There was absolutely no reason to hand out the correct password and doing so is a clear breach of IT security norms (never give your password to anybody) for no good reason.

Couldn't the same thing be said of Wikileaks?

Re:DER SPIEGEL has a much better writeup

[drolli]

Besides the fact that the Spiegel (as a WL partner) is heavily involved in mud-slinging towards OL/DDB.

To me it is obvious that OL/DDB had nothing to do with this problem. I get more and more the feeling that this problem was the reason DDB left.

The idea that any intelligence agency needed the help of openleaks to test the guardian pwd against any encrypted document they find is funny.

Re:DER SPIEGEL has a much better writeup

[rtfa-troll]

Wikileaks had the aim of releasing the material in a safe way; that required giving the Guardian access, in this case by handing over the password. They believed, and even had a contract to support that belief, that the Guardian would help them. They gave over the password with the specific aim of protecting sources (and that probably happened; most of any of the sources at serious risk have had a year to get out of the way and should have done so by now). Probably they (specifically Assange) should have insisted on the Guardian journalist getting a proper GPG public key and on only delivering the information to that public key, however, given the incompetence the Guardian has shown probably also the newspaper would have simply published their private key ring together with it's passphrase so it wouldn't have done any good.

The Guardian just wanted the the password for narrative. They could have put in the pass phrase "I-have-a-big-dog-from-the-72-team" and then said that Assange told them to insert "-and-cat" after the word dog. At the end of the chapter they'd put a footnote that the password was changed for security reasons.

The two situations are not close to comparable.

Re:DER SPIEGEL has a much better writeup

[Kagura]

http://xkcd.com/936/

Password entropy is not intuitive. This is my estimate of the entropy of the password. "ACollectionOfDiplomaticHistorySince_1966_ToThe_PresentDay#"

Capital Letters at the start of every word: 1 bit 10 domain specific words in grammatical context: 6 bits each = 60 bits Year in recent history: 7 bits Random no-space or underscore between words: 9 bits punctuation mark at the end: 4 bits

1+60+7+9+4 = 81 bits of entropy 2^81 / 1000 / 86400 / 365 = 7.6Ã--10^13 years to brute force @ 1000 guesses per second

Length trumps gibberish. It is not a bad pass-phrase.

With all that said, the extra verbal word, "Diplomatic" adds 10 bits of entropy, which is pretty much inconsequential. (6 for the word, 4 for position) It's a privacy lock, pretty much only good for keeping out the curious and people who stumble upon it.

You only know this now that you have seen the password... come on. Before a couple days ago you thought this password was a random 256-character sequence.

Re:DER SPIEGEL has a much better writeup

[Kyusaku+Natsume]

Anyone with a bank account know that they never should share or write down in an easy to get media their NIP. You don't need to work in IT to know the importance of keeping a password secret.

Re:DER SPIEGEL has a much better writeup

[martyros]

What's new in Schneier's article is that that is pretty clearly debunked. This was a standard GPG/PGP archive which had already been distributed. There was absolutely no reason to hand out the correct password and doing so is a clear breach of IT security norms (never give your password to anybody) for no good reason.

That's not what I saw in Schneier's article at all, nor in the comments. I saw that the file "somehow made its way" into the mirror kit. How was the Guardian supposed to know that they were going to be distributing this exact file, with the exact same password, instead of a file with a different password (as would make more sense, if you want to keep control)? The Guardian didn't release the file, only the password. As long as they kept the file they were given secret (and there's not yet any indication they didn't), they behaved in a reasonable way.

Sure, maybe in hindsight it would have been better to use a modified password in the book, since it doesn't change the story value. In hindsight it might have been better for Julian to make a separate password for each organization as well.

Re:DER SPIEGEL has a much better writeup

[flonker]

You only know this now that you have seen the password... come on. Before a couple days ago you thought this password was a random 256-character sequence.

I assume the only part of my argument you disagreed with is the last paragraph. I would bet he used a similar system for all of his other pass-phrases for any other files he distributed. So, if Mallory managed to get a copy of one of his encrypted files, and managed to see the piece of paper with the key, Mallory would only need to run a very simple and quick dictionary based attack to find the spoken component and actually crack the file.

