Slashdot Mirror
Wikileaks Releases A Massive "Insurance" File That No One Can Open
An anonymous reader writes "Anti-secrecy organization WikiLeaks just released a treasure trove of files, that at least for now, you can't read. The group, which has been assisting ex-NSA contractor Edward Snowden after he leaked top-secret documents to the media, posted links for about 400 gigabytes of files on their Facebook page Saturday, and asked their fans to download and mirror them elsewhere."
WikiLeaks insurance 20130815
A: 3.6Gb http://wlstorage.net/torrent/wlinsurance-20130815-A.aes256.torrent
B: 49Gb http://wlstorage.net/torrent/wlinsurance-20130815-B.aes256.torrent
C: 349GB http://wlstorage.net/torrent/wlinsurance-20130815-C.aes256.torrent
~ $ df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 292G 53G 225G 19% /
Hm... :|
The idea (I think) is that these files will be released in time, but releasing them all at once, but encrypted, is to discourage governments from arresting or killing the high-ups of WikiLeaks. The info will come out, just like it did last time (wasn't the last insurance file the bulk of cables that was eventually released?), but this is a mechanism for doing that while protecting themselves.
Wikileaks has always stated they desire responsible disclosure.
They publish individual documents, usually with conscious timing, after redacting names and potentially other information. The diplomatic cables were released by accident.
.: Semper Absurda
I know! There's no way I'm mirroring that, Michael Grunwald might launch an airstrike at me!
If their "mission" is openness - and the info is that damning - shouldn't they be publishing it? I mean, isn't that sort of the point of Wikileaks? Or just attention whoring?
I suspect they will expend a lot of hours working with outside entities to redact the documents of information that would threaten their sources or private citizens or anyone's life before releasing them, and getting their fans to mirror encrypted files is an "Insurance policy" ---- where powerful forces working against Wikileaks may become aware of the leak; Wikileaks folks have probably designed some elaborate scheme, contingency plan, or something strange of that nature to get the keys released in case of emergency: corporate or government interference, coercion, arrest, or kidnapping of the Wikileaks folks working to release redacted documents.
Getting 400 gigabytes of data uploaded to the internet in a pinch is no easy task.
But posting a 100 KB key far and wide to unlock 400 gigabytes of pre-distributed data, is a trivial thing.
I would assume the files are encrypted with a symmetric cipher like AES. Known plaintext attacks are not very effective against symmetric ciphers. Indeed they're designed to be resilient to chosen plaintext attacks.
Yep, I'll be downloading it with my annoying co-worker's computer after he goes home for the night. Come to think of it, I'll do it again from my boss' machine.
It's more likely that they've released the key for this file to the people they want insurance from. "See what we've got? All we need to do is release the key and everyone will know." They release these keys to a small set of folks around the world so they can publish the key if they need to. I bet that initial distribution list includes a senator and a head fo the CIA or something like that.
This is fundamentally a political act. The trouble is, there's no scaling back. Unless something happened behind the scenes that is not generally know, this'll be perceived as an escalation.
Gotta wonder why now, that idiot at Time Magazine aside.
The thing is, Western democracies have to get used to the Memory Hole, Cryptome, Wikileakeaks and the rest. You can play whack a mole with them or deal with the fact that people from now on will treat digital information in a way that nation states may not wish they would. This'll have positive and negative consequences but it needs to treated as fact.
---- The above post was generated by the Turing Institute. Maybe.
The last insurance file was spoiled by a news agency that screwed up handling the private key, and so wikileaks mitigated danger by making the leak obvious so that anyone on it could protect themselves.
It's basically an "oh shit, someone spilled blood in the water and the sharks are on their way, sound the alarm so people can get the hell out of the water."
And personally, I think it was an inside job from an intelligence agency that wished to ruin wikileaks by painting it as reckless, probably figuring that even leaking it to the news under seal was damaging enough that there was nothing more to be lost smearing wikileaks.
