The Guardian has now responded to Wikileaks' accusations. They state that they were told that the password was only temporary, and that the server from which the file was downloaded was only live for a few hours.
They also claim that the file was available on BitTorrent at some point.
This statement raises a valid point, namely how the files came to be posted on the web. Had their present location been controlled by Wikileaks, the file would have been removed by now. According to Spiegel (original), the file was posted online by "supporters", after it was handed back by Daniel Domscheit-Berg, who had seized the Wikileaks servers. According to Heise, he was asked to return the old Wikileaks website, which he did. The file in question must have been transferred along with it.
Please see our previous coverage for more information.
Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer
Who's at error here?
Folks:
It's been a long time since I posted here but I've been busy, what with two cyberwars, several insurrections (many of which are still ongoing) and a civil war that demanded my immediate attention.
This situation should have never happened. As a former computer programmer and security consultant I can tell you how I'd have handled things. First, I would have made 5 versions of the State Department Cables, one for each media partner. Each version would have contained a document identifying who the document was meant for. EACH VERSION WOULD HAVE HAD IT'S OWN PASSWORD! Immediately after receiving confirmation that the file had been delivered, I would have electronically shredded my copies.
This would have made it easier to identify a potential leak at it's source. A recipient could remove the identifier document and re-encrypted using the same password but, hey, no security system can survive ill will from an insider. We know this.
Wikileaks had no choice, under the circumstances, but to release the unredacted archives. Here's why.
Even the US State Department acknowledges the Wikileaks documents are authentic. If Wikileaks didn't release the unredacted documents anyone could insert ANY NAME THEY WANTED in the cable documents and used that false data to bring harm to anyone they chose. Now, any intelligence officer from any country can verify the data at it's source, Wikileaks.
Let's just hope the State Department did it's job and got folks out of harms way. They've had enough time.
tinker
Found this comment p
Found this comment posted on journalism.co.uk :
The Guardian could have checked their password on the files as in an
interview with the Guardian back in December of last year Assange said:
"The Cable Gate archive has been spread, along with significant material
from the US and other countries to over 100,000 people in encrypted
form. If something happens to us, the key parts will be released
automatically."
http://www.guardian.co.uk/world/blog/2010/dec/03/julian-assange-wikileaks
So much for David Leigh's claim that the Guardian wasn't to know the "files" were still online when he published his book. Perhaps he should have checked his own newspaper first?
_________
Comapny: linksys wireless router
You mean 4 versions...
...the New York Times was never invited, or not by Wikileaks anyway.
So, hey, individual "leak identifier" passwords would've been handy under the circumstances... ;)
Thanks for making the points that you have, though. Agreed.
Good point
Arbed:
Good point. If the Guardian had known that their file was watermarked in some way I think they would have taken at least some precautions to prevent it's mass distribution.
In the end though, the only real security system that works is one that resides with an individual and goes no further.
tinker
David Leigh may need to revise his statement a bit...
Found this comment posted on journalism.co.uk :
The Guardian could have checked their password on the files as in an
interview with the Guardian back in December of last year Assange said:
"The Cable Gate archive has been spread, along with significant material
from the US and other countries to over 100,000 people in encrypted
form. If something happens to us, the key parts will be released
automatically."
http://www.guardian.co.uk/world/blog/2010/dec/03/julian-assange-wikileaks
So much for David Leigh's claim that the Guardian wasn't to know the "files" were still online when he published his book. Perhaps he should have checked his own newspaper first?
Different file?
Assange may have been referring to the insurance file here, which has a different password.
Regardless, publishing a password under any circumstances is grossly irresponsible.
Nope, read carefully
The exact wording from Julian Assange's interview with the Guardian in December is:
"The Cable Gate archive has been spread... to over 100,000 people in encrypted form."
AFAIK, Assange has never specified the contents of the 'insurance file'. Now look at the DATE of the link again:
http://www.guardian.co.uk/world/blog/2010/dec/03/julian-assange-wikileaks
If I'm not mistaken David Leigh and James Ball just got caught out in a bare-faced lie:
http://www.guardian.co.uk/media/2011/sep/01/wikileaks-make-public-all-st...
...where they state "On 7 December, the day of his arrest, a huge file of WikiLeaks information was posted on the Pirate Bay filesharing site by one of his supporters."
Last night Wikileaks' Twitter called this article an "editorial disguised as news, by the litigation targets [note plural], undisclosed to the reader" and seemed most annoyed. Clearly, there may be some legal significance in this discrepancy - could someone please make sure @wikileaks is made aware of this comment? Thanks.
A video everyone should watch to the end
This is "Fear Inc.", and do not let anyone persuade you otherwise. The images and words imprinted on your mind determine your emotions and your actions.
http://www.youtube.com/watch?v=Xwvy31zAy08
Pass it on, please