WikiLeaks published hundreds of thousands of unredacted government cables only after they had been published by other people on the internet, a court heard yesterday.
Christian Grothoff, an expert in network security from the University of Applied Sciences in Bern, Switzerland, said copies of the documents came into the public domain after the password was published in a book on WikiLeaks.
He was speaking on the 10th day of an extradition hearing held against Julian Assange at the Old Bailey in London.
Assange has been indicted on 17 charges under the US Espionage Act and has been accused of publishing unredacted documents which put the lives of local Afghans and Iraqis who passed information to US forces at risk.
The WikiLeaks founder faces further allegations that he conspired with computer hackers to encourage them to obtain secret US government documents.
During the hearing, Joel Smith, representing the US government, accused Grothoff of bias after disclosing that he had signed a letter sent to US president Donald Trump calling for him to stop the prosecution of Assange.
Passphrase gave access to encrypted documents
Questioned by Mark Summers, QC for the defence, Grothoff said WikiLeaks shared a passphrase with investigative journalist David Leigh giving him access to a website containing the encrypted documents.
“It was described in David Leigh’s book as a very long password,” he said.“ One can look at the password and estimate how long it would take to attack by brute force. It could not be broken in a reasonable amount of time.”
WikiLeaks was hit by a cyber attack in November 2010 after its media partners began to publish the US diplomatic cables in redacted form, Grothoff told the court.
“The WikiLeaks site was under a denial-of-service attack, when someone – we don’t know who – tried to make the site inaccessible,” he said.
WikiLeaks’ DNS service provider later terminated the WikiLeaks DNS service to protect its other customers.
WikiLeaks website ‘mirrored’ after cyber attack
The attack led to other people making “mirrors” of the WikiLeaks site, with the encouragement of WikiLeaks, to duplicate the contents of its site, said Grothoff. Some of these mirrored sites included encrypted copies of the unredacted cables, he added.
However, journalists David Leigh and Luke Harding published a book, WikiLeaks: Inside Julian Assange’s war on secrecy, which reproduced the passphrase Leigh had been given to access encrypted files in February 2011.
Grothoff said WikiLeaks would not have been able to change the passphrase to protect the file which had been mirrored on other parts of the internet.
German newspaper revealed existence of password
Nothing happened until German weekly newspaper Der Freitag published a story saying the password had been leaked and that it could unlock copies of the encrypted files on the internet.
“Now people could easily put two and two together,” said Grothoff.
The court heard that on 31 August 2010, Nigel Parry, who ran a website, had used the passphrase to decrypt the cables.
At about the same time, the decrypted cables appeared in BitTorrent and the website Cryptome published the cables in unredacted form.
“Cryptome is a well-known site for leaking information and it inspired WikiLeaks,” said Grothoff.
One the same day, the website mrkva.eu published a searchable copy of the unredacted document, and the decrypted cables that became available on BitTorrent appeared on the Pirate Bay website.
WikiLeaks published the unredacted documents on 2 September 2010, making announcements on Twitter and on the WikiLeaks website.
“By that time, [the document file] was on the internet in a way that was impossible to stop,” said Grothoff.
Prosecution: ‘You’re biased, you are partial’
Joel Smith, for the prosecution, raised questions about Grothoff’s impartiality as an expert witness.
He asked Grothoff why he had signed a letter from WikiLeaks’ legal defence fund to president Trump.
“I do not recall when I signed it or how this signature came to be,” said Grothoff.
“You don’t remember signing an open letter to the president of the US calling for the cessation of the prosecution of Julian Assange?” said Smith. “You’re biased, you are partial.”
Grothoff said: “I believe that looking at the indictment put forward, you are confusing WikiLeaks’ attempts to hide documents with publishing them. You did not properly do your homework in finding out who published the cables first.”
The computer scientist agreed that WikiLeaks gave 50 media and human rights organisations access to 100,000 unredacted US government papers.
Grothoff said WikiLeaks’ encouragement of people to mirror its contents on the internet may have been an attempt to build a haystack to make it harder to find the encrypted file containing the unredacted documents.
“If someone did realise at WikiLeaks [that the passphrase had been published], this might have been a good way of building a haystack,” he said.
WikiLeaks put out a statement dated 1 September 2010 which cited a paragraph from Leigh’s book quoting the passphrase, and criticising the journalists for publishing it.
WikiLeaks went on to publish all the cables on 1 September 2010 in what it called a “cable bomb”.
Grothoff agreed that Wikileaks had a significant public reach.
All or nothing
Questioned by Summers, representing Assange, Grothoff said he was not aware of any newspaper being given access to the whole set of leaked documents apart from David Leigh at The Guardian.
“David Leigh was a recognised journalist for a major newspaper, so it was recognised he would be qualified to do redactions,” he said.
