On WikiLeaks Methods and Motivations

Recently, the WikiLeaks Task Force tweeted something quite inflammatory:

We are thinking of making an online database with all "verified" twitter accounts & their family/job/financial/housing relationships.

In other words, that it was determined to create and publish a database of personal interconnections between verified Twitter users. This database would include information about finances, family connections, cohabitation, jobs and so forth.

This statement has, at the very least, sparked outrage.

Let's look at this statement from two points of view: (1) that WikiLeaks made the statement , and (2) that someone else made the statement and wants us to think WikiLeaks said it.

(1) WikiLeaks made the statement

That, on the face of it, would be galling.

I ask you here, honestly: does everything have to be public?

I can understand Facebook and why they would want to collect their user graph. They protect their users' privacy (although that's far more nebulous, even given their periodic missives, famous missteps, and explanations of policy).

But let's look at the author of the tweet: WikiLeaks. This sounds more like a sinister plot to me. Let's address the main reason for this.

What's all this about WikiLeaks working with the Russians?

Though WikiLeaks may never have dealt directly with the Russian intelligence services, they certainly had to know that release of the data played right into the Russians' hands. It seems pretty clear, given the timing of the release of the Podesta emails, that WikiLeaks understands perfectly the consequences of their actions.

In fact, WikiLeaks' sensitive data releases almost always damage the west and leave Russia unscathed. A visit to the wlstorage.net torrent repository shows us specifically who they target. There are very few Russia-related information troves.

If they released a trove of data on the Russians, it seems clear to me that Assange and many others at WikiLeaks would find themselves sipping Polonium-210-laced tea like that ill-fated ex-KGB whistleblower Alexander Litvinenko. Bad press for the Kremlin (in his case, looking into the assassination of Russian journalist Anna Politkovskaya) is generally punished by death in Russia. Dig too deeply and you'll discover, much to your chagrin, that it's your own grave you have dug.

WikiLeaks denies they received the leaked emails from the Russians. The US claims they know the go-betweens that prove Putin ordered the operation.

Let's just say for a moment that WikiLeaks are enemies of the west. Then this is completely consistent with publishing a database of who is related to who, what their jobs are, how much they make, and where they live. This process, called doxing enables people and organizations with malicious intent to get handles on people they want to attack. If this were true, the database WikiLeaks apparently would want to publish is, in fact, an analog of the human flesh search engine.

This kind of data would be of immense use to the Russian intelligence services, such as the FSB. So it certainly seems plausible to me that WikiLeaks was behind the tweet. But what about the other possibility?

(2) Someone else made the statement and wants us to think WikiLeaks said it

Did they even say it? It was tweeted by the WikiLeaksTaskForce, the Official WikiLeaks support account. It is explicitly intended to "correct misinformation about WikiLeaks".

Very soon after the original tweet, which has since been deleted, WikiLeaks itself tweeted the following:

Media note: @WikiLeaks is the only official account of WikiLeaks. No other accounts are authorized to make statements on @wikileaks behalf.

So the narrative might be that some troll joined (or hacked into) WikiLeaksTaskForce and posted the tweet to spread false information.

Its not unlikely at all that someone would want to discredit WikiLeaks. After all, their business is to enable whistleblowers by providing foolproof ways to release sensitive information. So anyone that has been damaged (or may be damaged) certainly has the motivation to discredit WikiLeaks. This is a big list of people, like John Kerry, Hillary Clinton, and organizations, like Bank of America, the American Intelligence community, and so on.

Tom properly discredit WikiLeaks, they would plausibly possess the means to accomplish the database in question. To assess that, we must first know exactly how WikiLeaks works.

How does WikiLeaks work?

Their primary modus operandi, I believe, must generally be given by the following steps:

• accept large corpora of whistleblower information
• put it onto an air-gapped network
• strip it of all attribution, which entails editing it
• separate it into bins of sensitivity
• encrypt and encapsulate (using BitTorrent) the bins for transport
• upload the information on wlstorage.net
• get other sites to mirror the information
• periodically release keys for the purpose of disseminating the information a bit at a time

They would use an air-gapped network to prevent anyone from hacking into them, which is definitely possible. They would want to isolate the sensitive data to completely control what is done with it and where it goes.

The stripping of all attribution information, including email headers and telltale references is done to protect their sources. This may involve redaction of information that can hurt innocent parties. But also look at this on the face of it: they are intimately acquainted with the forensics of data present in email headers.

