Ongoing non-secret discussion of information security, a/k/a information secrecy, a/k/a information perfidy (Cryptome was established to publish materials on this topic). Comments welcome: cryptome[at]earthlink.net.
7 August 2010. Mike sends:
Just read your "advice" at the end of http://cryptome.org/0002/wl-diary-mirror.htm. Your prose is sophomoric & unintelligible. What meds are you on?
Cryptome: Mike, surely you are smarter than to just insult, contribute something for publication.
7 August 2010
Is Wikileaks Bluffing NSA to Spill Its AES Backdoor Secrets
At the center of the drama was the posting last week of a massive 1.4 gigabyte mystery file named "Insurance" on the WikiLeaks website. The "Insurance" file is encrypted, nearly impossible to open until WikiLeaks provides the passwords. But experts suggest that if anyone can crack it it would be the National Security Agency. It depends on how much time and effort they want to put into it, said James Bamford, who has written two books on the NSA.
The NSA has the largest collection of supercomputers in the world. And officials have known for some time that WikiLeaks has classified files in its possession. The agency, he speculated, has probably been looking for a vulnerability or gap in the code, or a backdoor into the commercial encryption program protecting the file.
At the more extreme end, the NSA, the Pentagon and other U.S. government agencies including the newly created Cyber Command have probably reviewed options for using a cyber attack against the website, which could disrupt networks, files, electricity, and so on. "This is the kind of thing that they are geared for," said Bamford, "since this is the type of thing a terrorist organization might have a website that has damaging information on it. They would want to break into it, see what's there and then try to destroy it."
The vast nature of the Internet, however, makes it essentially impossible to stop something, or take it down, once it has gone out over multiple servers. In the end, U.S. officials will have to weigh whether a more aggressive response is worth the public outrage it would likely bring. Most experts predict that, despite the uproar, the government will probably do little other than bluster, and the documents will come out anyway.
"Once you start messing with the Internet, taking things down, and going to the maximum extent to hide everything from coming out, it doesn't necessarily serve your purpose," said Bamford. "It makes the story bigger than it would have been had the documents been released in the first place. If, in the end, the goal is to decrease the damage, you have to wonder whether pouring fuel on the fire is a reasonable solution," he said.
Cryptome: Information security (with communications security) protects the most valuable secrets on earth -- defense operational plans, weapons of mass destruction technology, intelligence, and government perfidy, among others. Encryption plays a vital role along with subterfuge about capabilities for offense and defensive information warfare. Deception and ploys abound. Attacks and counterattacks test for vulnerability, using means more powerful than an expected enemy. Insiders and outsiders are employed to test continuously, the unorthodox and orthodox. The witting and unwitting are drawn into tests by falling for lures set up for that purpose. A target may recognize a lure and pretend to fall for it to assay a defender's capabilities, and that may lead to a counter-subterfuge, and so on. Cryptography and cryptanalyis battle without end. Bribing the other side is a favorite tactic; disparaging prowess to incite a spasm of vainglorious disclosure another.
A common infosec subterfuge is to use every notable occasion to claim a system is invulnerable in order to promote continued use of the system. NSA has run a number of these disinformation campaigns about "unbreakable" encryption, secret (German, Japanese, Soviet, et al) and public -- the most famous public system involved Crypto AG, within whose cryptosystem NSA installed a backdoor to gain access to communications of worldwide users who believed the system was invulnerable.
Doubts about the invulnerability of AES have persisted since NSA selected an algorithm from an AES competition that was considered by cryptographers not to be the strongest. And that it is likely for strongest protection NSA uses a top secret cryptosystem while promoting AES for public and official use. It is argued that NSA, like all official comsec agencies, would never endorse a system it could not secretly access. And these agencies never reveal that capability -- NSA's backdoor access to Crypto AG was revealed by an employee of the company.
Bet that NSA has cracked the insurance file and is keeping quiet. NSA may have replaced the file with its own when it first appeared -- Wikileaks long on instant crypto radar -- the hash forged, covertly marked for tracking. Bluff becomes bait for entrapment, SOP.
Could Wikileaks have intended to entrap NSA and allies with a crackable file, covertly marked for tracking? Some of Wikileaks infosec-comsec advisors do top-classified work for the US and other governments. A very handsome sum would be quietly paid for that service. Cyberwarfare secrets are yet to be spilled, never to be revealed in courts. Fierce dirty combat could do that, unless the combatants reach a secret deal to share the benefits of dual use technology while pretending to be at odds, SOP.