BTW, /. messed up my Google cut & paste. It should have read "7.6 x 10^13 years".

Re:DER SPIEGEL has a much better writeup

[Kagura]

Actually, I reread your comment this morning and I completely misunderstood it. We agree on everything, and thank you for your excellent analysis.

This again?

They said the same thing about the US-Iraq/Afghan cables a few months ago, then later it was shown that there really wasn't any information that would get people killed. I'd wager it's the same situation again--someone got caught with their pants down and they want (Assange's) blood for it.

Re:Freedom of information

With any luck they'll all be politicians.

Re:Freedom of information

Any foreign intelligence agency worth its salt would already have had access to this information. All the release has done is let the proles take a peek behind the curtain - nobody is going to die because of this.

no first reading?

[DaveGod]

So whatever happened to books, or the relevant chapters, being given out privately to the people in them prior to publishing? I thought that was standard practice.

I suppose it got put to the wayside since it was only relevant when the concepts of truth and balanced reporting were practised. As far as papers go, the Guardian is still far from the worst offender, but it used to be a high quality liberal broadsheet. The last few years it has seemed to put most value on web hits over quality paper journalism. Sensible liberalism has given way for sensational liberalism.

That;s why I don't buy it any more.

Re:Freedom of information

[Ironchew]

The cat's out of the bag. People will still read these, despite your baseless FUD.

Clarification

[I(rispee_I(reme]

This is not the Wikileaks insurance file, which remains encrypted.

This is a different file, that the Guardian was privy to, and was then mirrored.
The password to this other file was published in a book.

I only mention this because the previous /. post on this topic had a lot of replies with the mentality that wikileaks has surrendered its insurance. Such is not the case.

Re:Clarification

[Sumtingwong]

If Wikileaks has an insurance file then they are not accomplishing their stated goals. Insurance is to spread out the cost of a possibly calamitous event.

RIP journalism

[E+IS+mC(Square)]

Among other revealations during this ordeal, one thing stands out - I now know how morally bankrupt main stream media have become, irrespective of how right or wrong assange is.

Guardian won awards for all the work done by wikileaks/manning, and now they just backstabbed them, and still have guts to defend their own actions.

NYT is even worse.

Whisleblowing investigative journalism is dead, sold out to big governments and corporations.

Re:RIP journalism

[DigiShaman]

It's both refreshing and sad to know that you've just now figured this out. For most of my life, I've always known the media was firstly self-serving. Anything else would be an afterthought on their part.

Re:RIP journalism

2 ex-WikiLeaks 'associates' - James Ball and Heather Brooke - have wangled jobs at the Guardian. Slimy, very slimy

http://nigelparry.com/news/guardian-david-leigh-cablegate.shtml

.z7 - WTF??

[mcantsin]

Why should the top whistleblower service encrypt their files in .z7 format? - OMG! There's truecrypt, gpg, openssl etc. out there!

Re:.z7 - WTF??

[Arancaytar]

z7 is not an encryption; it is a compression format. The file was compressed to z7, and then encrypted with gpg.

Re:.z7 - WTF??

z7 != z-Zip ;)

http://en.wikipedia.org/wiki/7z != http://en.wikipedia.org/wiki/7-Zip

Re:.z7 - WTF??

[mcantsin]

ouch! - nvm, sry

Re:Freedom of information

some of these cables describe people being wrongly killed.

One thing

[joh]

The redacting that was done by The Guardian and others was just a reasonable thing to do, but it had one disadvantage: They published only selected and redacted cables and such you couldn't look for certain things by yourself. There's been more interesting stuff in the past centuries than The Guadian or Der Spiegel would recognize.

What's now possible is others sieving through these cables and I'm pretty sure that people will find interesting things. While it's not really a good thing for names of informants being published all this centralized knowledge and decisionmaking about what is good for the public to know is really getting on my nerves lately.

millions of people -have died- from govt lies

[decora]

and secrecy. it is the history of the twentieth century.

Patrice Lumumba being a perfect example.

im not saying Wikileaks did the right thing, im just saying to be 'outraged' is a little hard to understand.

