Guardian journos and hackers collective Anonymous implicated as Cablegate blows apart
Everything that Julian Assange has, you can now have, for the price of a 368-megabyte download over a couple of hours. It’s said to be the full shebang, all 250,000 plus US diplomatic cables — uncensored, with all names and personal details intact.
WikiLeaks had been slowly releasing them for months, until last week when half the load was suddenly dumped. Last night, WikiLeaks told supporters to stand by for an important announcement, then released two links to the whole encrypted file for download by BitTorrent and Magnet.
I didn’t rush to get it (being on a dial-up teaches you patience). But I can give you the password to decrypt it if you did. Me and hundreds of thousand others, that is.
There are several files, zipped with 7z and encrypted with GPG. One is the 368Mb zip, whose lengthy passphrase has now been published. Another is 409Mb without a passphrase.
One site where the files are available says there’s no guaranteee of authenticity. Expect to be deceived, it says.
What happened? A clash of huge egos, including a pair of Guardian journalists, and turf wars among leakers and anti-leakers. Here’s one account:
A Tangled Web: How the WikiLeaks Cables Were Released Unredacted
condensed from the original
In a clash of egos, ideologies and blatant name-making, WikiLeaks, OpenLeaks, the Guardian newspaper and purported Anonymous members were all culpable here.
On August 31st, 2011, the events, facts and failures unfolded like the plot of a Shakespearian melodrama. It followed a few days where the usual trickle of officially released, lightly redacted WikiLeaks cables became a veritable rush. Suddenly the reports were overtaken by something much bigger. The whole collection was out in one big cache. The system of release had been pre-empted.
American diplomatic cables were in the process of being made public by WikiLeaks, when the site was attacked. On Aug 30, WikiLeaks went down, but it was soon reinstated. On Aug 31, WikiLeaks responded by posting two links. Supporters were asked to download it and keep it safe. There was no indication as to what the file contained and no password. The implication was loud and clear. This was a file for safe-keeping.
As supporters rushed to download the file, the WikiLeaks site came under attack again. While the homepage and others remained intact, the archives section disappeared.
AnonCMD, a self-proclaimed member of Anonymous, claimed responsibility.
The Entire WikiLeaks Cables Database Enters the Public Domain
Soon, there was no question that the inconceivable had occurred. The whole of the WikiLeaks collection of cables was available to the public.
In unredacted form, this meant that each contained clues or direct links to the whistleblowers’ identities. Potentially dangerous information was still included.
But the culprits weren’t Anonymous. It was a combination of folly from several personalities charged with keeping the files secret.
How the WikiLeaks Security System Failed
On Nov 28 last year Julian Assange had placed a file containing all the WikiLeaks data online. It should have been secure and was unremarkable enough to have remained undetected until Aug. 31.
Then former WikiLeaks volunteer Daniel Domscheit-Berg made it public. In the process of setting up a rival whistleblowing site, OpenLeaks, Domscheit-Berg approached members of the Computer Chaos Club in Germany. The club was allegedly told of the files existence, as well as being given the password phrase to access it.
Domscheit-Berg was ejected but that appeared to spur him on to tell a wider internet audience.
Though knowing about the file, he had never personally been given the password phrase. He had found it published in a book entitled WikiLeaks: Inside Julian Assange’s War on Secrecy written by two reporters from The Guardian.
David Leigh and Luke Harding were given access by Julian Assange, in December 2010. The passage makes it very clear that this was the PGP encrypted file’s password, though it implied that the file itself was not in the public domain.
Mr Domscheit-Berg simply joined up the dots, linking file with password phrase, and let the world know what he had stumbled upon.
The Response from WikiLeaks and The Guardian
At 11.44pm BST, on Aug 31 WikiLeaks gave a statement in response to Cablegate. It placed the blame for the leak solely upon David Leigh and Daniel Domscheit-Berg. Legal proceedings were commencing against both individuals.
The unnamed author stated that WikiLeaks had been aware of the encroaching leak, hence the sudden surge in redacted cables being released in recent days. But they could not act further without drawing attention to the file and password, thus causing their own leak. The file, which had been widely mirrored, could not be effectively removed. The statement warned that people’s lives were now endangered and the system, which had led to the Arab Spring, was now compromised.
James Ball, responding in The Guardian, claimed negligence on the part of Julian Assange.
David Leigh believed the password phrase to be temporary and that the file would be taken offline as soon as it had been downloaded. Therefore felt no harm was to be had from publishing it in his book. Ball implied that the password had been reused for a file later placed online.
No party has yet apologised.