Unredacted U.S. Diplomatic WikiLeaks Cables Published -- with Key

Started by CrackSmokeRepublican, September 03, 2011, 01:55:07 AM

Previous topic - Next topic

CrackSmokeRepublican

From http://it.slashdot.org/story/11/09/02/2 ... yption-Key

http://www.guardian.co.uk/media/2011/se ... ted-cables


Quotehttp://www.spiegel.de/international/world/0,1518,783778,00.html

09/01/2011
 
Leak at WikiLeaks
A Dispatch Disaster in Six Acts

By Christian Stöcker
-----------------------------------------------------
Schneier on Security  <:^0

A blog covering security and security technology.

September 1, 2011
Unredacted U.S. Diplomatic WikiLeaks Cables Published

It looks as if the entire mass of U.S. diplomatic cables that WikiLeaks had is available online somewhere. How this came about is a good illustration of how security can go wrong in ways you don't expect.

Near as I can tell, this is what happened:

    In order to send the Guardian the cables, WikiLeaks encrypted them and put them on its website at a hidden URL.
    WikiLeaks sent the Guardian the URL.
    WikiLeaks sent the Guardian the encryption key.
    The Guardian downloaded and decrypted the file.
    WikiLeaks removed the file from their server.
    Somehow, the encrypted file ends up on BitTorrent. Perhaps someone found the hidden URL, downloaded the file, and then uploaded it to BitTorrent. Perhaps it is the "insurance file." I don't know.
    The Guardian published a book about WikiLeaks. Thinking the decryption key had no value, it published the key in the book.
    A reader used the key from the book to decrypt the archive from BitTorrent, and published the decrypted version: all the U.S. diplomatic cables in unredacted form.

Memo to the Guardian: Publishing encryption keys is almost always a bad idea. Memo to WikiLeaks: Using the same key for the Guardian and for the insurance file -- if that's what you did -- was a bad idea.

EDITED TO ADD (9/1): From pp 138-9 of WikiLeaks:

    Assange wrote down on a scrap of paper: ACollectionOfHistorySince_1966_ToThe_PresentDay#. "That's the password," he said. "But you have to add one extra word when you type it in. You have to put in the word 'Diplomatic' before the word 'History'. Can you remember that?"

I think we can all agree that that's a secure encryption key.

EDITED TO ADD (9/1): WikiLeaks says that the Guardian file and the insurance file are not encrypted with the same key. Which brings us back to the question: how did the encrypted Guardian file get loose?

EDITED TO ADD (9/1): Spiegel has the detailed story.

Posted on September 1, 2011 at 12:56 PM • 57 Comments


---------------

That is a good example of what can go wrong when people use encryption without fully understanding what they are doing. If they had they probably would not have published the real key.

Posted by: kevinm at September 1, 2011 1:01 PM

Nice work. I just laughed out loud.

Posted by: Aaron at September 1, 2011 1:18 PM

having trouble confirming that this password works for the insurance file.

sha1sum : cce54d3a8af370213d23fcbfe8cddc8619a0734c insurance.aes256

gpg --output z.7z -d insurance.aes256
gpg: no valid OpenPGP data found.
gpg: decrypt_message failed: eof


$ openssl enc -d -aes256 -in insurance.aes256 -out insurance -pass 'pass:ACollectionOfDiplomaticHistorySince_1966_ToThe_PresentDay#'
bad decrypt


can anyone else confirm?

Posted by: nullspace at September 1, 2011 1:18 PM

Wikileaks claims that the password was for the Guardian's file, not the "insurance" file.

https://twitter.com/#!/wikileaks/status ... 7961517056

I'm inclined to believe them, and it seems easy enough to test -- has anyone with the "insurance" file actually managed to open it? I haven't heard anyone make that claim.

Posted by: ipsin at September 1, 2011 1:26 PM

wikileaks says it's not for the insurance file: https://twitter.com/#!/wikileaks/status ... 7961517056

then why are they reacting as if it was? Looks like bad reporting all around.

Posted by: nullspace at September 1, 2011 1:31 PM

Can someone come up with a black list of reporters who published articles on this without bothering to do some fairly trivial fact-checking? I doubt they have been more careful when verifying the content of their stories is actually *difficult*.

Posted by: David at September 1, 2011 1:36 PM

This reminds me of a Dilbert quote:

Stupidity is like nuclear fuel: it can be used for good or evil.
But in either case, you don't want to be too close to it.

In this case stupidity at the Guardian hit critical mass :-(

Posted by: Dom De Vitto at September 1, 2011 1:39 PM

Well what if it was intentional leak? Assange once said he didn't like anonymizing the leaks. In that case this was all a very well orchestrated plan.

Posted by: mike at September 1, 2011 1:40 PM

Presumably though, the encryption key published by the Gruniad would have been misspelled?