Re:millions of people -have died- from govt lies

[Anonymous+Brave+Guy]

Yes, they have.

But screwing over a whole bunch of other people who are trying to make the world a better place just because you can isn't going to bring the dead back.

Destabilising sensitive negotiations and compromising sources will almost certainly result in more deaths, though, not just for the sources and their families but because the work they were doing was undermined.

Most of the Wikileaks stuff that came out before wasn't particularly damning, in the sense of exposing great wrong-doings by government agents that we didn't already know about or at least strongly suspect. If there are further cases that need to be exposes in the interests of justice then sure, expose them. I'm all for government getting called on it when they're behaving improperly, and I'm all for punishing those involved so that justice is seen to be done. However, the bottom line is that there was no real public interest in forcing most of the earlier Wikileaks releases I saw, redacted or otherwise. This sort of unrestricted disclosure isn't going to help anyone, except people you don't want to be helping.

Media & Law Makers

[IonOtter]

"...and go on to state that 'The decision to publish by Julian Assange was his, and his alone,' something which seems clearly debunked in the analysis on Schneier's blog."

Neither the media nor law makers will ever let the facts get in the way of their objectives. And because law enforcement has no small stake in this, either because their own fat is in this frying pan, or due to marching orders from the law makers, neither will they.

so Colin Powell....

[decora]

is guilty of torture?

Re:so Colin Powell....

[mcvos]

Perhaps not as much as some others in the Bush administration (not to mention Congress that approved everything), but yes.

Re:so Colin Powell....

[lgarner]

Possibly, but an irrelevant point here.

What a fuck up this is!

[JakFrost]

I thought that the original leak by Bradley Manning was a brave thing that he did, especially since the information he chose to leak was only low-level classified and unclassified information. He should be given a humanitarian award for his role in this.

Then I thought that WikiLeaks sharing the diplomatic cables with select journalists at respected organizations so that they can review the material, redact and sensitive personal information, and then publish a well written analysis of the most interesting cables was also a good and respectable thing.

However now that I find out from the Spiegel article that the shared file to the Guardian was just left on the file server after the confirmed that they got it is just such a stupid mistake. Encryption is not the be-all-end-all answer to security and WikiLeaks failed to understand that. Also the password was long and complex but the phrase shares the context of the data it encrypts and also could have been guessed eventually since it had so little entropy and difficulty.

Then to hear about pool record and file keeping, copying files to another server, hiding in subfolders, then copying them back and sharing them out on BitTorrent, what a cock-up that was! It's like the story of so many people on older P2P platforms sharing out their entire hard drives without realizing that people were download their application password files, personal documents, tax returns, pictures, and other stuff that should never be shared. It makes me think that WikiLeaks lacks some common computer sense and good server administrators who maintain and clean-up crap after their users.

This is one of those Epic Fails that will affect many people now and later, and will ripple down in history as a lesson of the reprecautions of good leaks going bad due to negligence and ignorance.

Re:What a fuck up this is!

[exentropy]

the phrase shares the context of the data it encrypts and also could have been guessed eventually since it had so little entropy and difficulty.

"ACollectionOfDiplomaticHistorySince_1966_ToThe_PresentDay#"

Mandatory xkcd: http://xkcd.com/936/

Re:What a fuck up this is!

[Kagura]

I thought that the original leak by Bradley Manning was a brave thing that he did, especially since the information he chose to leak was only low-level classified and unclassified information. He should be given a humanitarian award for his role in this.

I have to disagree with your first sentence. He thought he was anonymously submitting these documents to Wikileaks, and thought he was safely bragging to Lamo about it, since Lamo claimed to be acting in a journalistic capacity. Manning was a "trouble soldier" in his unit, the kind that doesn't get along with others and tends to cause problems and make bad decisions. It's my belief he acted simply out of spite and maybe some misguided thinking, using the opportunity that the newly rising Wikileaks presented.

Verified?

[currently_awake]

Has Assange verified this? With the code breaking computers available to the US it would be possible to figure out the key and impersonate Assange as a very effective smear campaign. It would also put americans and their spies at risk but that's not stopped them before.

