Last year WikiLeaks got hold of 250,000 US Diplomatic cables that had been sent between US Embassies and the State Department. Several newspapers (the Guardian in Britain and the NYT in the US amongst others) did a deal with Assange and WikiLeaks to publish the data. They also said that they would redact any data that would prove dangerous to individuals before publication. Since then we have had a trickle of information coming out from these newspapers.
Much of this information has been fairly uninteresting. However a great deal of it involves third world or dictatorial regimes, and the redaction was necessary to protect people mentioned in the cables.
However, because of a series of stupid actions, the full unredacted cables are out in the public domain. Now anybody can read the full detail of the cables. And that can only be a really bad thing.
(A note: below I am using the term 'password' when it should really be 'encryption key' or 'passphrase'. I have done this to make it more readable to the layman).
As far as I can tell from various good sources, the following occurred:
- Assange and the newspapers came to a deal to publish the cables.
- The papers wanted to publish the data in redacted form; Assange reportedly did not like this.
- Assange encrypted the data and placed it onto an obscure ('hidden') area of a server. As it happens, this was not very hidden.
- He met with the Guardian journalists. He handed them most of the password on a piece of paper and told them the rest of it verbally.
- The Guardian journalists decrypted the data, redacted pieces and started publishing.
- The original file was not removed from the WikiLeaks server.
- Meanwhile, a split occurred in the WikiLeaks organisation. Someone took a copy of all the WikiLeaks data - including the 'hidden' file - and published it on servers belonging to their new rival organisation. People downloaded all the data, including the hidden file.
- Two Guardian journalists published a book that included the 'real' password of the file. They claim that they had been assured that WikiLeaks would remove the file once they had downloaded it.
- The Guardian and Assange had a falling-out after they investigated the claims of rape against him.
- It takes a few months, but someone eventually realised that the password given in the book is the *real* password and managed to find and decrypt the file.
It was an atrocious password to be used in something of such importance (although not as bad as Rebekah Wade's hilariously poor password for her News International email account). True, Assange's password is long, but length does not equate to security. It is a spectacularly poor choice given Assange's paranoia about security - I would hope that his 'insurance' file has a better-conceived and executed password.
Ordinarily I would not have published the password in this posting myself, but given that it is available in a printed book and is on many other websites, I see little harm.
Even if the Guardian journalists had changed the password, the other information given in the book would give someone attempting to crack Assange's passwords an idea about how he generated them. For instance, it is clear that he thinks security is added by writing down a partial password then having a word that can be added to complete it - indeed, a word that makes sense in the context of the whole password. Such knowledge can help people work out what any particular password might be, and it was exceptionally stupid - nay, gormless - to put any such information in the public domain.
There is so much fail in this:
- WikiLeaks should not have relied on 'hiding' the data on a server.
- WikiLeaks should have kept the data much more secure. Once the Guardian had a copy of the data, it should have been removed from the hidden location.
- WikiLeaks should have used a more secure password (there are plenty of programs to pseudo-randomly generate passwords.
- The Guardian journalists should never, ever have published the real password in any public form.
- The Guardian journalists should have checked that the data had been removed.
- The Guardian and/or WikiLeaks should have realised that the password was publicly available and made attempts to mitigate the problem.
Assange seems to think of himself as a professional, but he has shown himself (and WikiLeaks) to be rank amateurs who evidently know little about security or the underlying technology. The Guardian journalists are meant to be professional, but have shown themselves to be dangerous amateurs.
WikiLeaks have now released the full unredacted form of the cables, which, it is suggested, Assange wanted to do in the first place. They can do this without being *blamed* for the data being made public, as they are blaming the Guardian for that. And the Guardian can blame WikiLeaks. Rather convenient, really...
People may well suffer or die because of this. There should be a special circle of hell reserved for people capable of such negligence.
No comments:
Post a Comment