Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Censorship The Media Your Rights Online

Wikileaks Was Launched With Intercepts From Tor 157

Posted by kdawson
from the secrets-have-to-exit-somewhere dept.
The New Yorker is featuring a long and detailed profile of Julian Assange, founder of Wikileaks. From this Wired's Threat Level pulls out one salient detail: that Wikileaks' initial scoop came from documents intercepted from Tor exit routers. The eavesdropping was pulled off by a Wikileaks activist — neither the New Yorker nor Wired knows who or even in what country he or she resides. "The siphoned documents, supposedly stolen by Chinese hackers or spies who were using the Tor network to transmit the data, were the basis for Wikileaks founder Julian Assange's assertion in 2006 that his organization had already 'received over one million documents from 13 countries' before his site was launched ..." Update: 06/02 06:31 GMT by T : In reaction to the Wired story, and the New Yorker story on which it drew, Andrew Lewman of the Tor Project points to this explanation / reminder of what Tor's software actually does and does not do. Relevant to the claims reported above, it reads in part "We hear from the Wikileaks folks that the premise behind these news articles is actually false -- they didn't bootstrap Wikileaks by monitoring the Tor network. But that's not the point. The point is that users who want to be safe need to be encrypting their traffic, whether they're using Tor or not." This flat denial of the assertion that Wikileaks was bootstrapped with documents sniffed from the Tor network is repeated unambiguously in correspondence from Wikileaks volunteers.
This discussion has been archived. No new comments can be posted.

Wikileaks Was Launched With Intercepts From Tor

Comments Filter:
  • So what? (Score:5, Insightful)

    by msauve (701917) on Tuesday June 01, 2010 @08:00PM (#32426322)
    The summary is written as if Tor is suppose to be secure from eavesdropping. It isn't. It's supposed to offer anonymity. There's nothing to indicate that the _source_ of the documents was compromised.
    • Re:So what? (Score:5, Insightful)

      by Anonymous Coward on Tuesday June 01, 2010 @08:05PM (#32426372)
      There's a very simple solution to this problem:

      Encrypt your data before sending it over Tor

      I sincerely hope any serious US agency using Tor for operations would take this precaution; it seems stupid not to do so, unless the goal is to provide disinformation
      • by hitmark (640295)

        one question tho, unless one is using a throw away key, wont the use of encryption defeat the purpose of tor in the first place?

        • No. Let's say you are ratting out a bad guy who is likely monitoring your network (government, employer, etc.). If you forward incriminating documents via encrypted transmission what you sent is concealed, but the fact that you sent something, and the destination to which you sent it are not.

          If you use TOR to cover your tracks, the destination may be obscured, but what you sent may be in the open if not protected by encryption above and beyond what TOR uses internally.
          • by hitmark (640295)

            ok, i see i was not clear about my thinking. What i had in mind was the most used encryption system today, where one have a public and private key. Cant the public key being used in the encryption rat out where the message is going, even if one use tor?

            • Good question, and beyond my ability to answer with certainty, but my guess is "no".
            • by tibman (623933)

              I see what you're saying. If the private key could be tied to a specific person then i'd say you're boned. But there's nothing stopping you from generating a new key-pair that nobody knows about.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      No, this article reflects on Wikileaks not on Tor. The summary is written as if some information was more stolen than purposely leaked. This reflects on Wikileaks in two ways:

      First, it seems somehow more noble when an internal dissident leaks an embarrassing secret, for example the Pentagon Papers. Whereas coming by information that was not purposely leaked is more suspect. (Though still possibly useful and possibly ethical. For example, publishing specs of the lost iPhone 4G.)

      Second, since this inform

      • Though still possibly useful and possibly ethical. For example, publishing specs of the lost iPhone 4G

        No wonder you posted AC. A brave soul, indeed, claiming on Slashdot that the publishing of the iPhone 4G specs could in any way be construed as 'useful', or even 'ethical'. Be ready for your attitude readjustment from the RDF faithful...