Re:Verified?

With the code breaking computers available to the US it would be possible to figure out the key

Uhhhh what computers are you talking about? You don't crack this stuff in less than a year even if you've got a data center to throw at it and a good idea of what's inside.

(I assume you're talking about pulling this content from a different encrypted archive and re-encrypting it with the previously published key.)

Amazon book review

[bill_mcgonigle]

Here's an Amazon book review critical of the disclosure of the password in the book. I registered my support for the critique with a 'helpful' click.

The key was not for the insurance file, however...

[kandresen]

From what is stated;
1) The key given to the reporter was not the key for the insurance file
2) The Assange had provided a backup method for others to recover the data in the case he was a) killed, b) otherwise rendered incapable to act by other than having the group act on his behalf
3) Whereas it is easy to revoke access to content on a central server, it is impossible to revoke access to a file that cannot be changed (a password can simply not be revoked unless you can write to it) In other words you cannot revoke passwords for content that is available on bit torrent etc.
4) The way encryption usually work is through two sets of keys, i.e. LUKS. The real key is essentially always 512bits, but nobody including you ever use this key - you have a password and a separate key that releases the 512bit key!!!
No, we do not know if there was a second pass-phrase key on the content provided to the reporter, but if it was, having one key which gives access to the full 512bit key and content might be used to reveal alternative keys to get the real key. One of which might cascade to the key used in the insurance file. Which is why it was truly irresponsible of the reporter to publish the key regardless!!! That is as far as I see neglect, and being clueless is under no circumstance justification. Yes, the password could be revoked on access, but any backup prior to revocation can as stated above would retain access with that key whether it is a tape, an USB copy, or bit torrent.

Anyway, it is not for sure there where any alternative keys combined with that content, however, we do know the group had access to release the content of the insurance file in case something did happen to Assange anyway...

That the Insurance file was released on Bit torrent was most certainly not a mistake, however, it will have been a mistake if an alternative key used on the content given to the reporter could cascade to this key somehow. (From what I have learned of the case, I kind of don't think the problem was here).

So that leaves the people who where on the inside with the knowledge necessary to release the key...

Sure, there has been a lot of mistakes happening; we can blame Assange for believing in the fools who left for OpenLeaks. They were likely always the number 1 threat to the whistle blowers: Internals who sabotage, steal and try to destroy the original organization with internal knowledge.

stuff that might happen vs reality

[decora]

people said wikileaks would cause casualties. well, its been a year+ since alot of this stuff was released. who has died? can anyone name a single person who has died so far?

"Destabilising sensitive negotiations and compromising sources will almost certainly result in more deaths, though, not just for the sources and their families but because the work they were doing was undermined."

im not saying i dont believe you. im just asking for evidence.

there are a lot of kids in pakistan who have died because of drone strokes. they didn't "theoretically die", in the mind of some internet blogger, they actually died, in real life, with their guts hanging out all over the floor, screaming for their parents who were probably splattered all over the adjacent wall.

why should i be more concerned over something that theoretically, might happen, (and i have been waiting a year for it to happen) versus something that happens every other week, in reality? this is my problem with this argument. this is where i fall down actually giving a shit about the 'crimes of wikileaks'.

Re:stuff that might happen vs reality

[Anonymous+Brave+Guy]

people said wikileaks would cause casualties. well, its been a year+ since alot of this stuff was released. who has died?

It's hasn't been a year since the release of the uncensored data, and even if the authorities in hostile states had gotten hold it of seven months ago, the sheer volume of it would limit how quickly they could react. It is far too soon to even claim that no harm has been done, leaving aside the fact that given the nature of those involved, any friendly casualties would probably be kept very quiet.

However, as of the past couple of days we already know that many people considered at risk and marked for protection have had their identities compromised. How can there ever be any public interest justification for that?

why should i be more concerned over something that theoretically, might happen, (and i have been waiting a year for it to happen) versus something that happens every other week, in reality?

