2011-08-28 Openleaks hints at WikiLeaks vulnerability, endangers sources [UPDATE 4 + Clarification]

According to Spiegel, a complete version of Cablegate has been available on the internet. This is their account of the story:

Julian Assange uploaded an encrypted archive containing Cablegate to the Wikileaks webserver, to share it with an associate, to whom he also gave the password. When Daniel Domscheit-Berg left the organization together with the Architect, he took the content of the webserver with him. He eventually returned some of the data a few weeks later.

At this point the narrative is not entirely clear. Spiegel goes on to say that supporters published the data on the web, along with the encrypted Cablegate file. Simultaneously, the associate published the password. The vulnerability remained unnoticed, until Openleaks staff pointed it out.

WL Central could not verify these claims. It is however clear that the vulnerability was first pointed out by Der Freitag, a media partner of Openleaks.

In a variety of aspects, this is a very strange story. First, it seems odd to use the main Wikileaks website for transfer of sensitive data. This could easily have been done by other means, in a more secure way. Next, one is left wondering how anyone could have overlooked a massive archive in a hidden subdirectory when setting up a website. Most striking is the fact that someone would be irresponsible enough to publish a password.

Openleaks staff must have known about this vulnerability for some time, but did not bother to reveal it to those in charge of the website, nor did their media partners. It is certainly right to report about it, but it should be done in a responsible manner, making sure the file is removed before this information is publicly available.

As it was the case with the shredding of unpublished submissions to Wikileaks, the timing of this story is the most telling aspect. It comes shortly after Daniel Domscheit-Berg had his CCC membership revoked. This time, the collateral damage did not only affect unpublished whistleblower documents, rather, the names of sources and informants contained in Cablegate have now been potentially exposed.


Wikileaks have now responded: "Current story being spun about wild cables, including from Spiegel, is significantly incorrect."


The Spiegel article in question has now appeared in English translation. The versions do, however, differ significantly. According to the German original, the password was given to an associate. In the translated version, this has been corrected to external contact.


Wikileaks tweets the following: "WikiLeaks 'insurance' files have not been decrypted. All press are currently misreporting. There is an issue, but not that issue."


Wikileaks commented again: "There has been no 'leak at WikiLeaks'. The issue relates to a mainstream media partner and a malicious individual."


The Spiegel article says that data that was returned by Domscheit-Berg contained the cablegate file; the Heise article says that the content of the old Wikileaks website was returned by Domscheit-Berg; the Spiegel article says that the file appeared within an archived version of the website. Both stories are based on accounts by Domscheit-Berg or his associates. Thus, the version of the story which is spread by Domscheit-Berg suggests that the file would have been hidden in the website. Personally, I do not believe it is credible that Wikileaks would use their website for transfer of sensitive data. Hence I find this story strange.

I do not believe that Wikileaks used its main website for transfers. Rather, the version of the story which is currently being reported implies this.

hidden file

According to this report WL mirror sites were set up in early December 2010: http://boingboing.net/2010/12/03/wikileaks-blocked-bu.html

According to news reports the hidden file was uploaded to the WL server LAST summer! The WL website only links to an archive of previously published material! So how could there have been a link from the website to the cablefile MONTHS before the first cable was published? Remember DDB took the server in early October 2010 also BEFORE the start of "cablegate". Therefore we can only conclude that the website -AT ALL TIMES only linking to previously released material- had NO link to the hidden file! Most likely there was an extra encrypted cableset on the server with no conncection to the WL website that at least one person (the one who inexplainably disclosed the "old" password had access to.


As far as I understand the story, which has now appeared in Spiegel, the allegations are that JA used the main webserver to share an encrypted file in 2010, before Cablegate was published, and subsequently forgot about it.

re: hidden file

Exactly he used the WL webSERVER but not the WL-WEBSITE for outside access to the unredacted cableset!

This is the source

DDB confirmed to Heise that Wikileaks asked for the content of the website to be returned. DDB returned the content of the Wiki with the published documents. This is the data transfer in question.



The original German article does at no point claim that the cables were transferred via the WL WEBSITE! It only mentioned that they were allegedly uploaded to the WL SERVER. A server can contain many seperate files (or different copies of those files) and the article does NOT say that there was a link on the WL website that led to the hidden unredacted files!
PS: Remember that DDB took the WHOLE content of that WL server.


Two different things

The part about using the website for transfer was my interpretation, and I made this clear in the text - in the summary of the Spiegel article, I say, correctly, that JA uploaded it to the webserver.

I used the term "website" in the discussion, because the only data that was returned to Wikileaks was the old website, i.e. all the content in the MediaWiki that was publicly available before DDB and the Architect took the servers offline. Thus, the file containing Cablegate would have been part of this package.

This raises the question how it got there. If it was there all along, then it would have been placed there by JA to be transferred via the website. Personally, I would find this very odd, to say the least.

Too many people could have interfered with the data - also, because it was apparently not published by Wikileaks, but by unspecified "supporters".

Be careful

Be careful with ur interpretation! With ur speculation u put all blame on A/WL and not even DDB/OL did that - they suspected AMM from the CCC! Be aware that "Der Freitag" und "TAZ" are OL media partners and "Heise.de" seems to seems to favour OL while denouncing WL.
BTW What you are hinting at is that the hidden file was connected to the WL website and got distributed when the mirror sites were set up. I wouldn`t make that accusation without proof because it could hurt WL more then anything OL or their partners have said so far!

Read my previous coverage

Whether or not Heise may be leaning more towards Openleaks is irrelevant in this context. They quote DDB, and I refer to this quote. Moreover, I am very well aware of the OL media partners and have covered this topic.

I am not making any accusations. I write about something that has appeared in a very respectable news outlet; in my view, the story sounds very strange, and I am examining what it is about.

According to Spiegel, the file did *not* appear on an official WL website, but was published by supporters.

I am not suggesting that the file was transferred by JA via the main WL webserver. On the contrary, I am saying that the current version of the story would imply that, and that I don't believe he would have done that.

Lastly, my job here is not to twist facts or to advertise WL. I am covering the news. Should it turn out that WL made a mistake, I would say so. Insofar I don't think they did, as the entire story about the Cablegate archive does not sound realistic at all.

thanx for the clarification

Fair enough!

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer