Sophos Cloud Optix
On 16 August Wikileaks released an enormous collection of mysterious ‘insurance’ data on to the web.
The data was released in 3 sizeable torrent files alongside a message asking the people of earth to mirror the data far and wide.
The triumvirate of files are locked with NSA-approved AES encryption and weigh in at a beefy 3.6GB, 49GB and 349GB respectively.
Without a secret key to decrypt them (or a time machine and a very powerful computer) the files are useless blobs of ones and zeros that allow the safe dispersal of secret information beyond the reach of anyone who might want to interfere with Wikileaks.
The only statements by WikiLeaks have been released via Twitter…
WikiLeaks releases encrypted versions of upcoming publication data ("insurance") from time to time to nullify attempts at prior restraint.
…and Facebook…
Please mirror: WikiLeaks insurance 20130815-A: 3.6Gb http://wlstorage.net/torrent/wlinsurance-20130815-A.aes256.torrent B: 49Gb http://wlstorage.net/torrent/wlinsurance-20130815-B.aes256.torrent C: 349GB http://wlstorage.net/torrent/wlinsurance-20130815-C.aes256.torrent
For now we have no idea what is actually in these files, so they just loom like those enormous, brooding UFOs from Independence Day; casting their shadow over the world’s governments with their true purpose unconfessed.
Of course the dearth of actual cold hard facts to accompany the data, and the fact that this isn’t the first time Wikileaks has done this, hasn’t stopped widespread conjecture and wonderment about this curious happening.
El Reg speculates that the files are a warning shot across the bows of ‘anyone seeking to nobble either Julian Assange or Edward Snowden’ – a dead man’s switch that will unleash a payload of pay dirt if the anointed heroes of free speech ever release their grip on it.
Maybe El Reg is right but it seems to me that Wikileaks serves its aims by releasing information, not by withholding it. The idea that it would be prepared to sit indefinitely on half a terabyte of secrets somebody has asked it to leak just doesn’t ring true.
Besides, whatever you think of Julian Assange, Bradley Manning or Edward Snowden, it would be a stretch to accuse any of them of worrying unduly about personal safety.
Gizmodo’s groping in the dark stumbles towards the event’s timing;
Bradley Manning's sentencing hearing is due to reach a verdict sometime next week. That, and there's always something going on with Edward Snowden.
The first bit is true, having recently been charged Manning is due to be sentenced this week.
I’m less sure about the second part, unless by “going on” Gizmodo meant to say “occupying the attention of 24 hour news by not changing airport”.
Does anyone really think that WikiLeaks would try to use blackmail to influence the outcome of poster boy Bradley Manning’s trial? Isn’t that exactly the kind of underhand and undemocratic behaviour the whistleblower website is trying to expose?
And does Snowden really need an internet time bomb while he’s enjoying the fortified hospitality of Vladimir “Ostrich Legs” Putin? Surely even a radical expansion of the US drone strike program is unlikely to take in Moscow.
No, I think WikiLeaks has already told us that this is information it will be releasing in due course (“upcoming publication data”).
Of course even if Wikileaks does publish the secrets in these files on its website, the insurance files themselves are still just scrambled noise unless it releases the keys as well. So perhaps we’ll never know what’s really in them. Maybe, as some have speculated, they actually do contain proof that every single episode of The X-Files was actually a documentary.
So, please, take a minute to share what you think is in the files. My money’s on cat videos.
I think is a response to Britain’s invocation of Schedule 7 in an attempt to censor data enroute to the Guardian.
I just cracked the encryption!!! It says, "b-e-s-u-r-e t-o-d-r-i-n-k y-o-u-r-o-v-a-l-t-i-n-e."
Ovaltine? A crummy commercial? Assange, you son of a b*tch!
If the files are what they are toted to be, I don't think it matters if they are encrypted, because someone could (and likely will) eventually crack them, and then that information will be in the wrong hands. (To assume that "NSA-approved AES encryption" will forever remain uncracked is just naive.) This should be treated as if the files were not encrypted at all, but then, the risk becomes that the files aren't what they're thought to be, and everyone gets ramped up over nothing.
I thought about mentioning that these are, effectively, in the public domain because as you say – it seems to me that at some point they will inevitably be decrypted with or without keys. Presumably WikiLeaks knows that too and since the whole point of WikiLeaks is to disseminate information rather than to withhold I imagine they don't care.
Then I looked into how long it would take a very, very powerful computer to hack a 256 bit AES encryption. I am not an encryption expert but broadly speaking it was considerably longer than the time it will take the universe to expand out to an almost featureless and uniform quantum foam.
That doesn't mean it won't be hacked next week of course but it did make me feel it was unlikely so I removed that bit of my article!
actually, you can crack them in short order with a rented super computer. you can literally rent supercomputers for about 30 cents a minute. with only a relatively small amount of money, these files can be cracked.
I'm sure every world power has already cracked these files and knows their contents. the question is though, if they find something in those files that they deem the public should not know at any cost, and if it's powerful enough to protect wikileaks from being attacked.
You might be thinking of DES.
There is an interesting discussion on eetimes.com where they pitch a low ball estimate of 300,000 years simply to generate the power required to crack a 128 bit AES key given our current collective energy generation capacity, never mind the computing time itself.
And I don't believe WikiLeaks are protecting themselves from attack, they are, in their own words, insuring themselves. What they are insuring is that the information can get out somehow – not their ability to go unmolested.
If they are prevented from carrying out their work then these files give them a way to get the information can get into the public domain a different way.
Yes, it could be WikiLeak's way of giving the governments (who have the ability to crack the code) a "head's up" on the data and time to put together their responses before it is unencrypted and posted for everyone.