Posted by: NobodySpecial at September 1, 2011 1:40 PM

That's not quite what happened.

Der Spiegel has a detailed description http://www.spiegel.de/international/world/... .

Posted by: Vilhelm S at September 1, 2011 1:46 PM

A suggestion for future book authors:

"This story is based on actual events. Only the names AND PASSWORDS have been changed to protect the innocent."

Posted by: Alan at September 1, 2011 1:46 PM

Can we assume that other keys were constructed in similar ways to reduce the search? Now we have an example O:)

Posted by: guillem at September 1, 2011 1:48 PM

(or I should say: that _is_ what happened, but the Spiegel article has more details).

Posted by: Vilhelm S at September 1, 2011 1:52 PM

what a crappy professional password
and endangering lives

this is a good password: & make many copies and store it in many safe places...

P$mdCGI#fyI1i(2&tfyptc6=e(rneEtTVdcopnI4gBa7F0W%5Cwe4hV5L1xHQ=qGSsDRrI)6?bEwSFWRv2uHiijp4wf8#G(Q6yDvGtn1syi#p+g!dlEUHqngtXd%DleAl3l1yd=uQvnWHuMDt35tI5re2NeDjXmkH7YX)xogPv3yq1dcB)fFQ6(VhAJ$5hUpQL&Q+7E5m#1+&XaT8jp436sQ=yU)Pw(1TUnoM5ibo62rO$&3mHVDPn2OIw3gw0!(MKkdMpRB0$xd2j+oiV38bp?aT1SeA$VhYohVFVfw6Qc=36wSBs)f$AlHQesd4A3wv2rBp6vF2gdgB?+U1DjLSFTHOsr7jqgW4OP(QOIw2vKX6AT+riDs(QhK)nmMSU&tLe=DX$)ojWp5B2aa6+CRK85dgbv)di2mwrhMxmHUE2l1xhRuSF4ECVgAPw&b1aIGQ1EG$itftC7Db1UI?Fdgu!6++VdH1CI?ymK0Jq03sD3mq%IbehOKIj?lc7VqQmo&qPHxOXShmvvYwD%utOv65OqrMhIbA0T?w$G7BToE$uEFija7vDJ$!PuPFM(U=HgoN6uyVF!!qsF=xgu$LJ65TWEwX#T1OeiHrE5g85K1E2(Pa1G70G=I2P+Vv1XewL!RIcNk#OvoEA2!#F1fSWK$Lt+(OtEqRdDwQug+o02OP6wdDbS1kF73&&Cn5yP!M!QIi1Nup077lpl1CO$uyDkmm$dPkWfQ(MwYIOsHD+OkP(x#xi0&lqGXP7VmxMO+fj+=BOeytlMWxkfoEdS13r1wLVCkTmJC#vn2


Posted by: ralph at September 1, 2011 2:06 PM

Small typo in the second addendum: "WkikLeaks". :-)

Posted by: Anonymous Grammar Nazi at September 1, 2011 2:09 PM

Have a look at the German news sites. Der Spiegel has a detailed write up - and it's even worse.

Apparently, when Wikileaks' presence was attacked by Lieberman and his ilk, the encrypted Guardian archive made it into the mirroring kit. possibly the document collection was arranged somewhat hastily and Assange didn't even realize first what was in there.

That mirroring kit was then distributed as one big torrent, thus irrevocably distributing the encrypted guardian archive.

So once the Guardian book came out, everything was sitting there in plain sight.

And it gets worse. Apparently, at some point in time the people around Daniel Domscheidt-Berg - the disgruntled ex-Wikileaks architect - realized what had happened there - and sat on that knowledge. But when the mud slinging contest between DDB and Assange escalated they tipped off the press - namely a "Der Freitag" reporter.

"Der Freitag" is a young magazine still trying to make a name for itself. So when they got this scoop, they of course published a very thinly veiled version of the story.

Soon people started adding 2 and 2, and voilà - we have unencrypted Cablegate archives.

Conclusion - instead of fighting Assange, the letter soup agencies should have advised him. Security isn't only secure software - it's also secure procedures around it.

Posted by: Chris W at September 1, 2011 2:10 PM

Addendum: DDB was summarily and very publicly kicked out of the CCC (German Chaos Cumputer Club) a few weeks ago.

Back then, only a very flimsy reasons were given. Now the assumption is the CCC folks learned about this desaster and did not want get involved with this.

Posted by: Chris W at September 1, 2011 2:28 PM

I guess that no one at the Guardian knows about hunter2?

