Openleaks hints at Wikileaks vulnerability, endangers sources

According to Spiegel, a complete version of Cablegate has been available on the internet. This is their account of the story:

Julian Assange uploaded an encrypted archive containing Cablegate to the Wikileaks webserver, to share it with an associate, to whom he also gave the password. When Daniel Domscheit-Berg left the organization together with the Architect, he took the content of the webserver with him. He eventually returned the data a few weeks later.

At this point the narrative is not entirely clear. Spiegel goes on to say that supporters published the data on the web, along with the encrypted Cablegate file. Simultaneously, the associate published the password. The vulnerability remained unnoticed, until Openleaks staff pointed it out.

WL Central could not verify these claims. It is however clear that the vulnerability was first pointed out by Der Freitag, a media partner of Openleaks.

In a variety of aspects, this is a very strange story. First, it seems odd to use the main Wikileaks website for transfer of sensitive data. This could easily have been done by other means, in a more secure way. Next, one is left wondering how anyone could have overlooked a massive archive in a hidden subdirectory when setting up a website. Most striking is the fact that someone would be irresponsible enough to publish a password.

Openleaks staff must have known about this vulnerability for some time, but did not bother to reveal it to those in charge of the website, nor did their media partners. It is certainly right to report about it, but it should be done in a responsible manner, making sure the file is removed before this information is publicly available.

As it was the case with the shredding of unpublished submissions to Wikileaks, the timing of this story is the most telling aspect. It comes shortly after Daniel Domscheit-Berg had his CCC membership revoked. This time, the collateral damage did not only affect unpublished whistleblower documents, rather, the names of sources and informants contained in Cablegate have now been potentially exposed.

Be Sociable, Share!