Not a chance any supercomputer (or every supercomputer ever made combined working together, plus all the PCs, Macs, Laptops, Cellphones ever made in human history — all working together simultaneously at the same time in parallel) can break 128-bit AES encryption in the next billion years.
You need to find mathematical/technical flaw in AES algorithm to break it. Brute computer force isn't going to work.
Well…there are 2^128 possible keys, but as soon as you get the right one, you can give up. So, guess as correctly as you can as early as you can 😉
Interestingly I saw a documentary about this kind of thing yesterday. Current super computers would not be able to crack the strongest encryption in our lifetime.
But it seems a quantum computer could crack any current encryption almost instantly. Well, if they were more available and unwieldy. But then, companies are apparently already using 'quantum' encryption to counter that.
Anyway, I'm not a scientist, so they might as well have been talking about bio neural gel packs.
AES is more than just NSA-approved (does this even mean anything?), it's the current "state of the art" for symetric ciphers.
If you can break AES (without a time machine), then you can do far more interresting things.
If it says "insurance" maybe it has something to do with Obamcare and not insurance for Julian himself.
"…the anointed heroes of free speech…"
Who anointed them, and by what authority? Self-anointed is closer the to the truth.
In any case, the entire "free speech" issue is a needless distraction from the real issue, which is the improprieties and excesses of the state. Mr. Assange and those like him are fighting a losing battle if they're pinning their hopes on the First Amendment. The free speech card won’t trump the state’s attempt to nail them. There are too many exceptions covered by the doctrine of non-protection of speech involving "national security" interests. When the state gets to define what is in the interest of "national security", it's game over for anyone who gets in the way.
maybe they just want to know when and if someone is able to break aes256? besides, if free speech does not trump anything else, it’s revolution time my friends.
I vote for a movie with Julian's own commentary of the The Fifth Estate.
and how safely stored is the 'key'
Its probably something like the entire text of a public domain book.
I think it is a huge porn collection, just for the case that the porn filter in UK gets real.
I have no idea what might be in those files (well OK I have some idea), but it would be a lot of fun trying to find out!
Imagine if the password was something easy like "pickles43"
The Government probably has a pretty good idea of what info Wikki Leaks has on them and they also know to keep some distance between from them.
Even the Government realizes that mutual respect (and distance) is better than becoming emblazoned in the kind of global scrutiny that the NSA/Snowden whistle-blowing scandal has wrought.
It's bad for business when your illegal operations become exposed.
The thing is, contrary to all the hero action movies, one person can do nothing. Well, nothing measurable anyways, until there is a sufficient following to provide the momentum for change.
My point is that it's up to the big players in this game to fight the meaningful battles and, hopefully, win the war against privacy intrusion.
Let's use Internet mail (base SMTP traffic)as an example. SMTP has never been secure even though the technology to change that protocol has existed since the protocol was invented. But have any of the big players made the necessary adjustments? Google? Yahoo? Microsoft? Anybody?
No, they haven't. Which begs the question – why not? I propose it's not related to money or backward compatibility or any of that other business or technical BS, it's because clear text messaging serves the security industry best. So, who's sleeping with who here?
Realize that it's not the little man like you and me who use email and other communication services that will change them to a secure model, it's the big companies that will need to lead the fight for secure communications. I'm just a dumb user on a severely limited budget. I have a small vote in the game. Until the big players are willing to carry the ball and tell the government legal beagles to go to hell we're all subject to government intercepting our communications and interpreting them as they see fit. Are you listening Google/Yahoo/Microsoft/etc.? The ball really is in your court. Play to win, for all of our sake.
Why not make the NSA a whole lot of work by spamming their systems with false positives 🙂
If everyone emailed themselves with a sentence along the lines of
"Pressure cooker bombs and jihad is a bad combination"
Perhaps once a week or month… They would be swamped with so many hits, their prism system wouldn't be able to cope 🙂
I hope it contains details about the goings on in Benghazi which Hillary Clinton is so scared will get out.
So, what if everyone just didn't torrent the files and left them where they are? If they are insurance that information would get out should something happen to Julian Assange, Bradley Manning, or Edward Snowden.
Thanks for the info, I'm choosing not to waste my bandwidth to save their collective bacon.
Do we know for SURE that the files are encrypted in 256 AES? Is there a way to know for sure? Or are we just assuming that they gave that clue correctly?
We only have "free speech" (and other forms of free expression) within certain bounds.
We rightly have to stop short of libel, slander, defamation, racial abuse, sub judice breaches, child pornography, etc. And personally I always avoid religious abuse.
People like Assange, Snowden and Salman Rushdie will test the boundaries, in which case the law will take its course. Others, like the News of the World, know that what they are doing is wrong and illegal, but risk it because they expect financial rewards, in the hope that they are not caught.
currently no one can break the encryption. we need to keep this information out there so eventually the secrets can be exposed
"Ostrich legs"?
Imagine a world where you would like to send someone a big file, but do not want anyone to know you are sending it to that person. So you send it to everyone.
So everyone that downloads that file is now a suspect or a member of Wikileaks depending on how you look at it.
One of them has to be their Harlem Shake video.
I hope someone hacks into this information ASAP and makes the information public. I firmly believe the information and documents will expose corruption.
I'm sure Assage will release the password in due time… However you can always use the rainbow tables method on AES encryption to decipher the algorithm. There are many website which offer the ability to run up to 500 Million decipher attempts every 17 minutes… this CPU out-sourcability through virtualization is going to improve over the next few years as well. It's just science, really.
Rainbow tables are no use if AES is used correctly. (A secret password and an initialisation vector that's a random "nonce" – i.e. number used once.)
Then you need a rainbow table for each nonce, so the rainbow tables can't be pre-computed, so computing them anyway is a waste of effort.