WikiLeaks suffers its own data loss incident

Filed Under: Data loss, Featured, Privacy

Creative Commons image of Julian Assange courtesy of New Media Days' Flickr photostreamDer Spiegel is reporting that WikiLeaks has had... wait for it... a data leakage accident. You might think, "So what? The data has already been leaked!"

Unfortunately, that isn't quite as clear as it seems. WikiLeaks goes to great lengths to protect both their sources and potential informants by redacting their details from the data before publication.

Last summer Daniel Domscheit-Berg had a dispute with Julian Assange and departed with a chunk of the WikiLeaks staff to form OpenLeaks.

In the process Domscheit-Berg was reported to have taken data from a server containing the 250,000+ leaked diplomatic cables in encrypted form and left Assange without access to the contents.

Eye peering through a keyholeAssange had shared the passphrase to decrypt the cables with an external source as a protective measure and expected the source to keep the key secret.

In November of 2010 Domscheit-Berg returned the files to WikiLeaks. This prompted WikiLeaks supporters to make the contents available in a public archive.

Apparently they didn't notice that the archive included a hidden directory that contained the encrypted file with the cables, and accidentally made the file public.

Assange's external source, not knowing the file was accessible to the public, for some reason publicly disclosed the key this spring.

The result? The uncensored cables are now publicly downloadable and could blow the cover of American informants around the world.

The lesson? Well, even if you are in the business of leaking secrets, you need to keep secrets. I wonder if Julian sees the irony in this incident.

WikiLeaks Twitter feed has posted a message stating "There has been no 'leak at WikiLeaks'. The issue relates to a mainstream media partner and a malicious individual."

If, like WikiLeaks, you need to keep secrets, consider downloading our free e-book, Data Leakage for Dummies.

Creative Commons photo of Julian Assange courtesy of New Media Days' Flickr photostream.

, , , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.