Authors: Luke Harding,David Leigh
Those on his mailing list soon learned more detail. John Young, of the Cryptome intelligence-material site, was one of those asked (unsuccessfully) to “front” a new WikiLeaks organisation. Secrecy was built in, including the avoidance of the secret word itself: “This is a restricted internal development mailing list for w-i-k-i-l-e-a-k-s-.-o-r-g. Please do not mention that word directly in these discussions; refer instead to ‘WL’.” On 9 December 2006, an email signed “WL” also arrived out of the blue for Daniel Ellsberg, the whistleblower of Vietnam war renown. Assange boldly invited Ellsberg to become the public face of a project “to place a new star in the firmament of man”. Governance “by conspiracy and fear” depended on concealment, Assange wrote. “We have come to the conclusion that fomenting a worldwide movement of mass leaking is the most cost effective political intervention.” Ellsberg, who eventually became an enthusiastic supporter, originally feared it was “a very naive venture, to think that they can really get away with it”.
In the new year, Assange went public for the first time. Canada’s CBC News was one of the few who reported the news:
“Deep Throat may be moving to a new address – online. A new website that will use Wikipedia’s open-editing format is hoping to become a place where whistleblowers can post documents without fear of being traced. WikiLeaks, according to the group’s website, will be ‘an uncensorable version of Wikipedia for untraceable mass document leaking and analysis. Our primary interests are oppressive regimes in Asia, the former Soviet bloc,
sub-Saharan Africa and the Middle East, but we also expect to be of assistance to those in the west who wish to reveal unethical behaviour in their own governments and corporations,’ the group said.”
Most of the mainstream media (MSM), however, paid very little attention to this news. For hackers, who had long lamented the inadequacies of the MSM, that came as no surprise.
Annual congress of the Chaos Computer Club,
Alexanderplatz, Berlin
December 2007
“
How do you reveal things about powerful people without getting your arse kicked?
”
B
EN
L
AURIE, ENCRYPTION EXPERT
Julian Assange can be seen on the conference video giving an enthusiastic raised-fist salute. Alongside him stands a thin, intense-looking figure. This is the German programmer Daniel Domscheit-Berg, who has just met Assange at the 24th Chaos Communication Congress, the European hackers’ gathering, and is about to become a key lieutenant. Domscheit-Berg eventually gave up his full-time job with US computer giant EDS, and devoted himself to perfecting WikiLeaks’ technical architecture, adopting the underground nom de guerre “Daniel Schmitt”.
Domscheit-Berg’s friendship with Assange was to end in bitter recriminations, but the relationship marked a key step in the Australian hacker’s emergence from the chrysalis of his Melbourne student milieu. “I heard about WikiLeaks in late 2007 from a couple of friends,” says Domscheit-Berg. “I started reading about
it a bit more. I started to understand the value of such a project to society.”
The Chaos Computer Club is one of the biggest and oldest hacker groups in the world. One of its co-founders in 1981 was the visionary hacker Herwart “Wau” Holland-Moritz, whose friends set up the Wau Holland Foundation after his death. This charity was to become a crucial channel to receive worldwide WikiLeaks donations. Chaos Computer Club members at the Berlin congress such as Domscheit-Berg, along with his Dutch hacker colleague Rop Gonggrijp, had mature talents that proved to be crucial to the development of Assange’s guerrilla project. (Assange himself nevertheless later tried to reject the hacker label. He told an Oxford conference that “hacking” has now come to be regarded as an activity “mostly deployed by the Russian mafia in order to steal your grandmother’s bank accounts. So this phrase is not as nice as it used to be.”)
Domscheit-Berg was fired up with social idealism, and preached the hacker mantra that information should be free: “What attitude do you have to society?” he would later exhort. “Do you look at what there is and do you accept that as god-given, or do you see society as something where you identify a problem and then you find a creative solution? … Are you a spectator or are you actively participating in society?” He and Assange wanted to develop physical havens for WikiLeaks’ servers across the globe. Domscheit-Berg whipped up his fellow hackers at Berlin, urging them to identify countries which could be used as WikiLeaks bases:
“A lot of the countries in today’s world do not have really strong laws for the media any more. But a few countries, like for instance Belgium, the US with the first amendment, and especially for example Sweden, have very strong laws protecting the media and the work of investigative or general journalists. So … if there are any Swedes here, you have to make sure your country [remains] one of the strongholds of freedom of information.”