        • by fractoid (1076465)
          Hey now, I'm usually accused of being an angry anti-apple troll, and even I think that gizmodo was out of line. Apple employee loses a phone he was road-testing, gizmodo buys it (selling property you don't own is stealing, and buying it is receiving stolen goods), and then they rat the guy out, putting his job in jeopardy. It doesn't count as 'reasonable effort to return stolen goods' that they phoned some sales goon who said "um wat idunno".
  • Should rename them WikiThief.

    My big question is whether or not their tactic for acquiring the documents is still usable by say, the Chinese Government.
    • by linzeal (197905) on Tuesday June 01, 2010 @08:11PM (#32426414) Homepage Journal
      Heh, there have been rumors this has been a bonanza for the intelligence community. If wikileaks is doing it you can bet every three letter agency in the world has been doing it too.
      • Almost anyone could get into that game, at least in a small way with one or more Tor exit nodes.

        That's the problem with using something that bridges back to the normal Internet: Security can be quite low without painstaking preparation. I2P at least will not pose such a risk because your destinations are all inside the darknet, and even https is discouraged because the connections are considered secure as well as anonymous (your base64 address acts as the public key that pairs with your local identity which

      • by StikyPad (445176)

        ::Shakes fist in the air::

        Damn you, NPS!!!

      • by Tycho (11893)

        So what does the USGS, USDA and the NOAA use to gather foreign intelligence? Well aside from contacting the foreign authorities through the standard methods.

  • transparency (Score:4, Insightful)

    by rwa2 (4391) * on Tuesday June 01, 2010 @08:06PM (#32426384) Homepage Journal

    Transparency is what the information age is for. It will be interesting to see how political bodies adjust... on one hand, the leaks are damaging, and truly innocuous or routine things can be spun and blown way out of proportion by opposition groups. On the other hand, they now have to behave to higher ethical standards (or at least the appearance of high ethical standards) because virtually anything could become public knowledge.

  • those chinese hackers are good for something.. I'm thinking if we ever catch one though.. we'll sentence them to work in that Foxconn plant making iPhones ...
  • by garethw (584688)
    WiliLeaks? Really?
  • Worry (Score:2, Interesting)

    by cappp (1822388)
    Personally reading the linked articles made me really, really uncomfortable. Obviously wiki-leaks as a site has its own particular biases and political goals, everyone does, but the way in which they went about gathering this payload fills me with a really agonising ambivalence.

    It really strikes to the heart of my feelings about wikileaks itself. Democracies require informed populations and accountability – they’re premised on the fundamental idea that the voting public makes choices based o
    • Re: (Score:3, Insightful)

      I don't question the validity of their information. If their information wasn't valid, then companies wouldn't sue to have it taken down the way they have been. They'd be going with anti-defamation suits. They haven't been.

    • They are.. leaking.. supposedly.. restricted information /Shatner. This will always be considered "ethically questionable" - to those who wouldn't have wanted the leaks. Also, how do you think information in general is leaked?

      1. Information at some point gets into the hands of some person A who is prepared to do with it other than what the information "owner" B intended.

      2. A redistributes that information somehow, usually without B's initial knowledge.

      If people exchange unencrypted stuff over Tor - i.e. the

    • I'm worried for more reasons than just the probity of the data and editorial bias, which are important issues on their own. I am far more worried about what this means for privacy in general, and the extent to which the fourth estate will go in violating privacy freedoms to advance their own cause.

      Where's the outrage, people? Let's just flip this picture around for a minute; what if someone (Wikileaks, maybe) ran a story saying that the US or Russian or Chinese govt had compromised TOR in the same way
  • Wikileaks funds? (Score:2, Interesting)

    by Anonymous Coward

    If you want to see how even Wikileaks volunteers don't know how funds are used in their organization read the following link at Cryptome

    http://cryptome.org/0001/wikileaks-funds.htm

    Cryptome has also published a lot of Wikileaks founder's personal emails in which, like many of us at different points in time in our lives, he speaks of how broke he is. After founding Wikileaks, he told an Australian newspaper Sydney Morning Herald that he did not use a single cent from Wikileaks for funding his personal expen

  • Tor has leaked much (Score:3, Informative)

    by AHuxley (892839) on Tuesday June 01, 2010 @08:54PM (#32426744) Homepage Journal
    http://www.wired.com/threatlevel/2007/11/swedish-researc/ [wired.com]
    As people might recall log-in and password information for 1,000 e-mail accounts belonging to foreign embassies where seen in plain text too.
    Tor was always one huge honey pot built on the US telco network with all exit nodes collectable to the NSA.
    Others are just building their own small data collection services on top.
    Another man in the middle data retention story :)
    • Tor was always one huge honey pot built on the US telco network with all exit nodes collectable to the NSA.