Well aside from my argument above, how about because the two things you describe are not mutually exclusive? I doubt any Wikileaks releases have prevented any drone strikes. On the other hand, time will (or won't) tell whether the high level Al-Qaeda operatives who have been captured or killed in recent months would have escaped if those who ultimately betrayed their positions had been compromised before our forces could act.

Re:stuff that might happen vs reality

[decora]

"I doubt any Wikileaks releases have prevented any drone strikes"

well they COULD, in THEORY... which is the only standard of evidence we are dealing with.

Re:stuff that might happen vs reality

[Anonymous+Brave+Guy]

Well, now it's obvious you're just trolling.

To give one obvious example from this week, the Libyan rebels have found prison facilities in Tripoli where hundreds of political prisoners have apparently been executed before or during the uprising. There is no doubt that compromising the identity of people who oppose the ruling classes in many nations is a life-threatening activity.

On the other hand, successive administrations in various Western nations have carried on with their drone strikes and numerous other military activities despite open opposition to military action by many of their citizens and widespread reporting of the consequences. What has Wikileaks ever produced that is more damning than that?

Re:stuff that might happen vs reality

"Libyan rebels have found prison facilities in Tripoli where hundreds of political prisoners have apparently been executed before or during the uprising."

And if you're black in Libya now, the "rebels" will shoot you in the head and/or dump you in the Sahara, while their NATO puppeteers drop tens of thousands of bombs on everything - water facilities, schools, homes. Mass racial cleansing, even genocide is going on there right now, backed by NATO. If you get your world-view from the TV, you wouldn't know that. You also wouldn't know how much of these supposedly popular uprisings from the "color revolutions" to the "Arab spring" are actually managed by western intelligence agencies and their cover organizations. Assenage is largely a tool of those agencies as well, particularly Mossad. He provides the "problem" part of "problem-reaction-solution", but the information he releases is tailored to never reveal anything truly vital or harmful to his controllers' interests.

A negative review that will sell books ...

[drnb]

Here's an Amazon book review critical of the disclosure of the password in the book. I registered my support for the critique with a 'helpful' click.

Did you think that through? If you get this review marked as the top negative review it will plainly tell everyone the real world password is in there and probably generate far more curiosity than outrage.

Loosely been following this whole ordeal.

So many things went wrong here it's hard to say where it all started. No one knows where it will end either. The laws of unforeseen consciousnesses and/or just plain old Murphy's law leads me to believe this is far from over.

Everyone involved needs to be rounded up and held accountable though.

I think the difference is ...

[khasim]

I think the difference in this "outrage" is whether the dead are "them" or not.

1 potential threat to even one of "us"
is worth far more than
1,000's of actual injuries or deaths to "them".

Austrialia.gov caught ...

sucking off males.

No wonder.

They're all a bunch a snits.

Serve'vm right I'd say. Nigger snits.

--//

Condescending?

[FormOfActionBanana]

Condescending? This is the word you use to describe the attitude toward the guy who told the password to the world?

Re:Condescending?

[FormOfActionBanana]

s/told/later told/

Re:Condescending?

[drnb]

Condescending? This is the word you use to describe the attitude toward the guy who told the password to the world?

Yes, condescending, he asked a journalist if he could remember the missing word in a sentence.

Regarding, "told the password", at a much later date he shared the mildly obfuscated sentence used as a password on an archive he was told was temporary and would be deleted in a few hours. How would the journalist know this was not true or that Assange was using his favorite sentence as the password for other archives as well. At worst you can accuse the journalist of making the mistake of assuming Assange was competent with respect to data security.

Re:Condescending?

[Yvanhoe]

So, to be short, Assange was too condescending by asking the journalist if he would remember the password but not condescending enough when he thought the journalist could understand that a password is supposed to be kept as secret as the content it protects ?

Re:Condescending?

[drnb]

So, to be short, Assange was too condescending by asking the journalist if he would remember the password but not condescending enough when he thought the journalist could understand that a password is supposed to be kept as secret as the content it protects ?

No. He asked the journalist to remember a single missing word omitted from the pass phrase being written down. Also the journalist believed the password was obsolete, that the content was to be removed from the wikileaks server in a few hours. In short that there was no longer any archive to protect. Yes the journalist was quite silly thinking that Assange would follow through on this basic task and that Assange was not silly enough to reuse this password for other archives.