You are wrong in your irony. Wikileaks is not an anti-secrecy organization. They are a media organization (by their own account). They are against secrecy when it's being used to conceal dishonesty and unjust practices by governments (often to mislead the population). Wikileaks' own leak submit system relies heavily on secrecy to protect the sources from persecution, so you are pretty late with your remark.
I'm as real of an American as can be done. What I want is a more focused government. I do not want the militarization of local police. I do not want decisions that affect the lives of me and others made behind closed doors. If the NSA programs were more transparent and if they did no lie about what they are doing, it would not be as much of an issue. I do not want a government that itself finds too complex to manage and uses that as an excuse to not do anything. If they can not do the job, they should give the job to states or counties or towns.
As a real American, I want to be able to trust my government. Any faith in the government is only faith that it will not collapse in on itself. There is no faith in supporting those that pay into it, us tax payers. Those that do not pay tax are paid for the security of the tax payers, so they are also included.
I wouldn't call it an accident, it was more incompetence and negligence on part of Guardian journalists.
That's a pretty good assumption since all of the files end in .aes256.torrent.
'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
If the NSA suspects that certain of their internal documents occur in the insurance files, can't they use these as cribs to break the encryption?
These files were almost certainly from the NSA in the first place - they already have the unencrypted versions.
I imagine they also have a pretty good idea which specific files Snowden had access to.
#DeleteChrome
Whether NSA breaks it or not is actually irrelevant, wikileaks could even send the key to them without trouble.
The question is, do they (NSA) dare risk that the rest of us get access to it.
The idea (I think) is that these files will be released in time, but releasing them all at once, but encrypted, is to discourage governments from arresting or killing the high-ups of WikiLeaks. The info will come out, just like it did last time (wasn't the last insurance file the bulk of cables that was eventually released?), but this is a mechanism for doing that while protecting themselves.
In this case I believe Snowden holds the final encryption key, not Wikileaks.
He has stated he doesn't want to harm the US, and hopes the people or congress steps in and stops the NSA abuse without having to release the most damning evidence. Its not attention whoring, its a pretty good understanding of human nature. The whole discussion would be yesterdays news had he released it all at once. Amazingly, for a young man, he understands that short sharp shocks are easily put to bed by demonizing the source and burying the issue, and a drum beat of news has more effect.
You can see this going on today.
After a few political hacks attempting to cast him as a traitor were met with an equal amount of push-back calling him a hero, the administration abruptly changed tactics.
1) They stopped talking about Snowden.
2) They have started trying to prove that the spying is actually good for America. (Essentially owning the spying in the hopes the public will go along.)
3) They rushed to close embassies on the slimmest of evidence and are hoping desperately that there will in fact be some actual attacks.
So far the terrorists don't seem willing to play along. (In fact I believe the so-called intercepted "conference call" was made up of whole cloth, or was simply the terrorists "playing" the NSA. Since when to terrorists hold conference calls?. The attacks were supposed to happen last week, yet nothing at all is happening that wasn't already in progress in Egypt and Syria).
So its about time for a couple more of Snowden's Shoes to drop.
Sig Battery depleted. Reverting to safe mode.
Snowden holds the keys, not Wikeleaks. Your have your story muddled.
All wikeleaks is doing is making sure the file can't be destroyed at one source.
We can only hope that Snowden has the keys escrow-ed such that simply killing him prevents disclosure.
Sig Battery depleted. Reverting to safe mode.
Known-plaintext is helpful in cracking certain weak ciphers. One of the criteria for a cipher being strong, is that it *not* be vulnerable to a known-plaintext attack. As far as we know, aes-256 is strong.
Furthermore, cracking the files won't help the NSA. The info in them is likely already well-known to the NSA. It's however unknown to the public. Thus the NSA isn't as much concerned with cracking the encryption, as it is with -avoiding- that anyone else cracks it. (or learns of the key)
You seem to forget my point that the news agency is the one that leaked the key, not wikileaks itself. Wikileaks got burned by *someone else's* incompetence.
And I still suspect it was an inside job from a covert spook looking to ruin wikileaks by spoiling the private key.
