Wikileaks Was Launched With Intercepts From Tor

The New Yorker is featuring a long and detailed profile of Julian Assange, founder of Wikileaks. From this Wired's Threat Level pulls out one salient detail: that Wikileaks' initial scoop came from documents intercepted from Tor exit routers. The eavesdropping was pulled off by a Wikileaks activist — neither the New Yorker nor Wired knows who or even in what country he or she resides. "The siphoned documents, supposedly stolen by Chinese hackers or spies who were using the Tor network to transmit the data, were the basis for Wikileaks founder Julian Assange's assertion in 2006 that his organization had already 'received over one million documents from 13 countries' before his site was launched ..." Update: 06/02 06:31 GMT by T : In reaction to the Wired story, and the New Yorker story on which it drew, Andrew Lewman of the Tor Project points to this explanation / reminder of what Tor's software actually does and does not do. Relevant to the claims reported above, it reads in part "We hear from the Wikileaks folks that the premise behind these news articles is actually false -- they didn't bootstrap Wikileaks by monitoring the Tor network. But that's not the point. The point is that users who want to be safe need to be encrypting their traffic, whether they're using Tor or not." This flat denial of the assertion that Wikileaks was bootstrapped with documents sniffed from the Tor network is repeated unambiguously in correspondence from Wikileaks volunteers.

So what?

[msauve]

The summary is written as if Tor is suppose to be secure from eavesdropping. It isn't. It's supposed to offer anonymity. There's nothing to indicate that the _source_ of the documents was compromised.

Re:So what?

[Anonymous Coward]

There's a very simple solution to this problem:

Encrypt your data before sending it over Tor

I sincerely hope any serious US agency using Tor for operations would take this precaution; it seems stupid not to do so, unless the goal is to provide disinformation

transparency

[rwa2]

Transparency is what the information age is for. It will be interesting to see how political bodies adjust... on one hand, the leaks are damaging, and truly innocuous or routine things can be spun and blown way out of proportion by opposition groups. On the other hand, they now have to behave to higher ethical standards (or at least the appearance of high ethical standards) because virtually anything could become public knowledge.

Re:A leak != Espionage

[linzeal]

Heh, there have been rumors this has been a bonanza for the intelligence community. If wikileaks is doing it you can bet every three letter agency in the world has been doing it too.

Re:transparency

[Strong Arm Coat]

Where's the "Wishful Thinking" mod when you need it?

Re:So what?

[Anonymous Coward]

...because if the US govt agencies DIDN'T use such common-sense security tactics, they (and me, and my family, and my community) would easily be taken over by another government that is just as effective in screwing the world, dominating the weak, and murdering innocents.

I don't excuse our government's behavior, but it's not as if the rest of the world is made up of sane, caring individuals...

Re:Worry

[DarkKnightRadick]

I don't question the validity of their information. If their information wasn't valid, then companies wouldn't sue to have it taken down the way they have been. They'd be going with anti-defamation suits. They haven't been.

Re:Fundamental Flaw?

[Cougar Town]

Would this be a fundamental flaw of the TOR network? If you don't know who's controlling the exit nodes, then you will never know if the information you send is truly secure.

Tor offers anonymity, not security. Encryption and signing is for security. The two can be combined.

Re:So what?

[Philip K Dickhead]

They use the same secrecy to turn you into a slave.

Re:Fundamental Flaw?

[Virak]

No, this is a fundamental flaw with unencrypted communication, which is exactly what you're doing when you use Tor to access things outside of the Tor network without additional encryption. Either stay inside the network or ensure whatever you're running over it has its own encryption, simple as that. As always, the biggest threat to security is incompetence.

Re:So what?

[Anonymous Coward]

No, this article reflects on Wikileaks not on Tor. The summary is written as if some information was more stolen than purposely leaked. This reflects on Wikileaks in two ways:

First, it seems somehow more noble when an internal dissident leaks an embarrassing secret, for example the Pentagon Papers. Whereas coming by information that was not purposely leaked is more suspect. (Though still possibly useful and possibly ethical. For example, publishing specs of the lost iPhone 4G.)

Second, since this information was intercepted by Wikileaks while being stolen *by someone else*, it points to Wikileaks' role in highlighting a security flaw in the source organization. Perhaps they wouldn't even have known about that theft unless Wikileaks published it.

So this isn't really about Tor per se.

Re:So what?

[Anonymous Coward]

As long as they entertain us, we don't care. In fact, you're blocking the TV.. move out of the way..

Re:So what?

[Unordained]

I use a car to get to work. Terrorists use cars to blow things up. Clearly, the tool is equal to the usage.

Re:Hmmmmm

[grcumb]

Sounds like an excellent way to spread disinformation.....even better than say.....the New York Times.

You know, even as recently as the salad days of my youth, I could have labeled you a troll for writing that about the NYT.

Now, alas, all I can do is nod my head sadly in agreement.

This is why I only use Tor

[fishexe]

...for getting around the Great Firewall to d/l porn and access facebook, not for doing anything that needs to be secure.

Re:Innocent world theory does not apply to govs.

[Fjandr]

The attempts by large groups to dominate the weak occurred long before capitalism, and will continue should capitalism ever cease to exist. It is simply one model of domination. There are many more in existence.

rather, stuff coming from exit nodes

[Onymous Coward]

More precisely, it is not the nodes themselves that are the risk, but the (unencrypted) communication coming from the exit nodes.

Re:So what?

[Anonymous Coward]

and who guarantees, the realname i'm using is MY realname, if i'm posting anonymous?+

Re:So what?

[Anonymous Coward]

So?? I build bombs in my basement all the time for perfectly legal means!!

Re:So what?

[RichiH]

People making tunnels, savely detonating avalanches, digging for resources, destructing old buildings use bombs. Terrorists use cars to blow things up. Clearly, the tool is equal to the usage.

And while the bomb may cause the explosion (or rather the explosive in the bomb), cars are used regularly as a deployment vector of the bomb.

Re:So what?

[JasterBobaMereel]

If they send unencrypted sensitive data over a public network they get everything they deserve ...

Private secure networks are there for a reason

Encryption is there for a reason

Tor (Anonymizing networks) are there for a reason

Use the combination you need depending on the data you need to send ....