The Latest On The Mysterious insurance.aes256 File

"Cry 'Havoc!' and let slip the dogs of war," proclaimed William Shakespeare's Julius Caesar. With what appears to be a small-scale cyberwar between supporters and opponents of WikiLeaks, not to mention the increasingly looming threat of the mysterious "insurance.aes256" file, this news story is rapidly becoming the stuff of legend.

First came the wave of distributed denial-of-server (DDOS) assaults on the main WikiLeaks site, apparently emerging from one man, a self-described "hacktivist" and "ex-soldier" hacker, "TH3J35T3R" (The Jester), who made a name for himself in 2009 by attacking Islamist websites and who considers Julian Assange and company as supporters of terrorism. Then came the withdrawals of support, in particular by the hosting services of Amazon and EveryDNS and the online money services PayPal and PostFinance.

But WikiLeaks hasn't been on its own, and an equally massive counterattack is in the offing. There has arisen over Twitter a groundswell of online support in both very peaceful and very destructive ways. On the one hand, there have been the #imwikileaks and #imassange trends, the Twitter equivalent of a sit-in, but the likes of which have not been seen since the postelection troubles in Iran during the summer of 2009 (there is speculation that Twitter is censoring all WikiLeaks-related trends, which the company denies. This is to say nothing of the virus-like duplication of the WikiLeaks site itself, with as many as 507 mirror sites.

On the other hand, though, Operation Payback, a hacktivist wing of the secretive Anonymous meme-movement, began launching its own wave of DDOS assaults against PayPal and PostFinance. Rumors have it that the Jester has also been "taken out," electronically speaking, as his Twitter has fallen silent. And then early this week there emerged the threat from Assange himself that he would reveal the password for insurance.aes256 -- the contents of which his lawyers says would be the informational equivalent of a "thermo-nuclear device."

I've previously blogged about what may or may not be in this file. Although I initially hypothesized that it could actually be a bluff, the more I think about it, the less likely it seems to be that the file contains nothing. Besides myself, the Jester himself has taken a whack at the file, even releasing his own sarcastic version of it, "gap-insurance.aes256." Yet, so far he's been quiet about what he specifically believes is in there.

Meanwhile, "The Sunday Times"' experts believe that it contains the entirety of WikiLeaks' archive, including unpublished papers on Guantanamo Bay, British Petroleum, and the Bank of America. Yet, the likely scale of this in terms of final decrypted and unpacked file size seems unlikely when we consider the 1.4GB size of the current file -- unless, of course, there's been some pretty serious compression done to it, which is possible.

For now, though, I feel that the more likely assessment comes from "The Guardian," which believes the file contains "more than 200,000" unredacted diplomatic cables that can be accessed only by using a 256-digit code. This matches some of my own suspicions.

Finally, the other likely possibility is simply that it might be an unredacted version of the "megaleaks" that have already been released. If so, that would be the height of recklessness and irresponsibility on their part -- but considering some of their recent revelations about U.S. security strategy, which seem more about crying "Havoc!" than about transparency, I wouldn't put that past them at the moment.

UPDATE: I attributed to The Jester a DDoS attack rather than a DoS attack. This was due to the fact that it seemed very much as though he had multiple servers at his disposal. Actually, he was using something called XerXes.

-- Christopher Schwartz