Thursday, December 9, 2010

 

 

Assange's 'poison pill' file impossible to stop, expert says



(CNN) -- The Poison Pill. The Doomsday Files. Or simply, The Insurance.
Whatever you call the file Julian Assange has threatened to release if he's imprisoned or dies or WikiLeaks is destroyed, it's impossible to stop.
"It's all tech talk to say, 'I have in my hand a button and if I press it or I order my friends to press it, it will go off,'" said Hemu Nigam, who has worked in computer security for more than two decades, in the government and private sector.
"Julian is saying, 'I've calibrated this so that no matter how many ways you try, you're never going to be able to deactivate it,'" Nigam said. "He's sending a call to action to hackers to try it. To the government, he's also saying, 'Try me.'"
There's a reason Assange specifically announced -- on the Web -- that there is a 256-bit key encryption code that only a few trusted associates know that will unleash the contents of the 1.4 gigabyte-size file.
"He's saying don't even bother trying. It will take you so long to succeed that by that time, it will be too late," Nigam said. "Most of the time, you see a 56-[bit]key encryption. That's considered secure. When you are using 256, you are sending a message: 'I'm smart enough to know that you will try to get in.'"





It's not the first time Assange, the face and founder of WikiLeaks, has asked someone to dare him. He and the anonymous, globally scattered WikiLeaks staff have warned since July's release of Afghanistan War documents that they are not to be messed with. Press them, they say, and they will retaliate by releasing more secret information.
But this week, the stakes got higher. Assange was arrested Tuesday in Great Britain in relation to a sex crimes investigation in Sweden. A British judge denied bail, and Assange is expected to remain in a jail in England for at least a week, officials said.
Assange's lawyer, Mark Stephens, called evidence against his client "very thin" and he will fight extradition to Sweden. Assange has called the rape allegations a "smear campaign."
Often described as suspicious and even paranoid, Assange reportedly refused on Tuesday to be photographed or fingerprinted or have a swab of his DNA taken, all standard procedures for British arrests.
Who is Julian Assange?
Julian is saying 'I've calibrated this so that no matter how many ways you try, you're never going to be able to deactivate it.'
--Hemu Nigam, cyber security expert on Poison Pill file
Is the arrest politically motivated, a witch hunt for the man responsible for stoking the ire of the U.S. government by sharing with the world its confidential and sensitive war-time intelligence? The Pentagon has denied that.
Nevertheless, the public is eating up this modern-day spy novel in which the main character's deadliest weapon is a computer.
"We will release more cables" -- WikiLeaks tweet
Assange has repeatedly said that stopping him would not stop WikiLeaks.
Tuesday night, the organization fulfilled a tweet earlier in the day: "Today's actions against our editor-in-chief Julian Assange won't affect our operations: we will release more cables tonight as normal"
More cables -- at least 75 -- were indeed released Tuesday, several having to do with Libya.
Demonstrating the democracy of the internet, supporters with $35 for a domain name and a basic knowledge of HTML are giving WikiLeaks an assist.
Hundreds of Web sites have popped up which appear to have copied WikiLeaks' data for display on "mirror sites." Some sites are offering a how-to guide on mirroring.
While that's happening, an anonymous group of hackers apparently hacked PayPal, one of the service providers that cut off service to WikiLeaks. Smaller tokens of support could be found on Time magazine's site. As of Thursday afternoon, Assange was leading against more than 25 other candidates to be the magazine's Person of the Year with more than 320,000 votes cast online.
Ben Laurie, a London-based computer security expert who has reportedly advised WikiLeaks in the past, said Assange is nothing if not exacting.
"Julian's a smart guy, and this is an interesting tactic," Laurie told reporters. "He will hope it deters anyone from acting against him."
Years to crack code
It could take an incalculable number of years to figure out the combination of letters, numbers and symbols comprising the 256-bit key code.
It's anyone's guess what's in the file labeled "insurance.aes256."
But few doubt that it's interesting.
That massive file size is big enough to hold the contents of all of the group's leaks since July: 90,000 secret intelligence documents about the Afghanistan War; 400,000 pages of classified intel about the Iraq War, and purportedly more than a quarter million cables authored by U.S. diplomats.
Assange has said in previous interviews that Bank of America leaked him a hard drive, and he's warned that WikiLeaks is planning a major leak about a large bank, according to Forbes.
Assange has also claimed to have files on oil giant BP.
Reports of the "poison pill" file containing any sort of "nuclear bomb of information are completely over exaggerated," Jennifer Robinson, one of Assange¹s lawyers, told CNN.
Assange has hinted that whatever information he has, it's unredacted.
WikiLeaks came under tremendous fire this summer after its release of the Afghan War logs. Human rights organizations and government officials across the world said that the group's failure to remove the names of informants who had helped coalition forces in Afghanistan put those sources in grave jeopardy.
Assange told Time that he was not aware of anyone ever hurt by a WikiLeaks document release. Read the full transcript
If the "poison pill" file is opened and its contents published online, it becomes easier to trace who might be involved, Nigam said. But it will still be hard.
"You could have your IP address visible and accessible to trace," he said.
"But if your goal is to hide your identity, then you will use proxy servers, hide your ID through rerouting so that information bounces from place to place until the person chasing you ends up in a dead zone. You could leave traces behind by accident, but I think we are safe in saying people affiliated with this situation know what they're doing."
Nigam was one of the first prosecutors in the U.S. Justice Department to pursue internet child predators. He's experienced in investigating cases using online techniques, but also in the real world.
"The government would be wise not to focus on the technical, and instead concentrate on finding and talking with people who were around Assange in the last few years, the people who he trusts," Nigam said.
Technology won't turn on a friend, he said, but people will.







o
Share/Bookmark

No comments:

Post a Comment