Leigh had to press Assange to disclose the whole set of documents. Assange initially offered 50%, but Leigh said: “All or nothing.” Assange capitulated after Leigh warned that Assange could end up in Guantanamo before the documents were published.
Grothoff said WikiLeaks had given instructions on how to create mirrors of its site, but some mirrored sites were created by people using other software.
He said that as far as he could tell, the mirrors that were set up through the encouragement of WikiLeaks did not contain encrypted or decrypted versions of the classified cables.
He said the encrypted cache of documents most likely ended up in other mirrored sites by accident. “How exactly they got there I cannot say,” he added.
Summers said that in addition to Grothoff, former US army, CIA and FBI employees had signed the letter asking for Trump to stop the prosecution against Assange.
The case continues.
Summer 2010: WikiLeaks gives investigative journalist David Leigh access to the US diplomatic cables which are stored on a website as encrypted file with the filename “xyz_z.gpg”.
28 November 2010: The Guardian, El Pais, Le Monde, Der Spiegel and the New York Times begin publishing redacted cables from WikiLeaks. WikiLeaks is subjected to a denial-of-service attack.
2 December 2010: WikiLeaks service provider EveryDns.net terminates DNS hosting for WikiLeaks to protect its other customers against the denial-of-service attack on WikiLeaks.
4 December 2010: Third-party organisations begin to mirror information from WikiLeaks by creating mirrors of the information on websites and BitTorrent. Some of the mirrors include the encrypted file given to David Leigh “xyz_z.gpg”.
1 February 2011: David Leigh publishes his book WikiLeaks: Inside Julian Assange’s war on secrecy. The book disclosed the passphrase for accessing the encrypted file containing the unredacted diplomatic cables.
25 August 2011: Der Freitag reports that it has discovered a copy of the full archive on the internet and was able to decrypt it using a passphrase found on the internet.
31 August 2011: The website Cryptome publishes a report on the passphrase and which file it decrypts. A searchable copy of the decrypted cables appears on the website mrkva.eu. WikiLeaks makes a public statement about the disclosure of the passphrase in Leigh’s book.
1 September 2011: A user called “droehein” creates a BitTorrent on the Pirate Bay website sharing the decrypted cables.
2 September 2011: Wikileaks republished the unredacted cables on the WikiLeaks site.
Source: Christian Grothoff
Read more about Julian Assange’s September extradition hearing at the Old Bailey
- Lawyers for Julian Assange say the US has introduced an 11th hour indictment against the WikiLeaks founder that provides additional grounds for his extradition.
- On the second day of his extradition hearing at the Old Bailey, judge informs the WikiLeaks founder he could be removed and potentially banned from court for interrupting witnesses.
- US journalism historian and investigative journalist Mark Feldstein tells a UK court that use of the Espionage Act against Assange will have wide implications for the press.
- Trevor Timm, co-founder of the Freedom of the Press Foundation, tells a court that if the US prosecutes Julian Assange, every reporter who receives a secret document will be criminalised.
- WikiLeaks founder Julian Assange will be held under special administrative measures if extradited to the US, said Eric Lewis, a US legal expert, effectively placing him in solitary confinement.
- MEPs and NGOs say they have been denied access to observe extradition proceedings against WikiLeaks founder in Central Criminal Court.
- WikiLeaks founder Julian Assange held back 15,000 documents from publication at the request of the US government, a court heard today.
- Daniel Ellsberg, who leaked highly classified documents that changed the course of the Vietnam War in the 1970s, says WikiLeaks exposed a serious pattern of US war crimes.
- WikiLeaks and its media partners used software developed by an independent non-government organisation (NGO) to redact information that could identify individuals from 400,000 classified documents on the Iraq war, a court heard today.
- New Zealand investigative journalist and author Nicky Hager said that WikiLeaks’ publication of a video showing a US helicopter firing on civilians, along with the publication of secret war logs, ‘electrified’ the world to civilian deaths.
- WikiLeaks founder Julian Assange was offered a “win-win” deal that would allow him “to get on with his life” and benefit US president Donald Trump’.
- Khalid El-Masri said that disclosures by WikiLeaks showed that the US had intervened in a German judicial investigation into his torture and kidnapping by the CIA.
- US journalist and Trump supporter, Casandra Fairbanks claimed that she had been told by a republican party supporter close to the president about plans for Assange’s arrest months before it happened.
Read more on Hackers and cybercrime prevention
WikiLeaks founder Julian Assange cannot be extradited to face charges in US, court rules
The case of Julian Assange as he faces US extradition bid – Computer Weekly Downtime Upload podcast
WikiLeaks led the way for newsrooms to use encryption to protect sources, says Italian journalist
Judge to give verdict on Julian Assange’s extradition after Christmas