6 August 2010. If there is a takedown of Wikileaks, the insurance.aes256 file will be available through Cryptome along with the entire files of the Wikileaks website which have been archived. Consider doing the same by archiving the site. Inquiries to cryptome[at]earthlink.net.
1 August 2010. A3 sends:
Discussion of decrypting the Wikileaks Afghan War Diary insurance.aes256 file:
1 August 2010. A2 writes:
Verification of your link to the torrent of the Insurance File failed: the torrent linked at http://www.torrentdownloads.net/torrent/1651759583/Wikileaks +Insurance actually leads to a file called "Julia Bond - Booty Shaker.mpg" which is more or less hardcore porn.
Cryptome: Spoofing and/or hijacking Torrent files and file names to conceal content, to spam and to plant trojans and viruses is all too common trickery along with that noted below.
31 July 2010. A writes that the Wikileaks "insurance.aes256" file is likely encrypted with OpenSSL. Related URLs:
29 July 2010. Wikileaks has added a very large new file to the Afghan War Diary:
Insurance file: 1.4 GB
The file, "insurance.aes256," is ten times the size of the seven other files
See also (the torrent may be bogus, no file size provided, no verification):
Cryptome: Got the insurance file open by changing the extension to .TXT, then loading in Firefox. No header. The first and only word is "Salted." The file might be junk, or the family jewels.
High-grade crypto hides any header to avoid disclosing the methodology used. A header may be separately encrypted, coded as blank spaces or punctuation, hidden as innocuous fragments, miniaturized and placed under a digitally-transparent character and other admirably sneaky methods. Other markers are embedded to trace, log and reveal to a recipient evidence of tampering and cracking. Decrypted contents will also contain markers to track distribution and use, and may also contain trojans and/or computer destructors unless disarmed. Whether there is embedded lethality triggerable by misuse is unknown but surely in the works. A dirty trick is to wrap an alluring encrypted package with a transparent trojan in the manner of spam. The endless stream of spam, viruses, searches, bots, clouds, data dumps, advertisements and social media chatter cloak that. What may be wrapped around, hidden and ticking within, infecting, the alluring insurance file is likely to be unpleasant.
27 July 2010
The Wikileaks Afghan War Diary files deserve very close study, in this Julian Assange is right. The contaminating news reports, condemnations and blogwash should be surpassed. The WL site is heavily loaded and slow. To ease the load and for a quicker download, Cryptome offers mirrors of the now digitally-hashed compressed file packages downloaded 27 July 2010, about 4:40PM.
Complete dump of the website: http://cryptome.net/afg-war-diary.html.7z 75.4MB
This is a complete dump of the website at http://wardiary.wikileaks.org. Extract this to your local hard disk and open it with your web browser. Please check the project website http://wardiary.wikileaks.org for the most recent version.
All entries, CSV format: http://cryptome.net/afg-war-diary.csv.7z 15MB
All entries, SQL format: http://cryptome.net/afg-war-diary.sql.7z 16MB
All entries, KML format: http://cryptome.net/afg-war-diary.7z 16 MB
All NATO entries, KML format: http://cryptome.net/afg-war-diary-nato.7z 209 kB
Entries by month, KML format: http://cryptome.net/afg-war-diary_by-month.7z 16 MB
Entries with scale filter, KML format: http://cryptome.net/afg-war-diary_scale1dot5.7z 981 kB
A screen shot of the page showing what is offered and the digital hashes of the compressed file packages:
When studying the Wikileaks War Logs, bear in mind that intelligence streams -- hardcopy, digital, electromagnetic -- are salted with spurious entries as markers to authenticate the stream, indentify disruptions and unauthorized plants, direct the product to various collectors with varying levels of classification, and more. The spurious entries will not be distinguishable from the other material, it is their positions in the stream, or omissions from the stream, which will be part of authentication. None of this requires or is protected by encryption, indeed, encryption is customarily used to mislead about other means and methods -- which is why it is so loudly touted.
Some streams are entirely spurious but composed of authentic material, to cloud the process, to entrap, to delude, to fake a vulnerability. These methods are well-known to the techheads of Wikileaks although they may lack required programs and equipment to analyze streams in all their guises. Wikileaks claims to cloud its transmissions for protection, a perfect marker for others. Three versions of the logs were given to the dupes, another to the public. Another for Wikileaks alone, more or less.
The security watchword is: don't ever expect infallible security, that is always snail oil. The intelligence watchword is never trust an intelligence source, they are all unreliable. The classification watchword is never trust the highest classification, that is bullshovel to dupe those who believe only they have access.
The sysadmin watchword is ... lay low, log everything, copy, replace with a fake, tell no one especially another sysadmin who will rat you: l'enfer, c'est les autres.