Forgot your password?
typodupeerror
Privacy The Media

Wikileaks Releases A Massive "Insurance" File That No One Can Open 394

Posted by samzenpus
from the just-in-case dept.
An anonymous reader writes "Anti-secrecy organization WikiLeaks just released a treasure trove of files, that at least for now, you can't read. The group, which has been assisting ex-NSA contractor Edward Snowden after he leaked top-secret documents to the media, posted links for about 400 gigabytes of files on their Facebook page Saturday, and asked their fans to download and mirror them elsewhere."
This discussion has been archived. No new comments can be posted.

Wikileaks Releases A Massive "Insurance" File That No One Can Open

Comments Filter:
  • 349GB? (Score:5, Informative)

    by Anonymous Coward on Sunday August 18, 2013 @03:08PM (#44601559)

    WikiLeaks insurance 20130815
    A: 3.6Gb http://wlstorage.net/torrent/wlinsurance-20130815-A.aes256.torrent [wlstorage.net]
    B: 49Gb http://wlstorage.net/torrent/wlinsurance-20130815-B.aes256.torrent [wlstorage.net]
    C: 349GB http://wlstorage.net/torrent/wlinsurance-20130815-C.aes256.torrent [wlstorage.net]

    ~ $ df -h
    Filesystem Size Used Avail Use% Mounted on
    /dev/sda1 292G 53G 225G 19% /

    Hm... :|

  • NSA has cribs? (Score:4, Interesting)

    by reve_etrange (2377702) on Sunday August 18, 2013 @03:11PM (#44601585)

    If the NSA suspects that certain of their internal documents occur in the insurance files, can't they use these as cribs to break the encryption?

    How does one determine the viability of cribs for data of a certain size? E.g. if one is cracking 400GB of data encrypted with a 4096 bit RSA key, how helpful is a 4GB crib?

    • There's no reason to use an asymmetric algorithm.

    • Re:NSA has cribs? (Score:4, Insightful)

      by aevan (903814) on Sunday August 18, 2013 @03:19PM (#44601639)
      Right, but to what end? Leak it themselves?

      I might have missed the point, but as I see it, the blackmail part of this is 'leaking to the world'. If the NSA verifies that the files they suspect stolen are in this, then sure they could try to go after wikileaks people - but with the archive widely disseminated, they'd have forfeited the game as the mirrors releases it in its entirety. The encryption just seems more to prevent premature release, as opposed to pretending the NSA has no idea what they have.

      This just feels like it's moving into 'end game'.
      • Re: (Score:3, Insightful)

        by kylemonger (686302)
        Snowden's asylum in Russia in conditioned on him not spilling more U.S. secrets. Until that condition changes or Snowden finds refuge elsewhere, then I suspect Wikileaks will hang onto those keys. If Snowden disappears into a hole, then the insurance files scattered around the globe ensure that the secrets can be released not matter what else happens to him.
        • by sshir (623215)
          Wouldn't it incentivize Russians to disappear Snowden just to get to those juicy NSA files?
        • by hedwards (940851)

          That information is presumably already spoiled and the Russians don't really care about him causing any more trouble. The only reason for that particular requirement is so they can pretend to be sympathetic. Truth be told, I'm pretty sure that the Kremlin is tickled pink about all the information that's been released as it makes them look better by comparison.
          I'm also positive that they're very much aware of how much danger Snowden is in from assassination attempts. The only way the insurance file is going

      • by JavaBear (9872)

        If the file contains anything of interest, it might even be in wikileaks interest to let the NSA know what is in it.

        • by Atzanteol (99067)

          I'd be willing to bet that those who are interested in these files have been notified.

    • Re:NSA has cribs? (Score:5, Informative)

      by phantomcircuit (938963) on Sunday August 18, 2013 @03:23PM (#44601651) Homepage
      I would assume the files are encrypted with a symmetric cipher like AES. Known plaintext attacks are not very effective against symmetric ciphers. Indeed they're designed to be resilient to chosen plaintext attacks.
      • Re:NSA has cribs? (Score:5, Informative)

        by Fnord666 (889225) on Sunday August 18, 2013 @03:36PM (#44601733) Journal
        That's a pretty good assumption since all of the files end in .aes256.torrent.
    • Re:NSA has cribs? (Score:5, Insightful)

      by 93 Escort Wagon (326346) on Sunday August 18, 2013 @03:45PM (#44601795)

      If the NSA suspects that certain of their internal documents occur in the insurance files, can't they use these as cribs to break the encryption?