They have admitted that they separate the data into bins of sensitivity so they can control the impact of the releases. After all, the idea that some information is more sensitive than others is a natural consequence of the information itself. But they might also want to keep the most inflammatory information as a deadman switch. Such information can be released if Assange is killed, for instance. This was demonstrated recently when, in October 2016, Ecuador cut off Julian Assange's Internet access. Soon thereafter, WikiLeaks tweeted hashes to various troves of information, aimed at John Kerry, Ecuador, and the UK FCO. So it's a virtual certainty that Assange has deadman switches.

Their favorite method of leak data storage is by encrypted, encapsulated databases, posted as a single file. This is so they can withhold the release of the data, processed using AES 256-bit encryption, until a later date, without withholding the data itself. Often, the files are hundreds of gigabytes in size, so they use BitTorrent as their transport. The file names often contain the word "insurance". This also corroborates the theory that the files constitute a deadman switch: if Assange or another key-holding WikiLeaks person is killed, then keys may be released by the others in retribution.

After the data is packaged, it is then uploaded to wlstorage.net, a storage site run by WikiLeaks that promotes mirroring. Unfortunately, from time to time, this data has often included malware which gets cleaned up, generally as soon as it is discovered.

Once there, any number of sites mirror the WikiLeaks databases. This includes CableDrum, and many other sites. This measure of redundancy prevents any single site from simply being destroyed to prevent the sensitive information from being released.

When WikiLeaks releases a trove of information, they simply need to release the AES 256-bit (64 hex digit) key. This allows anybody having access to any of the mirror sites to decrypt the information and begin the process of data mining it. Usually this means the press.

How does WikiLeaks modus operandi make the tweet more plausible, specifically?

First, because WikiLeaks is known to accept large corpora of hacked data, who says they haven't been able to get ahold of the verified Twitter database? If it's not plausible, then this tweet is a call to arms for the many hackers out there who need the cred that would stem from such a successful attack.

Second, because WikiLeaks is adept at stripping attribution information from email, metadata from photographs, wrappers from tweets, and other media, they are the perfect institution to be able to make use of that attribution information, symmetrically, to work against the "system".

Third, knowledge of encryption and the limits of its usefulness means they must also be knowledgeable about decrypting and cracking such information. They have a milieu of hackers that they are in regular contact with, certainly. They are trusted by hackers because it is WikiLeaks specific mission to protect them. They need to know what can and can't be cracked so they can keep their publicly available information troves secret from the most capable intelligence agencies in the world.

How does the tweet discredit WikiLeaks, specifically?

The ghastly specter of Big Brother looms over the tweet, that some clandestine organization is gathering information on all of us. This makes WikiLeaks the new NSA, the new GCHQ. Which makes those two organizations the ones most likely to discredit Assange.

Do they really need discrediting?

Currently their leader Julian Assange had been holed up in the Ecuadorean Embassy in London for 4 years and 7 months. This is because he has been granted asylum by Ecuador. Assange suspects that he will be extradited to the US to face charges under the Espionage Act of 1917. This could net him 45 years in a supermax prison, and potentially the death penalty.

Assange is also wanted for "lesser degree rape" in Sweden, a charge that will not expire until 2020.

The NSA has labelled WikiLeaks as a "malicious foreign actor".

Transparency: the Way of the Future?

Is full transparency in government a good thing?

Disruption

I believe the ascendence of wikipedia.org as a collaborative knowledge base has had a significant positive effect on the general access to knowledge. But it has also had a significant negative effect on existing encyclopedias. Recently, the venerable Encyclopedia Brittanica announced their final print edition. Really, it is no great surprise that an online knowledge base can be disruptive in this way. This is really quite similar to the disruption of printed news media (such as newspapers) by online new sources. But there are other ways that wikis can disrupt.

Wikileaks

The concept of a wiki is a compendium of material with contributions from several authors. There is a specific wiki called wikileaks.org that amasses secret material and publishes it, run by Julian Assange and his associates. The contributors are whistleblowers everywhere. Many of the contributions are centered on the secret doings of governments.

The interest in such wikis is fed by the conspiracy theorist and the popularization of the idea that governments are bad. That they are doing bad things. But weighing individual privacy against the common security is not a simple black-and-white issue.

That being said, I do believe that governments should not act unchecked. Doing evil "in the national interest" is wrong.

