The Guardian has now responded to Wikileaks' accusations. They state that they were told that the password was only temporary, and that the server from which the file was downloaded was only live for a few hours.
They also claim that the file was available on BitTorrent at some point.
This statement raises a valid point, namely how the files came to be posted on the web. Had their present location been controlled by Wikileaks, the file would have been removed by now. According to Spiegel (original), the file was posted online by "supporters", after it was handed back by Daniel Domscheit-Berg, who had seized the Wikileaks servers. According to Heise, he was asked to return the old Wikileaks website, which he did. The file in question must have been transferred along with it.
Please see our previous coverage for more information.
It finally happened. An old cablegate file was detected on the internet, and it could be decrypted with a password that was published by a Guardian journalist. The file is not in an obvious location, and it may be doubted that anyone would have ever found it, along with the matching password, had it not been for Der Freitag publishing an article on the matter, which was then followed up by several other news outlets. Der Freitag is a media partner of Openleaks and has strong ties with the Guardian.
WL Central had guessed the source of the password early on but decided not to publish.
Wikileaks responded with the following statement:
"Statement on the betrayal of WikiLeaks passwords by the Guardian.
GMT Wed Aug 31 22:27:48 2011 GMT
A Guardian journalist has, in a previously undetected act of gross negligence or malice, and in violation a signed security agreement with the Guardian's editor-in-chief Alan Rusbridger, disclosed top secret decryption passwords to the entire, unredacted, WikiLeaks Cablegate archive. We have already spoken to the State Department and commenced pre-litigation action. We will issue a formal statement in due course.
For our previous coverage of the topic please see this link.
In the light of the recent press statements by Openleaks spokesperson Daniel Domscheit-Berg we decided to have a look at some older coverage, in particular his Spiegel interview from the 27th of September 2010. It appeared soon after he had left Wikileaks, and it was also translated into English.
The first question of the Spiegel reporters concerned the state of the Wikileaks IT infrastructure. Asked why the Wikileaks e mail system was down, Domscheit-Berg answered:
"Es gibt technische Probleme und niemanden, der sich darum kümmert. WikiLeaks steckt in einer Phase, in der sich das Projekt verändern müsste. Wir sind in den letzten Monaten wahnsinnig schnell gewachsen und müssten uns dringend in allen Bereichen professionalisieren und transparenter werden. Diese Entwicklung wird intern blockiert."
"There are technical problems and no one to take care of them. WikiLeaks is stuck in a phase in which the project has to change itself. We grew insanely fast in recent months and we urgently need to become more professional and transparent in all areas. This development is being blocked internally."
He does not mention that it was him and an associate who took the servers offline, as he now admitted. Rather, he makes it appear that this was a general structural problem.
Another very interesting fact is that he admits to having coordinated the finances of Wikileaks. Thus, he acknowledges that he knew about the funds available via the Wau Holland Foundation. This makes it very difficult to comprehend, why he would have paid servers privately, as he has now claimed.
According to Spiegel, a complete version of Cablegate has been available on the internet. This is their account of the story:
Julian Assange uploaded an encrypted archive containing Cablegate to the Wikileaks webserver, to share it with an associate, to whom he also gave the password. When Daniel Domscheit-Berg left the organization together with the Architect, he took the content of the webserver with him. He eventually returned some of the data a few weeks later.
At this point the narrative is not entirely clear. Spiegel goes on to say that supporters published the data on the web, along with the encrypted Cablegate file. Simultaneously, the associate published the password. The vulnerability remained unnoticed, until Openleaks staff pointed it out.
WL Central could not verify these claims. It is however clear that the vulnerability was first pointed out by Der Freitag, a media partner of Openleaks.
In a variety of aspects, this is a very strange story. First, it seems odd to use the main Wikileaks website for transfer of sensitive data. This could easily have been done by other means, in a more secure way. Next, one is left wondering how anyone could have overlooked a massive archive in a hidden subdirectory when setting up a website. Most striking is the fact that someone would be irresponsible enough to publish a password.
Openleaks staff must have known about this vulnerability for some time, but did not bother to reveal it to those in charge of the website, nor did their media partners. It is certainly right to report about it, but it should be done in a responsible manner, making sure the file is removed before this information is publicly available.