They probably need to divide that gargantuan thing, 400GB, down into smaller, more manageable, chunks before encrypting it. Then they might get more people cooperating with them. How many people can download and store 400GB in one chunk?
As it turns out, plenty of people. I got 20Mbps down and terabytes of free space. It just takes about 55 hours to get all in and plenty of storage. And I have a pretty slow connection by today's standards. Most of my friends have 100Mbps down, meaning the file will be in in about 5.5 hours. It's really affordable by most in Europe.
Write boring code, not shiny code!
They probably need to divide that gargantuan thing, 400GB, down into smaller, more manageable, chunks before encrypting it. Then they might get more people cooperating with them. How many people can download and store 400GB in one chunk?
Also, the bigger the chunk, the more easily corrupted, and the corruption takes out the possibility of decrypting the whole thing?
If only there was some kind of error-correcting software that divided files into chunks for transfer; a way to download torrents of bits, if you will.
Shortly after Snowden escaped the U.S., one of the NSA's agents specifically stated that he got out with detailed architectural designs of their entire operation. This might be the payload he was talking about. That agent stated that the U.S. should handle Snowden with kid gloves and offer to forgive and forget in exchange for destroying that data. However, congress did not listen and instead had a knee jerk reaction by going on a witch hunt for him instead.
to what people are willing to give up for a good cause.
...but one downside (to Snowden/Wikileaks) of them giving interested government parties the key is then they will know exactly what can be used against them, and can then mitigate against the damage. Right now, the government is just being caught in a snare of lies; each subsequent release of information exposes the prior release's damage control efforts.
They have to balance their limited ability to vet people involved with the leaks against the public interest in knowing the contents of these documents.
They are doing the best they can in the circumstances, I'm not sure what more you could realistically ask for.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
If conference calls can cause America to close embassies, piss away money like there's no tomorrow and spy on its own citizens then I think we have to conclude that the terrorists are winning.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
If conference calls can cause America to close embassies, piss away money like there's no tomorrow and spy on its own citizens then I think we have to conclude that the terrorists are winning.
When you add up everything US citizens have lost, its clear the terrorists have already won big time.
But in all the years of chasing Bin Laden, and all the other terrorists that have been killed or captured when have you ever heard of a conference call? Secret messages, couriers, double blind message drops, and encrypted text messages. Not once conference call.
If it happened at all, I'm sure it was orchestrated to see what effect it would have and to determine if the NSA was listening.
But the timing suggests it was totally contrived by the NSA in some sort of childish attempt at self justification with the administration playing along. What is odd, is the press is buying the whole act, they've stopped talking about Snowden. 7th graders could concoct a more believable one act play on a saturday afternoon. The CIA will probably have to pay some useful idiots to toss grenades into the empty embassies when it becomes clear that nothing else was actually planned, and the egg starts running down their collective faces.
Sig Battery depleted. Reverting to safe mode.
What makes you think real americans are after said principles or have a grasp of declaration of independence?
What makes you think Real Scotsmen don't exist in a superposition of both true and untrue?!
No. An algorithm like AES in CFB mode, or CBC with an unpredictable IV, is mostly resistant to even very high percentage of plaintext known.
"Politicians and diapers must be changed often, and for the same reason."
They rushed to close embassies on the slimmest of evidence and are hoping desperately that there will in fact be some actual attacks.
This. They thought they could draw media attention away from Snowden and turn public sentiment back to uninterestedly issuing blank checks for the executive when it comes to terrorism. Recall that just earlier that week (or perhaps it was earlier the same day), some poll results found that more Americans were concerned with the domestic surveillance program than with terrorism.
There's something to be said about the timing. But there's even more to be said about the reaction. That it was so over-the-top pretty much made it clear that the right people were getting worried.
I wouldn't be surprised if some 9/11 consipracy-style event was to occur real soon, that it's in the works even now. After all, the FBI could have a president assassinated, and then have congress cover it up afterwards. What's a few hundred or thousand civilians, killed by a religious radical whose source for the raw materials could never be found? And then there'd be no debate about domestic surveillance anymore.
Eisenhower warned us. We did not listen.
"If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."