[+] Wayc0de's Blog[+]

30/08/11

WikiLeaks suffers its own data loss incident

Der Spiegel is reporting that WikiLeaks has had... wait for it... a data leakage accident. You might think, "So what? The data has already been leaked!"


Unfortunately, that isn't quite as clear as it seems. WikiLeaks goes to great lengths to protect both their sources and potential informants by redacting their details from the data before publication.

Last summer Daniel Domscheit-Berg had a dispute with Julian Assange and departed with a chunk of the WikiLeaks staff to form OpenLeaks.

In the process Domscheit-Berg was reported to have taken data from a server containing the 250,000+ leaked diplomatic cables in encrypted form and left Assange without access to the contents.
Eye peering through a keyholeAssange had shared the passphrase to decrypt the cables with an external source as a protective measure and expected the source to keep the key secret.

In November of 2010 Domscheit-Berg returned the files to WikiLeaks. This prompted WikiLeaks supporters to make the contents available in a public archive.

Apparently they didn't notice that the archive included a hidden directory that contained the encrypted file with the cables, and accidentally made the file public.

Assange's external source, not knowing the file was accessible to the public, for some reason publicly disclosed the key this spring.

The result? The uncensored cables are now publicly downloadable and could blow the cover of American informants around the world.

The lesson? Well, even if you are in the business of leaking secrets, you need to keep secrets. I wonder if Julian sees the irony in this incident.

WikiLeaks Twitter feed has posted a message stating "There has been no 'leak at WikiLeaks'. The issue relates to a mainstream media partner and a malicious individual."

If, like WikiLeaks, you need to keep secrets, consider downloading our free e-book, Data Leakage for Dummies.

Tidak ada komentar:

Posting Komentar