In the first extensive media interview with Austrian public broadcaster ORF Daniel Domscheit-Berg appears as contradictory as ever. He admits to having deleted the keys to the documents -- which according to him were deleted by an unnamed other person or persons -- out of concern for source protection, even though he had offers from "10 to 15 individuals or organizations" who offered to take care of the data. When challenged, he added that he wanted to be on the safe side, as he could not be sure whether these potential recipients would make mistakes and expose a source.
At the same time, he reiterated that the documents he destroyed did not contain any significant information, while maintaining that only 80 to 90% of said documents were junk -- presumably. He also stated that he had not had the documents themselves in his possession, but only the keys.
Even though he does not specify who offered him assistance in handling the documents, it is safe to assume that for instance his media partners would have had an interest in surveying the material, as would have other news outlets who are perfectly capable of handling sensitive content. It would not have been difficult to make contact and find responsible journalists for this task.
Simultaneously, he promotes his own submission platform Openleaks, which would, once established, pass leaked documents on to media partners. Here, Domscheit-Berg does not seem to have any concerns about source protection and potential mistakes.
Five days after Daniel Domscheit-Berg claimed to have shredded data he "seized" from Wikileaks, he announced via Heise that he only destroyed the keys to the data, and was working on a report on the matter.
In the meantime, Wikileaks tweeted that these documents contained amongst others 5GB data from the Bank of America, internals of neo-nazi organizations, a copy of the US no fly list, 60,000 e mails from German far right party NDP, US intercept arrangements and videos of a major US atrocity in Afghanistan.
Wikileaks also reacted with an official statement, suggesting that Domscheit-Berg has contacts to US law enforcement and the secret service. Anke Domscheit-Berg, his wife, has denied having any such contacts.
According to N-TV Domscheit-Berg today confirmed that he uses the Wikileaks submission software, which he took along with the leaked documents, for his own Openleaks project.
The transparency movement has many vocal proponents. A recent event in the Wikileaks sagas proves that those who could be in the most effective position to strengthen it are only content to give it lip service.
Take Daniel Domscheit-Berg, for example. A former Wikileaks staffer, Domscheit-Berg had a very public and bitter falling-out with Wikileaks editor Julian Assange in September 2010 and has since cultivated the public role of pragmatist pitted against Assange’s flinty eccentric in a battle of archetypes.
Soon after his dismissal, Domscheit-Berg made it a personal signature to tirelessly use every publicity opportunity to disparage his former employer. He announced he would be starting a new rival whistleblower website – Openleaks – a supposedly sensible and measured alternative to his previous gig. A gossip-heavy and factually inconsistent book followed – Inside Wikileaks: My Time With Julian Assange At The World’s Most Dangerous Website, filled with the mundane details of Assange’s eating habits and dress sense. Additional details on Domscheit-Berg’s predilection for unappetizing quasi-meat dishes and general whining helped feed the internet meme machine for several months.
Nonetheless, some campaigners for transparency held their tongues amidst all this acrimony, consoling each other with Domscheit-Berg’s promise to launch Openleaks, which in theory could advance the cause for transparency as a complement to Wikileaks, which is perennially defending itself from legal and political attacks.
There was hope that the launch of Openleaks would relegate the emphasis on the interpersonal sniping to a mere footnote of history and provide a valuable addition to the effort to increase transparency amongst powerful organisations.
Well, there goes that hope.
Rough translation, apologies. Original at Der Spiegel
Former Wikileaks spokesman Daniel Domscheit-Berg claims to have destroyed more than 3,500 unpublished files that had been sent from unknown informants and are now apparently lost irrevocably. These are documents which were stored until the late summer of 2010 on the Wikileaks server and were taken by a group including Domscheit-Berg upon their leaving the organization. Domscheit-Berg has "in the last days shredded" the files "to ensure that the sources are not compromised," said Domscheit-Berg. He said WikiLeaks founder Julian Assange could not guarantee a safe handling of the material. In the data base was among other things, the so-called "no-fly list" of the U.S. government, on which the names of suspects were listed, which are prohibited from entering an aircraft. Assange said the material would also have insider information from 20 right-wing organizations. Domscheit-Berg would not confirm that. Assange had been asking him to return the data since early this year.
