1.4GB mystery
By Chris Williams • Get more from this author
Posted in Law, 2nd August 2010 10:59 GMT
Free whitepaper – Web Threats 2010: The Risks Ramp Up
Wikileaks, the transparency website under pressure from the US government over its disclosure of intelligence documents from Afghanistan, has published a mysterious large file labelled 'insurance'.
The 1.4GB file is encrypted with AES-256, so its contents are unknown, but it was quietly posted on the site's Afghan War Diary page on Thursday, days after it controversially disclosed tens of thousands of frontline reports.
The new file has prompted speculation, including from Cryptome's John Young, that Wikileaks would publish the passphrase to decrypt the file if the US took action against spokesman Julian Assange or others involved in the site. The insurance file's contents could include the 15,000 reports Assange said Wikileaks held back last week to protect human intelligence sources on the ground, Young suggested.
The encrypted file is much larger than one containing the more than 90,000 reports which were published, however, and Assange has already stated Wikileaks will publish the remaining documents once they have been filtered by volunteers*.
Indeed, the 15,000 unpublished files have already formed the basis of a Sunday Times story on British special forces operations, so it seems unlikely the threat of publishing them alone would be effective "insurance".
The extent of US interest in Assange and his colleagues is unclear. In a press conference last week, Defense Secretary Robert Gates played down suggestions the Department of Defense might attempt to contact Assange over the affair. "I'm not sure why we would," Gates said. "You think he's going to tell us the truth?"
But limited action has already been taken. On Thursday Jacob Appelbaum, a Wikileaks volunteer and Tor Project employee, was stopped by customs officials as he entered the US from the Netherlands to speak at the Defcon security conference, it's reported.
He was questioned by men who identified themselves as FBI agents about Wikileaks and Assange, and his laptop was examined and returned. Appelbaum's three mobile phones were seized and not returned, according to Cnet.
It's widely believed the source of the leaks has also already been arrested. Bradley Manning, a low-ranking Army intelligence officer formerly based in Iraq, is under suspicion as the source of the files. He has been in jail since June for allegedly violating regulations over Wikileaks' previous disclosure of classified footage of a 2007 helicopter strike that killed civilians in Baghdad. ®
*On publishing the initial reports, Assange claimed they had been similarly checked to avoid identifying intelligence sources. In response to news that names and even GPS coordinates of some informants were nevertheless included, he blamed the US military.
"We are appalled that the US military was so lackadaisical with its Afghan sources. Just appalled. We are a source protection organisation that specialises in protecting sources and have a perfect record from our activities," he told The Observer yesterday.
"This material was available to every soldier and contractor in Afghanistan," he claimed, stretching the truth. However, the material was classified only as Secret, so would be relatively widely available to security-cleared individuals. As far as we know none of them published it, though.
Challenged that he had put lives at risk Assange responded: "Well, anything might happen, but nothing has happened."
WikiLeaks: Of Bluffs And Secrets
Aside from the ongoing legal proceedings in Sweden (the latest twist of which has seen Swedish authorities issue a warrant to detain Julian Assange in absentia, Australia announced a "whole-of-government task force" to investigate the leaked cables "to see what impact [they] may have and what action should appropriately be taken to firstly reduce any...adverse impact [and] what can be done to rectify the situation." That is: What can be done to constrain or eliminate WikiLeaks.
This is to say nothing of what WikiLeaks claims was a "massive" denial-of-service attack on its servers on Sunday evening. If this is true, and considering the international distribution and variety of the organization's servers and databases, there are few countries with the capability to wage such a large yet precise digital campaign. The organization, then, is indeed up against heavy hitters, to the point that the Swiss government felt inclined to provide a four-man security detail for Assange during his recent speech in Geneva, according to an anonymous editorial by WikiLeaks volunteers.