      These files were almost certainly from the NSA in the first place - they already have the unencrypted versions.

      I imagine they also have a pretty good idea which specific files Snowden had access to.

    • Re:NSA has cribs? (Score:5, Insightful)

      by JavaBear (9872) on Sunday August 18, 2013 @03:50PM (#44601829)

      Whether NSA breaks it or not is actually irrelevant, wikileaks could even send the key to them without trouble.
      The question is, do they (NSA) dare risk that the rest of us get access to it.

      • NSA might want leaks from other governments contained in the insurance files, and they might want proof that of possession of certain files for criminal prosecution efforts.

        I agree it might actually make sense to send the keys to the targets of the various insurance files, so they know you mean business.

    • Re:NSA has cribs? (Score:5, Insightful)

      by Eivind (15695) <eivindorama@gmail.com> on Sunday August 18, 2013 @04:20PM (#44602021) Homepage

      Known-plaintext is helpful in cracking certain weak ciphers. One of the criteria for a cipher being strong, is that it *not* be vulnerable to a known-plaintext attack. As far as we know, aes-256 is strong.

      Furthermore, cracking the files won't help the NSA. The info in them is likely already well-known to the NSA. It's however unknown to the public. Thus the NSA isn't as much concerned with cracking the encryption, as it is with -avoiding- that anyone else cracks it. (or learns of the key)

    • by fatphil (181876)
      But one *isn't* cracking 400GB of data with a 4096-bit RSA key.

      Are you talking about a known plaintext attack? Rijndael was accepted as AES because it's immune to such attacks. Of course, protocols using AES can have weaknesses, such as to padding oracle attacks, but that's not really a known plaintext attack, and we don't even know they're using CBC, for example.
    • by BitZtream (692029)

      No. Proper encryption, say AES in some chaining/feedback mode means you've got pretty much 0 chance of using known data to shortcut the decryption process.

      EVERY single bit affects the next. Encrypt the exact same document twice, different output both times due to the salt/IV. Use the same salt, encrypt any file before the document using a chaining/feedback mode, and the document will be different than if it was done alone or with any other document. You do randomized padded at the end of the data to blo

  • Clearly... (Score:4, Funny)

    by luckymutt (996573) on Sunday August 18, 2013 @03:17PM (#44601609)
    Wikileaks is now just a government pawn, setting up to record the ip addresses of anyone downloading this honeypot.
    • by Anonymous Coward on Sunday August 18, 2013 @03:25PM (#44601663)

      Yep, I'll be downloading it with my annoying co-worker's computer after he goes home for the night. Come to think of it, I'll do it again from my boss' machine.

    • Wikileaks is now just a government pawn, setting up to record the ip addresses of anyone downloading this honeypot.

      Better load up on the tin foil. Just cover your router in it and you'll be safe.

      • by aliquis (678370)

        I always untwist my TP cables and shrink new plastic around each strand to make sure no funny business is going on.

      • by luckymutt (996573)
        OK, I posted a bit in jest, but do you think the NSA is not jumping on this as well? with the intent to see who is getting it? Not that they're going to "go after" anyone downloading it, but I image they would at least cross reference against their databases. Whatever.
        I suppose I should have said "inadvertent gov pawn."
  • Napoleon declared to his troops that a field marshal’s baton was tucked into every soldier’s knapsack, a powerful signal to people conditioned to accept personal limits on their careers as dictated by the class system. So, is this the modern equivalent with a thousand fingers resting upon the decode button in an attempt to deflect the wrath of the NSA onto others?
    • by oodaloop (1229816) on Sunday August 18, 2013 @03:32PM (#44601695)
      I never heard that before, so I googled "field marshall baton napoleon" and found your first sentence, word for word, on the second link [leadership...nsider.com]. Quote your sources dude. Don't take credit for someone else's words.
      • Are you sure he isn't the original author?
        • by oodaloop (1229816)
          Are you sure I'm not?
          • Yes. Yes I am. In fact I am 100% certain. You see, the original author would have complained that he or she wrote it, rather than offering a detailed accounting of how they found it on some website using their "Google-Fu". I really wish Slashdot would get a filtering mechanism that allowed the setting of a SlashID threshold. I've noticed lately that most of the ridiculously brainless posts seem to come from those above about 600,000.
      • I never heard that before, so I googled "field marshall baton napoleon" and found your first sentence, word for word, on the second link. Quote your sources dude. Don't take credit for someone else's words.

