Blackmail, Cryptome, Department of Defense, Encryption, Hackers, Hacking, Hillary Clinton, Leaks, State Department, Sweden, The Internet, The Pirate Bay, Wikileaks
The Pentagon is demanding that Wikileaks cease publishing and return immediately stolen US documents in its possession, hinting darkly at legal prosecution if the Internet news site does not comply. (Christian Science Monitor)
Of course, it is always possible that Julian Assange and his merry band of pranksters may be less than intimidated by an adversary so clueless that its first response to the theft and publication of Top Secret military documents is to issue a directive prohibiting its own personnel from gazing at the offending web site.
This is the “Close the barn door from the inside when the horse got out” approach to security breaches. [Wired]
Besides, Wikileaks has uploaded a password-protected file labeled “Insurance,” and believed to contain a massive collection of highly toxic State Department material, consisting of, according to a chat interview published by Wired:
260,000 classified U.S. diplomatic cables that Manning described as exposing “almost criminal political back dealings.”
“Hillary Clinton, and several thousand diplomats around the world are going to have a heart attack when they wake up one morning, and find an entire repository of classified foreign policy is available, in searchable format, to the public,” Manning wrote.
Wikileaks has arranged, in the event that the US Government succeeds in shutting down its web site, to have the password released via Cryptome.
6 August 2010. If there is a takedown of Wikileaks, the insurance.aes256 file will be available through Cryptome along with the entire files of the Wikileaks website which have been archived.
Even without Julian Assange’s blackmail threat, Some News Agency sees problems trying to stop Wikileaks legally.
[F]rom a legal standpoint, there is probably little the U.S. government can do to stop WikiLeaks from posting the files.
It is against federal law to knowingly and willfully disclose or transmit classified information. But Assange, an Australian who has no permanent address and travels frequently, is not a U.S. citizen.
Since Assange is a foreign citizen living in a foreign country, it’s not clear that U.S. law would apply, said Marc Zwillinger, a Washington lawyer and former federal cyber crimes prosecutor. He said prosecutors would have to figure out what crime to charge Assange with, and then face the daunting task of trying to indict him or persuade other authorities to extradite him.
It would be equally difficult, Zwillinger said, to effectively use an injunction to prevent access to the data.
“Could the U.S. get an injunction to force U.S. Internet providers to block traffic to and from WikiLeaks such that people couldn’t access the website?” Zwillinger said. “It’s an irrelevant question. There would be thousands of paths to get to it. So it wouldn’t really stop people from getting to the site. They would be pushing the legal envelope without any real benefit.”
And the technical approach is problematic, too.
WikiLeaks used state-of-the-art software requiring a sophisticated electronic sequence of numbers, called a 256-bit key [to protect its “Insurance” files].
The main way to break such an encrypted file is by what’s called a “brute force attack,” which means trying every possible key, or password, said Herbert Lin, a senior computer science and cryptology expert at the National Research Council of the National Academy of Sciences.
Unlike a regular six- or eight-character password that most people use every day, a 256-bit key would equal a 40 to 50 character password, he said.
If it takes 0.1 nanosecond to test one possible key and you had 100 billion computers to test the possible number variations, “it would take this massive array of computers 10 to the 56th power seconds — the number 1, followed by 56 zeros” to plow through all the possibilities, said Lin.
How long is that?
“The age of the universe is 10 to the 17th power seconds,” explained Lin. “We will wait a long time for the U.S. government or anyone else to decrypt that file by brute force.”
Could the NSA, which is known for its supercomputing and massive electronic eavesdropping abilities abroad, crack such an impregnable code?
It depends on how much time and effort they want to put into it, said James Bamford, who has written two books on the NSA.
The NSA has the largest collection of supercomputers in the world. And officials have known for some time that WikiLeaks has classified files in its possession.
The agency, he speculated, has probably been looking for a vulnerability or gap in the code, or a backdoor into the commercial encryption program protecting the file.
At the more extreme end, the NSA, the Pentagon and other U.S. government agencies — including the newly created Cyber Command — have probably reviewed options for using a cyber attack against the website, which could disrupt networks, files, electricity, and so on.
“This is the kind of thing that they are geared for,” said Bamford, “since this is the type of thing a terrorist organization might have — a website that has damaging information on it. They would want to break into it, see what’s there and then try to destroy it.”
The vast nature of the Internet, however, makes it essentially impossible to stop something, or take it down, once it has gone out over multiple servers.
In the end, U.S. officials will have to weigh whether a more aggressive response is worth the public outrage it would likely bring. Most experts predict that, despite the uproar, the government will probably do little other than bluster, and the documents will come out anyway.
Mikael Viborg, owner of PRQ hosting company at its server location
Were the Department of Defense, the NSA, or the FBI actually inclined to do anything about Wikileaks, NYM would be glad to help.
Be aware, however, that PRQ is associated with the notorious Swedish Bit Torrent file sharing hub The Pirate Bay.