In my last post, I discussed briefly the peculiar dynamics, if not paradoxes, of American power, and how it relates to WikiLeaks' agenda. The United States' strong liberal tradition, the proactiveness of its citizens, its extreme digitalization, its vast wealth and equally vast military reach, coupled with the watchful eyes of other nations, both friendly and antagonistic, from governments, everyday people, watchdog groups and transnational agents alike, make it the center of an international system that WikiLeaks wishes to undress. Simultaneously, this cocktail of ideals, geopolitics, and technology is also the major reason why Assange and company have survived for so long.
Doubtlessly, WikiLeaks knows this. There is only so long it can continue to hop countries and hide behind pseudonyms, clever cryptography, and proxy servers before its growing list of enemies finally catches up to it. That is precisely why it has been spreading a mysterious file ever since the release of the Afghan War logs in July.
Called "insurance.aes256," the nature of its 1.4 gigabytes of encrypted content is unknown. WikiLeaks has given only one major hint. In an interview with Democracy Now, Assange was directly asked about the file, to which he replied: "Well, I think it's better that we don't comment on that. But, you know, one could imagine [a] situation that it might be worth ensuring that important parts of history do not disappear."
Many individuals and organizations have tried to crack the file. In principle, it shouldn't be difficult: According to the website Cryptome, it appears to be encrypted via OpenSSL, a fairly common and open-source method of encryption. However, it has proven impervious to penetration (or if anyone's cracked it, they aren't talking).
A lot of curiosity has surrounded the ".aes256" extension. At first glance, it seems to suggest an Advanced Encryption Standard (AES) algorithm. Such algorithms are used by U.S. military intelligence systems and have figured prominently in speculation that the United States' National Security Agency (NSA) spies on the American military via electronic "backdoors."
Interestingly, back in July, Cryptome changed the extension to ".txt" and uploaded it to the Firefox web browser. They found only one word: "Salted." It was obviously a pun (i.e., salted crackers). I should note that when I tried the same trick, all I got was a huge torrent of gibberish.
At any rate, I think it's more likely that the extension is itself also a joke, namely, a reference to WikiLeaks' view of itself as the "Intelligence Agency of the People." In my view, the real hint could lie in the numbers "256." At the moment, my guess is that these point to a key date or program necessary for opening the file.
So can we indirectly surmise what's in there? Comparing the file's size to WikiLeaks' previous leaks presents the most obvious and potentially enlightening strategy. Here are the hard numbers of WikiLeaks' published archives to date, provided by Cryptome and supplemented by me with the latest leak. They're arranged according to release period:
- December 2006 -- February 2008: 395MB
- February 2008 -- April 2010: 3.9GB
- April 2010 -- September 2010: 1.5GB
- October 2010 -- November 2010: 2.05GB
- Total: 7.84GB
The 3.9GB chunk was mostly a huge cache of reports from the Congressional Research Service, which WikiLeaks released under the title, "Change you can download," but included many other small items. The breakdown of the remaining loads are:
- "Collateral Murder" video: 630MB
- The Afghan War Diary: 140MB
- The Iraq War Diary: 460MB
- The Embassy Files: 1.6GB (the ultimate total, according to "The Guardian")
- insurance.aes256: 1.4GB
- Total without insurance.aes256: 2.81GB
- Total with insurance.aes256: 4.21GB
So it seems the most likely explanation is that insurance.aes256 is a compressed version of the 2010 releases, perhaps with some materials not yet disclosed by WikiLeaks.
But don't pat me on the shoulder just yet. The blogger Oakwhiz performed a probability analysis on the file and came to this wary conclusion: "The file is almost completely random. [It] could just be 1.4GB of random garbage designed as disinformation intended to throw us off, or it could be some big secrets that WikiLeaks is blackmailing the government with."
In fact, both could be true. The secret is that it's just a bluff, or the bluff is that it's got a nasty secret. This would indeed be a masterful "insurance package," and perhaps one of the slyest bluffs in the increasingly entangled histories of hacking and espionage.
-- Christopher Schwartz
Sphere: Related Content
Nenhum comentário:
Postar um comentário