Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Communications News Politics

WikiLeaks Publishes Cable Archive In Full 296

We recently discussed news that WikiLeaks had complained of a password leak which threatened the encryption of unredacted documents contained in the Cablegate archive. Now, reader solanum writes with this update: "According to the Guardian, 'WikiLeaks has published its full archive of 251,000 secret US diplomatic cables, without redactions, potentially exposing thousands of individuals named in the documents to detention, harm or putting their lives in danger. The move has been strongly condemned by the five previous media partners – the Guardian, New York Times, El Pais, Der Spiegel and Le Monde – who have worked with WikiLeaks publishing carefully selected and redacted documents.' In the same article The Guardian gives further explanation of the controversy reported earlier, suggesting that Assange went against standard protocol in providing the master password to the newspaper."
This discussion has been archived. No new comments can be posted.

WikiLeaks Publishes Cable Archive In Full

Comments Filter:
  • ...this could be interesting.
    • You know, where I come from we grab a beer and a bag of chips and get comfortable. Buckling up isn't comfortable. Looks silly too.

  • by Haedrian ( 1676506 ) on Friday September 02, 2011 @11:22AM (#37287644)

    The guardian password thing was a mistake. A big mistake.

    The solution however is NOT to go all in and betray the trust of the sources. This sort of thing is just what you'd need to kill Wikileaks forever.

    If it was due to a mistake, an accident or hacking, we might move on, but this is big stuff.

    • by Samantha Wright ( 1324923 ) on Friday September 02, 2011 @11:31AM (#37287746) Homepage Journal
      That's not it at all. The documents were already in enemy hands because the file was shared over BitTorrent. The password was already in enemy hands because the Guardian published it. All WikiLeaks is doing at this point is evening the playing field by letting those interested parties who didn't get a chance have an opportunity to dig through them. This mostly means the people without the resources to have put things together already—i.e., the informants at risk, whose names were redacted in the first place.
  • Re: (Score:2, Interesting)

    Comment removed based on user account deletion
    • Re: (Score:3, Interesting)

      by drolli ( 522659 )

      No. It means that hey want to cover up the fuckup which JA and *only* JA is responsible for to the media.

      He gave the password without specific instructions. He put the files somewhere where they don't belong (i think not mixing redacted and unredacted material would be a good principle) and did not inform the administrator that these are there. He lacked responsiveness in communicating with the responsible admistrator. He lacked openness to address the issue and take control of it of give the responsibility

      • You are so wrong over here.

        He gave the password to the Insurance file. That part was wrong. True. Not sure why he gave him that password, but that's his mistake.

        The files were ENCRYPTED and public. The idea was that if wikileaks was pulled down by the government, or shut down by the ISP or whatever - which was VERY probable, lots of people would have the files. Think of it as a guarantee. Its useless pulling down the site, because the data will still be there. Two factor authentication would be useless for

        • by drolli ( 522659 ) on Friday September 02, 2011 @12:32PM (#37288658) Journal

          No i am not. follow the full story and you get a different picture.

          a) Torrenting is just a very spectacular way to insure the existence of a document. Among all possible ways it is the least preferable. The preferred on involves copying the data on 50 DVDs and sending or giving these to the partner newspapers. The decision to use torrent in this way was the wrong one, no matter if you agree with it or not, since it only left one barrier (obtaining a not-so-high entropy password) for any interested party.

          b) the standard way to handle encrypted material is *not* to give pwds directly. The standard way is to hand over the key, which is protected by a passphrase, and give this passphrase separately. This was the standard procedure in the last company where i worked for something as mundane as .pk12 certificates for wlan clients, or ssh certificates.

          c) mixing the functions of being secured by the torrent and transmitting it to the journalist in a cool way was completely irresponsible. It was JAs decision to transmit key material for a secret document to this person. It was his decision alone. He did *not* communicate it to others, he did not ask for permission, and as far as i understood this was one of the points which made the conflict with DDB more severe. AFAIU JA always resisted rules inside WL to which he could be bound. But believe me, rules, even informal ones are a god thing. Rules like 'who can take money' 'who has access the servers' 'which persons share the key material in a way that only a majority of them can reconstruct the key'. But this would have pushed JA from a throne of a king to the chair of a leader.

          d) AFAIU the persons torrenting in a wave of unqualified paranoia were not aware that these documents are contained within the file they are torrenting since JA did not inform anybody on this. I take this point with a grain of salt, since it is DDBs interpretation, but the German Lawyer of WL only complained to DDB about htese severe claims and did not ask him for a "unterlassungserklaerung" (a legal binding document which you can use to stop somebody for making flase statements which harm you). This fact tells me DDBs story is essentially right.