Previous WL Central coverage here.
Sat Aug 20 23:41:31 2011 GMT
Five days short of a year ago, on 25 August 2010, WikiLeaks suspended former employee "Daniel Domscheit-Berg". Over the last 11 months, we have tried to negotiate the return of various materials taken by Mr. Domscheit-Berg, including internal communications and over 3000 unpublished, private whistleblower communications to WikiLeaks. Mr. Domscheit-Berg has repeatedly attempted to blackmail WikiLeaks by threatening to make available, to forces that oppose WikiLeaks, these private communications and to which Mr. Domscheit-Berg is not a party. He has stated he will commit this action, should WikiLeaks move to charge him with sabotage or theft. Mr. Domscheit-Berg has refused to return the various materials he has stolen, saying he needs them, solely, to carry out this threat. Mr. Domscheit-Berg has already, secretly, and with malicious intent, disclosed portions of the private communications content to other parties, to the harm of WikiLeaks.
The negotiations have now been terminated by the mediator, Andy Müller-Maguhn, who has stated that he doubts Mr. Domscheit-Berg's integrity and claimed willingness to return the material and that under those circumstances Müller-Maguhn cannot meaningfully continue to mediate. In response, Mr. Domscheit-Berg has stated that he has, or is about to, destroy thousands of unpublished whistleblowers disclosures sent to WikiLeaks. The material is irreplaceable and includes substantial information on many issues of public importance, human rights abuses, mass telecommunications interception, banking and the planning of dozens of neo-nazi groups. Our sources have in some cases risked their lives or freedom attempting to convey these disclosures to WikiLeaks and to the public.
As a matter of policy and implementation WikiLeaks does not collect or retain source identifying information, so fortunately, source identities for this material are not significantly at risk.
Sat Aug 20 23:25:00 2011 GMT
WikiLeaks does not record or retain source identifying information, however the claimed destruction of documents entrusted to WikiLeaks between January 2010 and August 2010 demands the revelation of inside information so sources can make their own risk assessments.
Early in 2010, Daniel Domscheit-Berg, (then "Daniel Berg", "Daniel Schmitt") (born 1978), who was responsible for keeping selected WikiLeaks backups, met and entered into a relationship with Anke Domscheit-Berg (then, "Anke Domscheit") (born 1968) who described her job title as "Director Government Relations" for Microsoft, Germany.
DDB told me that ADB's role was to interface with the German government on behalf of Microsoft. He was proud that he had been to a party at the German ministry of the interior, as ADB's consort, and that ADB was on intimate terms with senior figures in the German government and bureaucracy.
DDB told me that he had moved into ADBs house in Berlin, without any counter-intelligence cover, going so far as to place his legal name on a street visible mail box and the interior door and that he would work from this location.
At this point WikiLeaks issued a policy directive that DDB not be permitted contact with source material.
ADB and DDB officially married within a few weeks and changed their surnames to "Domscheit-Berg".
DDB secretly, and in clear violation of WikiLeaks internal security directives, recorded internal WikiLeaks encrypted "chat" conversations. He initially publicly denied having done so, but attempted to place many of these recordings into his ghostwritten book, most of which were rejected by his publishers' lawyers as violations of german privacy law. Others he secretly conveyed to hostile media, such as Wired magazine, which had been involved in the arrest and persecution of US intelligence analyst Bradley Manning.
Today, Daniel Domscheit-Berg confirmed to Heise that he was planning to destroy the WikiLeaks documents he took with him when he left the organization. As we have reported, he had recently publicly denied that he took these documents.
According to Domscheit-Berg, WikiLeaks did not react fast enough when he removed the data in September 2010; he says first contact was made by the end of October. Andy Müller Maguhn recently stated that he had been trying to mediate and retrieve the data for eleven months - which would be September.
The time from August to October 2010 was very turbulent for WikiLeaks, as its editor in chief Julian Assange was fighting accusations of sexual misconduct in Sweden. He also had his luggage stolen when he traveled from Stockholm to Berlin. It did not facilitate proceedings that the WikiLeaks email system was taken down around this time.