Re:Condescending?

[Savantissimo]

The journalist was a damned fool for not realizing that a file on the web could be downloaded by anybody, and in the case of a Wikileaks server, any file there for more than a minute or two was virtually certain to be downloaded by a number of intelligence agencies and shady characters on the off chance that the key would eventually turn up. Or, in little words for little minds: data can be copied. Publicly posted data can be copied by anybody. When potential enemies might have the encrypted text, releasing the password is the same as releasing the data.

The reporter should have known this, yet he published the exact password, with absolutely no reason to do so. He could have just described it in general terms, but he and he alone intentionally ran what he should have known was a substantial risk of releasing the cables. This release happened, and it would not have happened but for his reckless,stupid, pointless action. The reporter alone is responsible for this release and any consequences it may have.

Re:Condescending?

[drnb]

The journalist was a damned fool for not realizing that a file on the web could be downloaded by anybody, ...

He was told it was a temporary file that was supposed to be deleted in a few hours. The fact that it was not and that it was made part of a torrent were Wikileak failures.

... and in the case of a Wikileaks server, any file there for more than a minute or two was virtually certain to be downloaded by a number of intelligence agencies and shady characters on the off chance that the key would eventually turn up.

Your tin foil hat is on a bit tight. If an intelligence agency wanted the data it would be far more likely they would simply target a newspaper that already had the unredacted data. That was a known opportunity. What you offer is a pretty unlikely opportunity.

Or, in little words for little minds: data can be copied. Publicly posted data can be copied by anybody.

Like the decrypted archives in the hands of various news agencies involved in the redaction effort. Another failure of wikileaks data handling, an example of wikileaks surrendering control. Once wikileaks made the data available to others it was likely to be exposed. They should have done the redaction in-house, if journalists wanted to see unredacted documents they should have visited wikileaks.

Wikileaks gave unredacted data to outsiders. Wikileaks fail.

Julian is no fool.

[RandomStr]

One of the primary objectives of wikileaks, is to present this information in a way that is not illegal, and to protect the identity of the people involved. It's one of the reasons it has been so successful, as opposed to Anomalous... Those kids are headed for trouble, and I certainly do not condone their actions...

There are no hidden agendas, it(wikileaks) is for us, the people of the world, we diverse to live in a world that is not governed by the greedy and morally unsound...

As for this current slip-up, I think I'm safe to say that, it is NOT the intent of wikileaks to undermine it's authority and legality, and in no way should this action compromise the continuing objectives of the movement.

Just don't forget that there are many people with vested interested; those that oppose the idea generally have something to hide, and more often than not, they have the power to manipulate and influence, in this instance, I see reality distortion and a bit of sabotage thrown into the mix for good measure...

Just another day in the mud for wikileaks!

Wikileaks trusted the Gaurdian.They released it.

[BlueCoder]

They made secure efforts in transmitting the data. It was the Guardian that betrayed the trust of Wikileaks and all those identities that were suppose to be withheld. The Guardian kept the data file and let it leak and then published the password... In effect the Guardian published everything in the clear. They are the ones to be held responsible.

Mirror, mirror...

[AliasMarlowe]

David Leigh and Dumbshit-Borg are either pathetic and self-serving dupes, or sickening quislings

Indeed. According to Der Spiegel , the encrypted file was among those taken from Wikileaks by Domscheit-Berg when he acrimoniously left to start his own rival Openleaks site. It was then released by Openleaks using volunteers to seed torrents of many of their files. Meanwhile, David Leigh of The Guardian published the password which Assange had given him, thereby apparently breaking an agreement of confidentiality. Later, an Openleaks-associated news site let people know where the key to this particular file could be found.

Smelly sticky shit is indeed flying, but it looks like a side effect of Assange/Wikileaks being stabbed in the back by Domscheit-Berg/Openleaks and David Leigh of The Guardian. Whether the stabbing occurred by coordinated malice or combined stupidity and incompetence is still a little uncertain. Either way, it's hard to blame this directly on Assange/Wikileaks.

Re:Mirror, mirror...