Sweden did eventually become the leakers’ safe haven – ironically, in view of all Assange’s subsequent trouble with Swedish manners and morals. The hackers in Berlin had links to the renegade Swedish file-sharing site The Pirate Bay. And from there the trail led to a web-hosting company called PRQ, which went on to provide WikiLeaks with an external face. The bearded owner of the internet service provider (ISP), Mikael Viborg, was later to demonstrate his operation, located in an inconspicuous basement in a Stockholm suburb, on Swedish TV. “At first they wanted to tunnel traffic through us to bypass bans in places where they don’t like WikiLeaks.” he says. “But later they put a server here.”
PRQ offers its customers secrecy. They say their systems prevent anyone eavesdropping on chat pages, or finding out who sent what to whom.
“We provide anonymity services, VPN [virtual private network] tunnels. A client connects to our server and downloads information. If anyone at the information’s source tries to trace them, they can only get to us – and we don’t disclose who was using that IP [internet protocol] number. We accept anything that is legal under Swedish law, regardless of how objectionable it is. We don’t make moral judgments.”
This uncompromising attitude appealed to Domscheit-Berg: “PRQ has a track record of being the hardest ISP you can find in the world. There’s just no one that bothers less about lawyers harassing them about content they’re hosting.”
WikiLeaks’ own laptops all have military-grade encryption: if seized, the data on them cannot be read, even directly off the disk. The volunteer WikiLeaks hacker, Seattle-based Jacob Appelbaum, boasts that he will destroy any laptop that has been let out of his sight, for fear that it might have been bugged. None of the team worries deeply about the consequences of losing a computer, though, because the lines of code to control the site are stored on remote computers under their control –
“in the cloud” – and the passwords they need for access are in their heads.
Popular for day-by-day in-house conversations is the internet phone service Skype, which also uses encryption. Because it was developed in Sweden rather than the US, the team trusts it not to have a “back door” through which the US National Security Agency can peer in on their discussions.
As its name suggests, WikiLeaks began as a “wiki” – a user-editable site (which has sometimes led to confusion with the user-editable Wikipedia; there is no association). But Assange and his colleagues rapidly found that the content and need to remove dangerous or incriminating information made such a model impractical. Assange would come to revise his belief that online “citizen journalists” in their thousands would be prepared to scrutinise posted documents and discover whether they were genuine or not.
But while the “wiki” elements have been abandoned, a structure to enable anonymous submissions of leaked documents remains at the heart of the WikiLeaks idea. British encryption expert Ben Laurie was another who assisted. Laurie, a former mathematician who lives in west London and among other things rents out bomb-proof bunkers to house commercial internet servers, says when Assange first proposed his scheme for “an open-source, democratic intelligence agency”, he thought it was “all hot air”. But soon he was persuaded, became enthusiastic and advised on encryption. “This is an interesting technical problem: how do you reveal things about powerful people without getting your arse kicked?”
As it now stands, WikiLeaks claims to be uncensorable and untraceable. Documents can be leaked on a massive scale in a way which “combines the protection and anonymity of cutting-edge cryptographic technologies”. Assange and co have said they use OpenSSL (an open source secure site connection system, like that
used by online retailers such as Amazon), FreeNet (a peer-to-peer method of storing files among hundreds or thousands of computers without revealing where they originated or who owns them), and PGP (the open source cryptographic system abbreviated from the jocular name “Pretty Good Privacy”).
But their main anonymity protection device is known as Tor. WikiLeaks advertises that “We keep no records as to where you uploaded from, your time zone, browser or even as to when your submission was made.” That’s a classic anonymisation via Tor.
