loljulian

Wikileaks and The Unredacted Cables - Explained

Last year, when Wikileaks partnered with the Guardian, Julian uploaded a file to the Wikileaks.org server, it was an encrypted database of the entire cache of unredacted diplomatic cables. It was set up so the Guardian could download the entire batch, unredacted and have a look through them. Julian gave the password to David Leigh, who went off and downloaded the cache and all was fine, until Wikileaks and the Guardian fell out.

After the falling out, the Guardian published a book about their dealings with Wikileaks, which was heavily critical of Julian. Published in the book, as the heading for one of the chapters, was the password to the encrypted database of unredacted cables. David Leigh from the Guardian says he was told the file was only temporary, so no worries if the password was published. Wikileaks says they never told him anything of that sort and he had no reason to believe it was temporary, and therefore shouldn’t have published the password.

All at the same time, Daniel Domscheit-Berg and Julian’s relationship was falling apart. DDB was suspended from Wikileaks, he then left, but not before taking a copy of Wikileaks entire server, including the (unbeknownst to him) encrypted database of cables. Then after Cablegate began, several Wikileaks supporters mirrored Wikileaks’ website, so that in the case it ever went offline, there would be several mirrors of the site still available. What all these supporters didn’t know was their mirrored Wikileaks sites all contained the hidden files, since the site they mirrored (Wikileaks.org) contained it.

After discovering the hidden files, DDB and his OpenLeaks partners started talking publicly about how there were hidden files on the server, in an effort to discredit Julian’s ability to keep things secure. Although they didn’t disclose the exact location, talk of the hidden files grew. Since the password was public knowledge if you knew where to look to try and find it, it wasn’t long until it was obvious that who ever wanted to access the files very well could. With both the location and password for the encrypted files, it wouldn’t be a struggle to find and download the entire database.

Another website, called Cryptome, found and published the full batch of cables, as well as several others. As this all gained more and more attention, Wikileaks had no choice but to publicly acknowledge the breach. They took an unscientific poll on Twitter, asking their followers to tweet them with their opinions on whether to release the full batch of cables on Wikileaks.org. The response was an overwhelming “yes, release them”, and so they did, which really makes sense as they were already in the public domain due to the location and password being made public.

David Leigh criticised Wikileaks, saying that they should’ve simply changed the password on the hidden files. But you cannot change an encrypted password as you could, for example, change your Twitter account’s password. Once an encrypted torrent has been distributed, it will always exist. It’s like publishing a book, once it’s been published it can be altered and then republished, but the original version will still exist, unaltered.

Now, all of the diplomatic cables are online, unredacted. On Wikileaks.org, and several other websites.

You may want to have a look at this article from Der Spiegel. It explains it all quite well. This is another good article worth having a look at.

(via http://iamnotaslag.tumblr.com/)