        No slashdot tenure for auric_dude! Whatever will he do?

  • by sandbagger (654585) on Sunday August 18, 2013 @03:30PM (#44601685)

    This is fundamentally a political act. The trouble is, there's no scaling back. Unless something happened behind the scenes that is not generally know, this'll be perceived as an escalation.

    Gotta wonder why now, that idiot at Time Magazine aside.

    The thing is, Western democracies have to get used to the Memory Hole, Cryptome, Wikileakeaks and the rest. You can play whack a mole with them or deal with the fact that people from now on will treat digital information in a way that nation states may not wish they would. This'll have positive and negative consequences but it needs to treated as fact.

  • They probably need to divide that gargantuan thing, 400GB, down into smaller, more manageable, chunks before encrypting it. Then they might get more people cooperating with them. How many people can download and store 400GB in one chunk?

    Also, the bigger the chunk, the more easily corrupted, and the corruption takes out the possibility of decrypting the whole thing?

    • by Pieroxy (222434) on Sunday August 18, 2013 @04:54PM (#44602241) Homepage

      They probably need to divide that gargantuan thing, 400GB, down into smaller, more manageable, chunks before encrypting it. Then they might get more people cooperating with them. How many people can download and store 400GB in one chunk?

      As it turns out, plenty of people. I got 20Mbps down and terabytes of free space. It just takes about 55 hours to get all in and plenty of storage. And I have a pretty slow connection by today's standards. Most of my friends have 100Mbps down, meaning the file will be in in about 5.5 hours. It's really affordable by most in Europe.

    • by Anonymous Coward on Sunday August 18, 2013 @05:05PM (#44602321)

      They probably need to divide that gargantuan thing, 400GB, down into smaller, more manageable, chunks before encrypting it. Then they might get more people cooperating with them. How many people can download and store 400GB in one chunk?

      Also, the bigger the chunk, the more easily corrupted, and the corruption takes out the possibility of decrypting the whole thing?

      If only there was some kind of error-correcting software that divided files into chunks for transfer; a way to download torrents of bits, if you will.

  • Mainly because it's labeled "skynet.exe".

  • by Anonymous Coward on Sunday August 18, 2013 @05:37PM (#44602601)

    Shortly after Snowden escaped the U.S., one of the NSA's agents specifically stated that he got out with detailed architectural designs of their entire operation. This might be the payload he was talking about. That agent stated that the U.S. should handle Snowden with kid gloves and offer to forgive and forget in exchange for destroying that data. However, congress did not listen and instead had a knee jerk reaction by going on a witch hunt for him instead.

  • by Khashishi (775369) on Sunday August 18, 2013 @06:08PM (#44602843) Journal

    I seriously doubt that any government would be swayed from taking action against Wikileaks due to the existence of an insurance file. Even if it has damning information, and the government knows it has damning information, the government is too big and proud to care. The only way the insurance file could affect decisions is if it revealed misconduct by specific high-ranking politicians, and these politicians know that their personal ass is on the line. It's human nature. In this case, Wikileaks should drop some hints such that these politicians know that Wikileaks knows, but without spilling too many details.

  • by Rick Zeman (15628) on Sunday August 18, 2013 @06:14PM (#44602899)

    ...but one downside (to Snowden/Wikileaks) of them giving interested government parties the key is then they will know exactly what can be used against them, and can then mitigate against the damage. Right now, the government is just being caught in a snare of lies; each subsequent release of information exposes the prior release's damage control efforts.

  • by redelm (54142) on Monday August 19, 2013 @12:41AM (#44604869) Homepage

    Nice to get 400 GB of encrypts. It makes the keys easier to drop. But to work as "insurance", Mr Snowden either must trust other individuals with the keys. Or machines. Somebody/thing must act when he may not be able.

    Under certain circumstances (nologin for a week, too many hits on "Snowden arrested|dead") then the individuals or machines spam out the keys. Potentially in waves if the big block has sub-blocks with different encryption keys.

  • by sal_park (609818) on Monday August 19, 2013 @06:33AM (#44605823)
    so if I down loaded this in the uk, I could be sent to prison for not giving the authorities the password that I don't have... http://en.m.wikipedia.org/wiki/Key_disclosure_lawt [wikipedia.org]

Any sufficiently advanced bug is indistinguishable from a feature. -- Rich Kulawiec

Working...