Posted by: Sas at September 1, 2011 2:30 PM

The "insurance.aes256" file is not encrypted with the published password, nor is it the file that was decrypted. Der Spiegel has a more complete -- and accurate as far as I know -- account at http://www.spiegel.de/international/world/... . The Spiegel account differs from my personal knowledge in only one particular -- Leigh claims that the file as circulated is not the same filename he originally received from Julian, so either it was renamed on the server or Julian reused the same password for multiple distributions. AFAIK there's no reason to believe the file Leigh received has different contents than the z.pgp that is decrypted by the published password.

To answer your question "how did the file get loose", the Spiegel narrative covers that pretty well. z.pgp was in an un-linked but easily bruteforceable subdirectory of the wikileaks file server, and was included in several of the early wikileaks mirror torrents from 2010.

Turns out, key management is hard.

Posted by: Andy at September 1, 2011 2:35 PM

They didn't remove the file, but mirrored it all over the net and the guardian journalist published the password.

Posted by: Tuttle at September 1, 2011 3:03 PM

@Andy FTFY: "Turns out key management is hard when one side publishes the key you gave them in a book."

Posted by: eve_wears_a_badge at September 1, 2011 3:13 PM

US government can't keep secrets, and neither can Wikileaks. No surprises here. If more than one person knows a secret....

Posted by: Grahame at September 1, 2011 3:48 PM

Wikileaks is, and has been, irresponsible and immature.

I am not surprised this happened.

Posted by: vlion at September 1, 2011 4:45 PM

I fail to see why this is a bad thing. Very little good can come of the government keeping secrets.

IMO, if something needs to be kept secret then the government should probably not be doing it.

Posted by: squarooticus at September 1, 2011 5:02 PM

So since when is publishing a password a good idea ?

Although the entire story is a classic MFU of the worst kind, I am definitely not buying the Guardian's explanation that they were told the password was "temporary". If my understanding of GPG symmetrical encryption is correct, this is absolute nonsense. It's pretty much obvious that at this point - and especially after the scandal that brought down NoTW - they will tell anything to save their skins. Mr. Leigh, the journalist who wrote that book, has some serious soul searching to do:

1) either he is lying
2) or he has been played
3) or he has been horribly negligent.
4) All of the above

Which in all cases makes him a really strong contender for the annual "Moron of the Year" title.

Posted by: Dirk Praet at September 1, 2011 5:46 PM

@squarooticus:

It's a bad thing because some of the cables involve real people, such as informants who have shared info with the U.S., and whose actual names (or enough info to readily identify them) are contained in the cables. When Wikileaks was releasing cables themselves, they redacted that kind of identifying info. Now that its all out in the open, some of those informants are at risk of being killed by e.g. the governments they betrayed. It might make it harder for the U.S. to recruit sources in the future -- they couldn't keep these people's identities secret, so why would anyone trust them to keep their identity secret in the future?

And yeah, I agree that the Guardian should not have published the password for any reason. The weakness may have already existed, but I think that publication should still be blamed for the breach. I'm not advocating security by obscurity here, but if they hadn't published the password this fiasco probably wouldn't have happened. The weakness might have gone undiscovered, which would have been bad for Wikileaks (who believed they were secure when they were not) but would have been infinitely better for those who are now at risk. Never assume an unnecessary disclosure like that is "harmless"... anyway, what possible benefit could it have to publish a real password, discontinued or not??

-------Take extra care if you poke around on these links.... --CSR
http://cryptome.org/z/z.7z [cryptome.org] (368MB) pwd: ACollectionOfDiplomaticHistorySince_1966_ToThe_PresentDay# http://pastebin.com/SBq9Xpsr [pastebin.com] http://cryptome.org/xyz/x.gpg.torrent [cryptome.org] (Returns xyz_x.gpg, 409MB. No passphrase yet) http://cryptome.org/xyz/y.gpg.torrent [cryptome.org] (Returns xyz_y.gpg, 88MB. No passphrase yet) http://cryptome.org/xyz/y-docs.gpg.torrent [cryptome.org] (Returns xyz_y-docs.gpg, 8MB. No passphrase yet) http://cryptome.org/xyz/z.gpg.torrent [cryptome.org] (Returns xyz_z.gpg, 368MB. Passphrase below) "xyz_z.gpg" and "z.gpg" appear to be identical and both decrypt to "z.7z." The decrypted file is "z.7z," 368MB, which unzips to "cables.csv," about 1.7GB in size, dated 4/12/2010.
After the Revolution of 1905, the Czar had prudently prepared for further outbreaks by transferring some $400 million in cash to the New York banks, Chase, National City, Guaranty Trust, J.P.Morgan Co., and Hanover Trust. In 1914, these same banks bought the controlling number of shares in the newly organized Federal Reserve Bank of New York, paying for the stock with the Czar\'s sequestered funds. In November 1917,  Red Guards drove a truck to the Imperial Bank and removed the Romanoff gold and jewels. The gold was later shipped directly to Kuhn, Loeb Co. in New York.-- Curse of Canaan