WikiLeaks’ little-known “insurance policy”

Jacob Pacey
Contributor
On Saturday, Nov. 27, the night before the much-anticipated release of the first wave of over 250,000 top-secret U.S. diplomatic cables obtained by the whistleblower website WikiLeaks, a rather curious tweet showed up on the site’s Twitter account.
“Now is a good time to download some ‘history insurance,’” the tweet stated. It also contained a link to The Pirate Bay – a torrent site used by thousands of university students looking for free movie downloads and venerated in the hacking community for the integrity and trustworthiness of its creators – that instructed readers to download a file via BitTorrent.
The file, over one gigabyte in size, was available for anyone to download, but gave no indication as to what it contained. It was simply named “insurance.aes256” – the latter half of the file name indicates that whatever it was, it was encrypted in 256-bits, hacker speak for unreadable and uncrackable.
The only way anyone would be able to view the contents of this massive file would be to input a passcode or passkey set by the person who originally encrypted the file.
Based on the number of users downloading the file at any given time, it can be roughly estimated insurance.aes256 was being channelled by at least a few hundred people every hour that night, if not more.
While no one could be 100-percent sure of the contents at the time, anyone closely following WikiLeaks (and with at least a little bit of tech-savvy) knew exactly what this mysterious file was: it was the upcoming WikiLeak. As in the WikiLeak – every single page of every single last one of the roughly quarter million confidential cables – right there on their hard drive before the file was to be released on the web or by the international media.
This wasn’t the first time WikiLeaks had employed such a strategy. In fact, leading up to the release of the Afghan war documents in August, a similar torrent appeared on The Pirate Bay. (The Pirate Bay doesn’t actually host the file on its servers, they simply host a “tracker file” – or a link to
a tracker file – which tells the BitTorrent program where to get the various “bits” of the file from other peers downloading the same file, making the original source of the file untraceable.)
When the file is shared in this way, and not simply hosted on a website to download, the exact locations of the file are also unknown: it is everywhere, and it is nowhere. While no one has yet managed to crack this first “insurance” file from August, many have speculated the file was an unedited, uncensored archive of the Afghan war logs, a speculation WikiLeaks founder Julian Assange almost seemed to confirm when, in reference to a question about the file in an interview with the BBC last summer, he stated he had a duty to protect important historical materials, and that “that duty to history is something that weighs heavily with us.”
“If you had the Stasi archive in your pocket,” Assange continued, “that is a very heavy pocket indeed.”
The public knows a little bit more about the most recent insurance file. Lately, after he spent a week detained in a British prison in relation to a number of rape charges in Sweden, and amidst talk of deportation and espionage charges by the U.S., Assange has been far more blunt about exposing the contents of the file. He’s referred to it as a “thermonuclear device,” and made it perfectly clear the file contains no less than a full and unexpurgated archive of every U.S.-related cable and file WikiLeaks has ever received – with names, addresses and other sensitive details that had been previ- ously omitted in the public release of the documents now intact – and that he would release the decryption key if he is brought before U.S. authorities.
The question becomes: Why, if the file can already be more easily accessed through their website by internet users not pro- ficient in BitTorrent and de-encryption software, would WikiLeaks bother to go to such lengths?
Likely because Assange, a reclusive Australian national, knew that due to the sensitivity of the documents, they were not safe in any one place, or even a few places, especially if anyone were to try and prevent them from being published. Assange real- ized the only way to protect the leak was to spread it to as many people as possible as an “insurance policy,” so that if he was prevented from publishing the leak or was in danger of going to jail for releasing the documents, he (or a confidant) could simply publicize the passcodes or passphrases required to decrypt the file.
As soon as the one- or two-word key is released, tens of thousands of computer-savvy supporters, sympathizers and curious netizens would immediately be able to access the files and re-publish them elsewhere. For many, these files would already be on their computers, further securing the files in case The Pirate Bay was eventually brought down, whether by hackers (rogue or state-sponsored) or by law enforcement officials physically raiding their offices and unplugging the servers.
By rendering it virtually impossible for the U.S. or anyone else to stop the leak, this “insurance policy” not only made the release of the documents inevitable, but as a result made it less likely that anyone would even try and stop the release in the first place.
Evidence of the success of this scheme emerged the morning of Monday, Nov. 29, 2010, when a lone patriot hacker named “The Jester” claimed responsibility for
the massive Distributed Denial of Service (DDOS) attack that shut down WikiLeaks most of the previous day.
It’s likely a “lone wolf” was behind the attack – rather than the U.S. National Security Agency (NSA), as many Wikileaks supporters may have speculated – because the NSA probably wouldn’t try to shut down the site (though they are more than capable of doing so).
The agency knew taking down Wikileaks would have been useless in the long run, precisely because of this scheme Assange had put in place. Furthermore, if people ever found out the NSA tried such a stunt, the backlash would likely be worse than the cables themselves.
Though the media continues to cover the “Cablegate” scandal and analyse the contents of the leaked documents and their impact on foreign relations, it seems they’ve altogether overlooked an equally impor- tant story: how the internet, in its present uncontrolled form in almost all countries (with the exceptions of countries with massive IP-filtering systems and firewalls at international server gateways, like China) has not only made government interference in spreading information nearly impossible, but has made it incredibly inexpensive for someone to protect information in this way.
Whether this new reality is something to be lauded or something to be concerned about is still up for debate.