All WikiLeaks' secret US cables are on BitTorrent in full

The Guardian published crypto password


Wikileaks has accused a Guardian journalist of negligently publishing the passphrase for a database of unredacted secret US diplomatic cables in a book. The encrypted database is available on BitTorrent.

The book by David Leigh, Inside Julian Assange's War on Secrecy, contains an excerpt explaining how he persuaded Julian Assange to give him the PGP passphrase, named as ACollectionOfDiplomaticHistory_Since_1966_ToThe_PresentDay#.

Armed with the passphrase, interested parties possessing the relevant encrypted database can see copies of the controversial documents. The material includes raw copies of more than 100,000 classified US diplomatic cables.

WikiLeaks published carefully redacted and selected samples of the US diplomatic cables starting last November. Details pointing to the identity of informants or naming agents contained in the raw Cablegate archive were removed. After months in hiatus the whistleblowing site began publishing further cables at a greatly increased rate last week.

The passphrase disclosure problem must have been known about for months but only became public after German magazines highlighted the issue recently.

WikiLeaks, which has remained silent on the issue in order to avoid drawing attention to the presence of the passphrase in The Guardian book, said that it has "spoken to the State Department and commenced pre-litigation action" against The Guardian. It accused the paper of an "act of gross negligence or malice".

In a story about the availability of the unredacted cables, The Guardian said it was told it was supplied with a "temporary password which would expire and be deleted in a matter of hours."

The paper goes on to say:

The embassy cables were shared with the Guardian through a secure server for a period of hours, after which the server was taken offline and all files removed, as was previously agreed by both parties. This is considered a basic security precaution when handling sensitive files. But unknown to anyone at the Guardian, the same file with the same password was republished later on BitTorrent, a network typically used to distribute films and music. This file's contents were never publicised, nor was it linked online to WikiLeaks in any way.

The Guardian adds that WikiLeaks has not previously objected to Leigh's book, which was published back in February. "No concerns were expressed when the book was published and if anyone at WikiLeaks had thought this compromised security they have had seven months to remove the files," stated the paper.1

Once one of five trusted international media partners, the Guardian and Assange had fallen out spectacularly even before the publication of Leigh's book, mainly over early Guardian stories on the sex allegations against Assange in Sweden that remain the subject of ongoing extradition proceedings.

Last year a former WikiLeaks volunteer gave access to the database to a freelance reporter, Heather Brooke, without the permission of Assange. So this latest incident is not the first time WikiLeaks has lost control of its unredacted Cablegate database. The difference this time around is that anyone - potentially intelligence agencies within oppressive regimes that are hostile to the US, and not just a few hacks - will be able to obtain raw copies of the sensitive diplomatic diplomatic cables. ®

Bootnote

1Removing or changing the location of the cables file on the Wikileaks site would have had no effect once the database was on the torrents.

Broader topics


Other stories you might like

  • Telegram adds paid tier as it cracks 700 million users
    Without so much as a mention of encryption, but with a pastel-hued emoji-heavy nod to ‘sustainable monetization’

    Messaging app Telegram, which came to prominence for offering end-to-end encryption that irritated governments, has celebrated passing 700 million active monthly users with a pastel-hued announcement: a paid Premium tier of service.

    A Sunday post celebrates the 700 million user milestone by announcing a $4.99/month tier. The Premium tier distinguishes itself from the freebie plebeian tier with the ability to upload 4GB files, unthrottled downloads that come as fast as users' carriers will allow, and the chance to follow up to 1000 channels, create up to 20 chat folders each containing up to 200 chats, and to run four accounts in the Telegram app.

    Paying punters will also get exclusive stickers and reactions and won't see ads once they sign up to hand over coin each month.

    Continue reading
  • UK Home Office signs order to extradite Julian Assange to US
    WikiLeaker-in-chief to appeal Priti Patel's decision

    UK Home Secretary Priti Patel today signed an order approving the extradition of Julian Assange to America, where he faces espionage charges for sharing secret government documents.

    Assange led WikiLeaks, a website that released classified files including footage of US airstrikes and military documents from the Iraq and Afghanistan war that detailed civilian casualties.

    It also distributed secret files revealing the torture of detainees at Guantanamo Bay, and sensitive communications from the Democratic National Committee and Hillary Clinton's campaign manager, John Podesta, during the 2016 US presidential election. 

    Continue reading
  • Protecting data now as the quantum era approaches
    Startup QuSecure is the latest vendor to jump into the field with its as-a-service offering

    Analysis Startup QuSecure will this week introduce a service aimed at addressing how to safeguard cybersecurity once quantum computing renders current public key encryption technologies vulnerable.

    It's unclear when quantum computers will easily crack classical crypto – estimates range from three to five years to never – but conventional wisdom is that now's the time to start preparing to ensure data remains encrypted.

    A growing list of established vendors like IBM and Google and smaller startups – Quantum Xchange and Quantinuum, among others – have worked on this for several years. QuSecure, which is launching this week after three years in stealth mode, will offer a fully managed service approach with QuProtect, which is designed to not only secure data now against conventional threats but also against future attacks from nation-states and bad actors leveraging quantum systems.

    Continue reading

Biting the hand that feeds IT © 1998–2022