|Page (1) of 1 - 09/01/11||email article||print page|
WikiLeaks: How a mysterious file and an old password led to the leak of 250,000 US cables
NEW YORK (AP) ' It was meant to be strictly-managed release, carefully censored to avoid putting innocents at risk and tailored for maximum media exposure. But by Thursday WikiLeaks' release of some 250,000 US diplomatic cables had turned into a massive online document dump.
The full set of unredacted cables are now widely available online to anyone who wants them even though it does not appear that Wikileaks intended to release the documents in this way.
Instead, they became public through a complex series of events involving an encrypted archive and a password thought to be harmless.
According to an account by Guardian journalist David Leigh, Wikileaks founder Julian Assange gave the unredacted cables to The Guardian in the summer of 2010 by temporarily placing an encrypted file on an obscure website. Leigh was given a password which unlocked this file.
A few months later, Wikileaks publicly posted a huge archive of previously released material to ensure continued access to it following Assange's legal troubles and attacks on their website.
At that time only a few thousand of the more than 250,000 cables had been published, and only in redacted form to protect US diplomatic sources.
Although the 250,000 cables were not in the archive, it included a mysterious encrypted file called "z.gpg" ' which appears to have been created months before Wikileaks gave the cables to the media.
In February 2011, Leigh's book "WikiLeaks: Inside Julian Assange's War on Secrecy" was published. In it he described how Assange passed the cables to the Guardian, along with the password he was given.
There matters sat until Aug. 25 when the website of German newspaper Der Freitag connected the old password with the mysterious "z.gpg" file, although they did not name the file or print the password.
But others clearly knew. By Wednesday, Aug. 31, a few Twitter users were hinting that the password in Leigh's book worked, and others were drawing attention to "z.gpg." Within hours, public links to the full, unencrypted cables appeared.
By Thursday morning, the cables were easily available from several file sharing sites commonly used for pirated music and movies.
In a series of tweets and an "editorial" posted earlier this week, Wikileaks blamed Leigh for publishing the password, and former Wikileaks staffer Daniel Domscheit-Berg for revealing the password's connection to the old file.
Domscheit-Berg told CNN he discovered the connection "by chance" and alerted Die Freitag.
Leigh dismissed the charges as "time-wasting nonsense."
"What we published much later in our book was obsolete and harmless," Leigh said. "We did not disclose the URL (web address) where the file was located, and in any event, Assange had told us it would no longer exist."
Leigh claims that he was not even given the same file as the one now circulating. The file obtained by unlocking "z.gpg" is slightly different than an archive of the cables obtained earlier this year by the Associated Press.
But both files used the same password. After Wikileaks published the file and Leigh published the password, it was only a matter of time before someone made the connection.