    • The release of the whole batch means that any negotiation to avoid the worst criminal penalties for Assange and others has failed. These people know they are going to be seeing little but the cinderblock walls of a detention facility for many years. They're giving up.

      You may be right. But I would like to suggest another hypothesis.

      The release may instead mean that Assange and others believe even more strongly than they did before that they cannot be touched and see no reason to be reasonable any more. I think Assange is and has been crazy. I don't think he's rational. Given how the response to him has been fairly weak (he's not in jail and while I think he is due for a court date, he has a chance to beat the rap), I can understand how he might conclude that's he

    • by mmcuh ( 1088773 )
      Who would exact this punishment? From what I've read, releasing these documents would only be illegal under US law. And Assange is not in the US. Extraditions only happen when the act is criminal in both the source and destination countries.
  • by Anonymous Coward on Friday September 02, 2011 @11:22AM (#37287652)

    The Guardian essentially pretends now that Wikileaks have taken this decision and by doing so have placed a lot of people at risk.

    This deceit is evident several places in the article. That is the deceitful picture they are trying to paint.

    The truth is that all of the cables were already accessible to anyone who wanted that access worldwide, including intelligence agencies.

    You can argue about "blame": was the blame on Assange who apparently reused a password, on the Wikileaks people who spread that file around as a form of "insurance", or on the person from The Guardian who wrote what the password was in his book?

    But you can't argue that Wikileaks now has sole responsibility for placing people at risk. That responsibility is down to all the aforementioned participants.

    The exact division of blame can be argued about, but a picture that Wikileaks now places someone at risk that wasn't placed at risk earlier through joint efforts is monumentally deceitful.

    • And even the title of the Slashdot post is spinning. Everyone knew Wikileaks published this file, it was insurance if anything should happen to Julian. That Wikileaks re-used a known password for this file is bad security practices [tm], and that Guardian published the password is beyond belief.
      • by drolli ( 522659 )

        But WL is at fault for not following standard security practices like:

        a) dont use the same pwd twice

        b) dont mix the functions of systems in an uncontrolled way

        c) generate a key, secure it by a phrase (or by many), hand over the key and tell the phrase separately

        d) if you give sbd access, be explicit on what he should do and not do. I was often laughed at as a sysadmin for explaining where which things are stored and explaining explicitly if a pwd is critical, but that sby would not explain a non-technical p

    • I think that someone may have put a mole in the Guardian.

      It would be a perfect opportunity to make wikileaks look like a pack of pricks.

      And getting them shut down might just be important enough to risk a leak.

      I think wikileaks got screwed and is now just doing damage control.

      They were finished the minute the Guardian "accidentally" leaked the master password.

    • Re: (Score:2, Troll)

      by ScentCone ( 795499 )

      but a picture that Wikileaks now places someone at risk that wasn't placed at risk earlier through joint efforts is monumentally deceitful

      Nonsense. Before Assange and crew offered to help the original criminal move copies of all of that stolen data, the people named in those documents were less at risk. Assange acted to handle that data and make a big show of picking and choosing how and to whom he would dribble it out (to maximize his ego-boosting press coverage), but it was his group's actions that took one bumbling, screwed-up idiot's lame data-dump-theft and turned it into widely reachable collection that, of course, inevitably would be

      • Re: (Score:2, Interesting)

        by Baloroth ( 2370816 )

        This. Back when Wikileaks was actually redacting the documents, people praised them to high heaven and criticized anyone claiming that the documents could potentially cause harm. Now, we see that Wikileaks having those documents was in fact dangerous all along, and that there is damn good reason the government doesn't like them being handed to random people on the Internet, and prosecutes people who do. You might even say that this problem was one good reason the US government wanted Wikileaks shut down in

        • by epine ( 68316 ) on Friday September 02, 2011 @02:05PM (#37289818)

          Wow, this is not a topic which brings out the best thinking skills.

          There was a time in a galaxy near you when homosexuals were regarded as inherently criminal, due to the prominence of newspaper headlines that read "Homosexual man slays ..." compared to the shocking dearth of headlines reading "Straight man slays ..."

          Some of the headlines read "Hell's Angel slays ..." but somehow our bucket brains don't make the daring inference to file this headline also under the bucket "straight man slays ..." leading to the conclusion that there are a lot of gay killers prowling the neighbourhood.