US intelligence agencies see Tor as important to their covert spying work and have not been pleased to see it used to leak their own secrets. Tor means that submissions can be hidden, and internal discussions can take place out of sight of would-be monitors. Tor was a US Naval Research Laboratory project, developed in 1995, which has been taken up by hackers around the world. It uses a network of about 2,000 volunteer global computer servers, through which any message can be routed, anonymously and untraceably, via other Tor computers, and eventually to a receiver outside the network. The key concept is that an outsider is never able to link the sender and receiver by examining “packets” of data.
That’s not usually the case with data sent online, where every message is split into “packets” containing information about its source, destination and other organising data (such as where the packet fits in the message). At the destination, the packets are reassembled. Anyone monitoring the sender or receiver’s internet connection will see the receiver and source information, even if the content itself is encrypted. And for whistleblowers, that can be disastrous.
Tor introduces an uncrackable level of obfuscation. Say Appelbaum in Seattle wants to send a message to Domscheit-Berg in Berlin. Both men need to run the Tor program on their machines. Appelbaum might take the precaution of encrypting it first using the free-of-charge PGP system. Then he sends it via
Tor. The software creates a further encrypted channel routed through the Tor servers, using a few “nodes” among the worldwide network. The encryption is layered: as the message passes through the network, each node peels off a layer of encryption, which tells it which node to send the payload to next. Successive passes strip more encryption off until the message reaches the edge of the network, where it exits with as much encryption as the original – in this case, PGP-encrypted.
An external observer at any point in the network tapping the traffic that is flowing through it cannot decode what is being sent, and can only see one hop back and one hop forward. So monitoring the sender or receiver connections will only show a transmission going into or coming out of a Tor node – but nothing more. This “onion” style encryption, with layer after layer, gave rise to the original name, “The Onion Router” – shortened to Tor.
Tor also allows users to set up “hidden services”, such as instant messaging, that can’t be seen by tapping traffic at the servers. They’re accessed, appropriately, via pseudo-top-level domains ending in “.onion”. That provides another measure of security, so that someone who has sent a physical version of an electronic record, say on a thumb drive, can encrypt it and send it on, and only later reveal the encryption key. The Jabber encrypted chat service is popular with WikiLeakers.
“Tor’s importance to WikiLeaks cannot be overstated,” Assange told
Rolling Stone
, when they profiled Appelbaum, his west coast US hacker associate. But Tor has an interesting weakness. If a message isn’t specially encrypted from the outset, then its actual contents can sometimes be read by other people. This may sound like an obscure technical point. But there is evidence that it explains the true reason for the launch of WikiLeaks at the end of 2006 – not as a traditional journalistic enterprise, but as a piece of opportunistic underground computer hacking. In other words: eavesdropping.
On the verge of his debut WikiLeaks publication, at the beginning of 2007, Assange excitedly messaged the veteran curator of the Cryptome leaking site, John Young, to explain where his trove of material was coming from:
“Hackers monitor chinese and other intel as they burrow into their targets, when they pull, so do we. Inexhaustible supply of material. Near 100,000 documents/emails a day. We’re going to crack the world open and let it flower into something new …We have all of pre 2005 afghanistan. Almost all of india fed. Half a dozen foreign ministries. Dozens of political parties and consulates, worldbank, opec, UN sections, trade groups, tibet and falun dafa associations and … russian phishing mafia who pull data everywhere. We’re drowning. We don’t even know a tenth of what we have or who it belongs to. We stopped storing it at 1Tb [one terabyte, or 1,000 gigabytes].”
A few weeks later, in August 2007, a Swedish Tor expert, Dan Egerstad, told
Wired
magazine that he had confirmed it was possible to harvest documents, email contents, user names and passwords for various diplomats and organisations by operating a volunteer Tor “exit” node. This was the final server at the edge of the Tor system through which documents without end-to-end encryption were bounced before emerging. The magazine reported that Egerstad “found accounts belonging to the foreign ministry of Iran, the UK’s visa office in Nepal and the Defence Research and Development Organisation in India’s Ministry of Defence. In addition, Egerstad was able to read correspondence belonging to the Indian ambassador to China, various politicians in Hong Kong, workers in the Dalai Lama’s liaison office and several human rights groups in Hong Kong. “It kind of shocked me,” he said. “I am absolutely positive that I am not the only one to figure this out.”