Wikileaks encryption use offers ‘legal challenge’
Posted by Xeno on August 20, 2010
A novel use of encryption by whistle-blowing website Wikileaks could “challenge the legal system for years to come,” according to an influential observer of the hacking community.
Emmanuel Goldstein, editor of 2600 The Hacker Quarterly magazine, made his comments in reference to an encrypted file recently posted on the site.
Some suspect the file – as yet unopened – contains further sensitive material.
It has been reposted around the web and is available for anyone to download. So far, it has beeen downloaded 100,000 times.
“If you release it in encrypted form, nobody really knows if you’ve released it or not – or even what the material is,” Mr Goldstein told BBC News.
“Then, if something happens to you, all it takes is the revelation of a simple spoken phrase known by a select group of people and everyone who has this mystery file now has all of the secrets.”
Wikileaks recently published 76,000 secret US military logs detailing military actions in Afghanistan; an act the US authorities described as highly irresponsible.
The website now says it will release 15,000 further sensitive documents, once it has completed a review aimed at minimising the risk that the release could put people’s lives in danger.
The site came under criticism after it released the first tranche for endangering the lives of informants or others named in the documents.
The release of the logs has led many to wonder what action the US might take against Wikileaks.
Now it seems the site may be using encryption as insurance against legal and other threats to the information it holds.
The insurance.aes256 file has been posted alongside the already published leaked war logs and can be downloaded by anyone.
From the file name, it is believed that it has been encrypted using the AES256 algorithm – described as “extremely strong” by Professor Whitfield Diffie, of the Information Security Group at Royal Holloway University, London.
Prof Diffie believes that AES256, which he says has been “extensively studied” could prove too tough even for US intelligence agencies to break.
While no-one knows what the insurance file contains, this has not prevented the contents becoming a matter of considerable speculation.
Some suspect that the file contains a further leaked US military video, others that it is another tranche of US military logs – perhaps this time from Iraq. Or it could just be an imaginative bluff.
Even the name of the directory in which it is held – “straw-glass-and-bottle” – has prompted discussion and debate online. ..