          But wait, just in, the human bucket brain sometimes makes errors of judgement:
          Murder charges may unfairly tarnish military's reputation [theglobeandmail.com]

          We all know about the Streisand effect, I suppose because it's the simplest effect to understand, and takes the least effort to invoke: the fact of its mention in loud conversation makes it true--can't get any less risky than that.

          How about the Turing effect? Now pay attention, this one is more difficult. Take a society that is so hung up on mother nature connecting positive to negative (and not any other way) that it conducts criminal proceedings against a war hero for what I would describe as a victimless crime (as compared to drinking and driving, or failing to abide by food safety regulations). Where was Winston Tippler Churchill when Turing needed a strong character reference? There's a crime for you, in my opinion. As a result of the criminal proceeding--in which no one mentions that Turing contributed more to the war effect than any ace fighter pilot--Turing is forced to undergo therapy which causes him to grow breasts (not cruel, not unusual) and then he kills himself. Why does no one who knows anything come to his defense? Well, we've got these secrets, you see, and it's better if no one knows anything. In fact, it's policy. Makes the world a better place.

          I would venture to guess this did not bring out the best side of human nature in the homosexual population who skulked around feeling paranoid, ostracized, and excluded lest they become the unwitting center of attention in a pagan ritual of social uptightness. And furthermore, the morally uptight consist entirely of law-abiding do-gooders who would never threaten pagan outcomes in acts of social extortion.

          If you're inside the intelligence establishment, this is all pretty cool. By applying the right kind of pressure, your target might just self-destruct in a puddle of stress and paranoia and improbable denials. Even by that standard, I'm coming around to the opinion that Assange is an asshole. He was assisted in arriving at this place by other assholes, who will forever remain dark shadows where the secrets lurk.

          Turing took the honorable way out. He was persecuted by the state, none of his friends showed up to defend him, he grew breasts, then killed himself. He never passed a single secret to Julian Assange. Just like the witch tossed into the river who drowns in a way that proves she wasn't a witch in the first place.

          But what if some future Alan Turing takes the growing of breasts the wrong way and slips an embarrassing state secret or two to the likes of Julian Assange?

          Two options for the intelligence establishment:
          A) Admit that persecuting a war hero for a victimless deviancy was pretty fucking stupid.
          B) Double down on the need for secrecy and the portrayal of anyone who favours a system of checks and balances as suffering from moral turpitude (coming right up, on the silver platter of the bell hop of dirty tricks).

          These geniuses of deceit have trouble with option A. Funny that. But think about it from their side: the Soviets might try to extort Turing into cooperation by threatening to spill his deviant acts to a socie

    • Maybe I'm missing something - but if Wikileaks didn't exist in the 1st place, then we wouldn't have this problem. So ultimately they blame goes back to them because they took the 1st step in even compiling and distributing the documents.

      Sure, someone else may or may not have done same eventually... but we're talking about the current problem here, the way it actually happened.

      It's all on Wilkileaks for doing what they did in the 1st place.

    • by sustik ( 90111 )

      Well put.

      The only fully verifiable fact is that the Guardian is attempting to deceive. That is the number one lesson I took away from the whole story.

      On a side note. Someone mentioned that journalists may not understand passwords, GPG, bittorent etc. Well, today's journalists need to understand these concepts to perform their jobs. They also need to have at least an above average understanding of smartphones, the related privacy issues, firewalls, proxies, twitter etc.

  • According to the article, the full set of cables was released in a encrypted form in December 2010, and The Guardian released the password in a book in February 2011. I guess from that point of view, the cat was already out of the bag.

    I guess to anyone who's directly interested in endangering the sources and/or identified parties put two and two together back then, so this may be of little impact from that aspect. Perhaps WikiLeaks was trying to give the impression that they're still in control before ev
  • ... expect to get burned. What will be fascinating to me is to see if the editors who were complicit in working with Assange won't also suffer criminal penalties. Probably they'll get away unscathed, but their efforts were not helpful.
  • Wikileaks made the encrypted archive available long ago so shouldn't the headline here point out the newer and more interesting bit - that the Guardian released the key after signing an agreement not to?

  • by Halo1 ( 136547 ) on Friday September 02, 2011 @11:38AM (#37287852)

    First the Guardian published the master password for the cables.csv file, which made all those names of informants and what not publicly available. Now that Wikileaks is also making the same information available that the Guardian first made public to everyone, the Guardian is trying to paint this disclosure of information as an irresponsible move by Wikileaks.

    The only thing you can blame Wikileaks for, afaik, is to make that same information available via a search interface (besides the fact that they gave the real password to the Guardian). But it's not like people who had really bad intentions for uses of that information couldn't set something like that up themselves (and probably already did), which I assume is what motivated them to do this.