The only person I see as being sincere about providing a method to leak information is Julian Assange. Everyone else just seems like pathetic attention whores trying to steal part of Assange's parade.

Unfortunately, none of these people are trustworthy at all. The best method of leaking data anonymously now seems to be to just do it yourself.

0) Strip all information related to yourself from the data set
1) Find open Wireless access far away from your home (Bestbuy out of site of security cameras is probably a good choice)
2) Change the MAC of your wifi card to something random
3) Upload to a site like Megaupload
4) Email major media outlets about the data set from a anonymously created email account
5) Disconnect
6) Change your MAC back to the original
7 (the most important one) ) Don't tell anyone else about what you have done.

Re:Mirror, mirror...

[Jeremiah+Cornelius]

It is collusion, subterfuge and state-sponsored. That's my thesis - and I'm sticking to it.

The only question is if D-B was "turned" - maybe they threatened to put his kid-sister in a grave - or if he were always a mole.

Leigh? What a dishonest, self-serving shite. Hie refusal to acknowledge even an inadvertent culpability is a tell that betrays his essential duplicity.

I remember the Observer and the Guardian during the miner's strike and Brixton. This man is a part of what has gone so wrong there. Just another courtier for power.

He'll wind up dead or OBE out of this.

Re:Mirror, mirror...

[SuricouRaven]

You forgot the bit about getting to the far-away access point via public transport or taxi paid for with cash. If you are leaking something that important, there are probably only a few thousand suspects at most - and the investigator will be getting information from numberplate-reading camera to see where they all went, and checking financial records for purchasing of tickets, looking for any suspicious journeys.

Not everyone has reason to be that paranoid, and I think most leakers hugely overestimate the importance of their data and the effort that will be spent to find them. In the case of something like the cable leaks though, panaoia is justified.

"(Strictly protect)"

[tangent3]

Just reading through a few of the cables that have leaked regarding my country and I came across several cables that have named names of sources with the tag "(strictly protect)". Now, in my country, their lives are certainly not in danger, but their jobs certainly are.

The biggest achievement of cablegate would be to make everyone think twice about talking to any US diplomats.

This was plannned anyway

[NSN+A392-99-964-5927]

The Guardian G/Men Group are quite covert. As always a journalist will befriend you to get a scoop, yet disrespect you later.

Of course most people 99.9% of /. users will not understand what G/Men is.

David Leigh did not know how to unzip the file

This man is the chief investigative editor for the Guardian but did not know how to unzip the 7zipped file. That was stupid enough, but he then published the password of the archive as a chapter header in his tell all book.

The Guardian relies on the kind hearts and foolish whim of liberals and misfits to sustain itself. If not for them it would have sunk without trace long ago. It certainly isn't the quality of the investigative writing.

Re:The key was not for the insurance file, however

Releasing the previous password may give some insight into the password of the insurance file. Instead of having an unrelated or random password, Assange used a phrase relevant to the content with common capitalization and a symbol at the end. Is this his habit, or a one-off breach of best-practices for security. It's a lot easier to try phrases related to Assange, WL, revenge, insurance, imprisonment, etc than to try to walk the 256-bit keyspace. It's social engineering without needing to be social. Beating the human factor is easier than beating math.

exposure of facts helps end pointless wars

[decora]

namely, Vietnam.

I have to ask..

Being a US citizen, am I in any legal danger if I look at the above mentioned leaks? Yes, there are probably 1000's of journalists looking at them, but I'm a lowly citizen with no clearance whatsoever. I reasonably ask this, because honestly, I don't know the answer anymore.

.... It's not paranoia if it's true, right?

Good book

[zooblethorpe]

I've read that same work; it's a solid dissection of the authoritarian phenomenon, from both sides -- those who cheer on the bullying leaders, and the bullying leaders themselves. It's not terribly short, but not overly long, and it's actually written in an approachable and reasonably legible style, which is unusual for high-end academia types. Well backed up, with footnotes and a bibliography for those so inclined. The author also explicitly released the book online for free, out of the view that he wants his findings as widely available as possible.

Worth the read. That's my 2p, anyway.

Cheers,