Wikileaks has the potential of disrupting a government's ability to operate. Perhaps they believe they can level the playing field between governments by rendering every government transparent. Perhaps they naïvely believe they are only seeking the truth. Unfortunately, they have done little to render Russia transparent, or Iran, or North Korea. Or even China. They have primarily been concentrating on the United States. Indeed, in some countries, if journalists attempt to render those countries transparent they will simply be murdered. Witness, for example, the purported state-supported murders of Anna Politovskaya and Alexander Litvinenko. Some countries simply have a history of dissuading whistleblowers by making sad examples of them.

It is doubtful wikileaks has the balls to assail any of these countries.

What this has done is to make it less possible for the United States (and some other target countries) to operate in the diplomatic arena, and consequently it lends a strong an advantage to their competitors. This is inevitable. And the trend is to only publish material from countries that are relatively easily penetrated: free countries. This disadvantage is coming soon to your country.

Competition between countries is not just political, or concerned with human rights. It also is about economic prevalence. Countries such as Russia, with its oil and natural gas pipeline that nearly controls Europe economically, and China, with its control over cheaply-made electronics (due to their singular labor policies compared with other countries) and its near-monopoly on rare earth elements, owes its prosperity to the influx of currency from other countries. It is a strong motivation these days: perhaps the only motivation that actually counts to China.

Transparency is not good for negotiation. Without it, countries can operate in secret. Keeping their agenda secret while they strive to achieve their goals is actually key to success. A level playing field would make things better for negotiation. Ironically, the playing field is being made less level by wikileaks.

The kind of transparency that wikileaks.org offers is total transparency. They constantly work to reveal everything they can: entire full sets of diplomatic dispatches, even full sets of military communiques. This will naturally reveal plenty of stuff that could be necessary for a country's economic survival.

Indeed, it would be to a competitor's advantage to extract such information and provide it to wikileaks. Whether this has actually happened is something I can't really verify, because wikileaks scrupulously seeks to anonymize the information, scrubbing away email MIME headers (so you can't be sure the emails were genuine in the first place!), zeroing empty blocks, and redacting content that could reveal their source.

If the publishing of the information is a crime, then they are accomplices and co-conspirators. But how do you prove that the information is true? You can't. They have scrubbed away all that can be used to prove it true. And if you independently verify one piece of information, can you trust the rest if you can't say where it actually came from? I doubt that wikileaks even knows whether the information they post is true or not. They may not even know for certain where it came from. Which makes the publishing of the information an incredibly questionable activity.

Wikileaks has also revealed information about companies as well, such as Bank of America. I am sure it would love to reveal information about people as well.

So, when Julian Assange commits a sexually predatory act in Sweden, for instance, he should be glad that such things can be transparent. And he should be glad to participate in a transparent legal process there, right? No. He is a hypocrite. It's OK to reveal other people's secrets. But when his secrets get revealed, then he objects! And fails to own his actions.

Hacktivism

Hacktivism, hacking for the purposes of vigilante social justice, has been on the rise. The Anonymous group is famous for hacking in retaliation for the removal of credit card support in wikileaks. Really, anything they set their collective minds to, if they think it represents an injustice, is cause for a retaliatory hack. This makes them judge, jury, and executioner for their brand of justice.

Many of the Anonymous crowd also perpetrate hacks that simply reveal lists of credit card numbers and email accounts and passwords. Don't they know that the rogue and state-supported Chinese and Eastern European hack squads are going to exploit these? They disrupt businesses like Sony's Playstation accounts. These acts are essentially criminal acts. And if they aren't criminal acts, they almost certainly lead to them.

In some ways, hacktivism can also produce effects that may be useful, such as making us aware that we should change our passwords. But these are secondary, reactive effects, and not the ones that they were seeking to accomplish. Not by a long shot.

Really, such lawless acts are indefensible. In this day and age where so much is constantly being attacked by Chinese hack squads, why don't these hackers join the good guys and help to build better defenses against the barrage of cyberattacks? There is a real need, and they have the talent. Please, Anonymous, step forwards and help. And I'm not talking about defacing Chinese government web sites.

Perhaps the FBI will have to bust these hackers and conscript them, like they did Sabu.

Either way, we need to get organized to fight cyberattacks and cyberterrorism.

Even if laws could keep up with technology, there are still Chinese state-supported hack squads to deal with. Maybe wikileaks will try to keep them accountable. Sure.

The Moral

Those interested in transparency and who are eager to reveal things must own their actions and practice what they preach. An anonymous hack is an asymmetric form of warfare. Not exactly transparent, is it?