    • by abulafia ( 7826 )

      Well, no, not exactly. The Guardian published the password. Wikileaks failed to secure the encrypted payload. They both had to fail for the security breach to have happened. Irresponsibility is shared there, and as best I can tell, Julian is embarrassed and attempting to salvage ego with a dumb "I meant to do that" sort of maneuver.

      The Guardian is being a bit silly in complaining now, after the data is already out there - anyone with an interest has already found a torrent.

      But really, the whole thing is si

      • by blueg3 ( 192743 )

        given that the cables were available very widely to (as I understand it) millions of US folks already. I simply don't believe that documents shared with 7 figures of people, security cleared or no, don't find their way to people who have an interest in such things.

        You can't actually get access to those documents solely by virtue of having Secret or Top Secret clearance.

    • by phayes ( 202222 )

      You're forgetting to blame Assange's:
      Negligent stupidity in releasing the data dump to the guardian with a "cute" & supposedly time limited password & then to torrent with the same password.
      Outrageous hypocrisy in exposing the secrets of others while expecting his own to remain secret.

      He cannot escape guilt by saying "I was just following orders" -- he gave the orders.

      • by Halo1 ( 136547 )

        You're forgetting to blame Assange's:
        Negligent stupidity in releasing the data dump to the guardian with a "cute" & supposedly time limited password & then to torrent with the same password.

        Well, yes, that's what I mean with "besides the fact that they gave the real password to the Guardian".

    • You can also blame Wikileaks for trusting the Guardian with that information in the first place.

      You don't give away the key to the henhouse, period.

      How could wikileaks have been sure that the Guardian didn't have a mole in it?

    • >The only thing you can blame Wikileaks

      How about that they know fuck-all of propery using crypto? It blows my mind that such an incompetent organization is in charge of such valuable information.

      Anyone who knows shit about dealing with information knows that journalists are extremely tech unsavy and not giving them their own archive and hand holding when it comes to passwords, crypto, etc.

      Assange saved 5 minutes and fucked this up. Sorry, but you need to learn the basics of how to deal with people, non-

      • Anyone who knows shit about dealing with information knows that journalists are extremely tech unsavy and not giving them their own archive and hand holding when it comes to passwords, crypto, etc.

        GPG/PGP aren't hard to use. If that was going to stymie a journalist from participating, then good, they weren't smart enough to be in this particular club. After all, if they're that dumb they might just go and publish their own password... oh, wait.

        P.S. - 'time limited password' on a static file? Either Assan

        • by Raenex ( 947668 )

          This post will self-destruct 30 seconds after you read it.

        • How about changing the password on the file, from "THESAMEONEIUSEDEVERYWHERE" to "UniquePasswordforAGuardianJournalistWhoIThinkIsABumblingBoob-111222333444555666###!!!&&&$$$"?

          Wouldn't stop people from getting the data if they got ahold of the Guardian's copy of the file, and the Guardian's password... but the GUARDIAN would be to blame for the leak in its entirety, as they would have to allow others to get their copy of the data, AND the password - not just "somebody let a password slip, and the

          • It was only the password on the Guardian's file. Unfortunately that file got distributed. See the Der Speigel article.

  • What are the odds on Assange living long enough to publish documents detailing the plan to take him out?
    • Odds are very good actually. He will be sitting inside a impenetrable maximum security cell for a long time to come, and no doubt be given good medical care from prison doctors.
  • by DarthVain ( 724186 ) on Friday September 02, 2011 @01:01PM (#37289030)

    Everything goes somewhere, and I go everywhere.

    There is no news. There is only the truth of the signal. What I see. And, there's the puppet theater the Parliament jesters foist on the somnambulant public.

     

  • As is oft stated here, information wants to be free.

    If you are a leaker, you have to assume that ANYTHING you send to someone electronically will be published to the entire population of the planet. That is, after all, why you want to leak something - to make it public.

    What this episode has shown is that potential leakers CANNOT trust any organization to do redacting, they must do that before hand if the feel it is needed. It's not like you could trust them anyway, as you never know who really backs any o

  • Did anyone seriously think that the complete unredacted cables wouldn't end up getting loose once this dance started way back in November 2010?

    (If so, maybe you think all the campaign promises you'll hear in the 2012 election are highly reliable.)

    You can blame or hail anyone you like for this. But when something like this gets this much coverage and publicity, it's an excellent bet that full info will be leaked by someone.

If all else fails, lower your standards.

Working...