      Perhaps the NSA has the power to surveille exit nodes in foreign countries but even if so describing Tor as a honey pot is misleading. As others have pointed out, anyone with rudimentary knowledge of how Tor works can easily figure out that you either just use it for surfing the web with Javascript and Java disabled and without giving away any personal information or you have to use an encrypted connection. The Tor docs made that clear from the beginning. However, securing a web browser not to leak informat

      • by AHuxley (892839)
        exit nodes in foreign countries - loop in via US telco peering.
        The US telco network is part Asia and the EU by default.
        Add in US bases and most of them would have friendly telco taps.
        So yes, the NSA is really many areas Bell's and private telcos.
        They grew up in the digital age, step by step and with each upgrade.
        TOR use would just be one more dictionary list. Getting the IP"s would have been fun, but once understood, a stable ongoing effort.
  • Exit Nodes (Score:4, Informative)

    by carp3_noct3m (1185697) <slashdot@noSPam.warriors-shade.net> on Tuesday June 01, 2010 @09:06PM (#32426842)

    Anybody involved with TOR knows that EXIT nodes are a big potential risk, and not only have there been rumors of official government sponsored (and therefore tapped) exit nodes, but even /. had a story about it a long ass time ago. Recently the TOR guys have been trying to curtail this via a few different methods, but it is nothing new. Regardless, exit node sniffing is a novel way to get information, (for example, allow only .gov or .edu traffic)

  • The author mentions the disk access for deduped primary storage (he points out (rightfully so) that deduped primary storage will perform slower than non-deduped primary storage), but he failed to mention what I think is an important point when discussing deduplication and network performance/bottlenecks.

    If you dedupe your backups (the author mentions, for example, a VTL solution), you then gain the ability to replicate only the unique data to your DR site. In terms of saving bandwidth, this can be an absol

  • by fishexe (168879) on Tuesday June 01, 2010 @09:56PM (#32427228) Homepage
    ...for getting around the Great Firewall to d/l porn and access facebook, not for doing anything that needs to be secure.
    • by Terrasque (796014)

      I use Tor to browse porn, too :)

      I bet there's one in the CIA that starts every morning like this :
      "One more day of checking Tor image captures for hidden data. *picks up extra large hand lotion bottle* God I love this job!"

  • In the not so distant past, things like Algebra and Geometry were considered "premium" learning. Now, anyone who has been through high school has been exposed to those concepts and, even if they can't use that math, they have been exposed to it. The internet has become such a pervasive part of our culture that an understanding of how it works and even ethics classes on how to use it should be taught at an early age.

    That doesn't preclude idiot bureaucrats without that education from thinking that sending i

  • Tor lets you collect your porn anonymously, but at a heavy bandwidth price. The three letter agencies are (we guess) providing Tor nodes with lots of bandwidth so as to be able to sniff the exit traffic.

    Result? The NSA is subsidising your anonymous porn collection!

    You don't have to care about encryption so long as you don't mind if the NSA has sniffed your porn before you do.

  • ... it's a Wired article which doesn't suck.

    Maybe Wired journalists are okay at writing about journalism?

    I'm not sure if I should continue ignoring this publication. It's confusing.

    Update: "...The point is that users who want to be safe need to be encrypting their traffic, whether they're using Tor or not." This flat denial of the assertion that Wikileaks was bootstrapped with documents sniffed from the Tor network is repeated unambiguously in correspondence from Wikileaks volunteers."

    Okay, I have my a

  • Another post that says "nothing happened, and rumors that say it happened are false". What idiot poured redbull in kdawson today ?

Dead? No excuse for laying off work.

Working...