The plans to destroy the WikiLeaks submissions are likely to cause outrage amongst the community. Domscheit-Berg invited the leakers to resubmit to a platform of their choice - a very unrealistic prospect, as they would likely have destroyed the documents after submission as they could be used as evidence against them.
As Andy Müller Maguhn pointed out, it will be difficult to take legal steps against these plans, because this would mean that WikiLeaks would have to describe the data involved.
The recent clash between Daniel Domscheit-Berg and the Chaos Computer Club brought an important matter back into the focus of the mainstream press, a larger number of leaked documents, which Domscheit-Berg took with him after he left Wikileaks almost one year ago.
Andy Müller Maguhn, a board member of the CCC had been trying to mediate between Domscheit-Berg and Wikileaks ever since. In a recent Spiegel interview, he says that Domscheit-Berg recently told him he would have to survey the documents one by one before returning them to Wikileaks, which implies he has these documents in his possession.
This is very much in accordance with what Domscheit-Berg said in his own book. When an excerpt of the English translation of his work was leaked to Cryptome, he insisted that they contained translation errors. He later posted the passage in question on a German news site in the original language.
This is the crucial sentence:
"Wir warten bis heute darauf, dass Julian die Sicherheit wiederherstellt, damit wir ihm auch das Material zurückgeben können, das auf der Submission-Plattform lag."
It translates to:
"To this day, we are waiting for Julian to restore security, so that we can return the material to him, which was on the submission platform." [Translated by icon]
Recently, however, and a few days before the launch of his own submission platform, he said exactly the opposite in an interview with Der Freitag:
"Q: Sie sind ja bei Wikileaks im Streit ausgestiegen. Haben Sie damals unveröffentlichte Dokumente mitgenommen, von denen Openleaks jetzt profitieren kann?
The recent controversy surrounding Openleaks and its founder Daniel Domscheit-Berg prompted us to have a closer look on the project. At first glance, the main media partner of the project appears to be TAZ, a well respected leftist publication, who granted Openleaks a subdomain during the initial test phase of the system. It can be accessed under https://leaks.taz.de/. There, one finds a brief outline of the project:
"Vom 11. bis 14. August 2011 bieten unter der Schirmherrschaft der deutschen Zeitung taz die tageszeitung, die deutsche Wochenzeitung Der Freitag, die portugisische Zeitung Expresso, die dänische Zeitung Information, sowie die NGO Foodwatch in Kooperation mit OpenLeaks diese öffentliche Plattform an. In dieser Zeit können Sie hier Dokumente hochladen, die im Anschluss durch die beteiligten Organisationen verarbeitet werden.
Ziel dieser Phase ist eine Sicherheitsüberprüfung des Systems während des Chaos Communication Camps 2011. "
It lists the media partners of the project and invites the public to submit documents, which will then be sent on to be processed by these media partners. It goes on to say: "The aim of this phase is to test the security of the system during the Chaos Communication Camp 2011".
To a reader, these statements appear strangely contradictory, as one is left wondering whether the public is indeed invited to submit genuine documents, or whether this is just a test run. In fact, as a brief search of older TAZ articles reveals, the present interface is merely an alpha version of Openleaks. In the light of these facts, the project would have been better advised to make it absolutely clear that the public should only submit test files.
Openleaks founder Daniel Domscheit-Berg has been expelled from the Chaos Computer Club on grounds of damaging the reputation of the club. Following a meeting of the board members, he was handed a written notice at the Chaos Communication Camp in Finowfurt. According § 5 of the club statutes, this decision is not final, as he can now request to be heard by the board of the club; its members can also ask for the topic to be discussed in a plenary meeting.
The reason given for this decision was that Domscheit-Berg had used the reputation of the CCC to promote his new online submission platform. During his talk, he asked the attendees to test Openleaks, but refused to release the full source code. The club states explicitly on its homepage that it does not perform such tests. Board member Andy Müller Maguhn subsequently described his conduct as "impertinent" (Spiegel interview, Nr. 33, page 81). Openleaks spokesperson Jan Michael Ihl later denied Domscheit-Berg had asked the CCC to test its submission platform. Insofar, only one review of Openleaks by CCCamp11 delegate Hanno Böck has been made public. It lists several SSL vulnerabilities.