The latest trawl -- 167 of more than 5.5 million corporate e-mails -- was obtained after the hacktivist collective Anonymous hacked into Stratfor servers in December 2011.
It's no surprise that WikiLeaks is partnering with Anonymous. After companies, including Amazon and PayPal, withdrew their support for WikiLeaks after the release of U.S. State Department cables in December 2010, Anonymous launched distributed denial of service attacks (DDoS) against PayPal and a Swiss bank. Anonymous activists have been strong supporters of the Free Bradley Manning campaign. Manning is the U.S. Army private who is alleged to have leaked the cables to WikiLeaks.
For Anonymous -- a loose and decentralized collection of activists sometimes united but often divided into various factions -- it makes sense to partner with WikiLeaks. One activist told Wired that:
"WikiLeaks has great means to publish and disclose,” the anon told Wired. "Also, they work together with media in a way we don’t."
"Basically, WL is the ideal partner for such stuff," the anon continued. "Antisec acquires the shit, WL gets it released in a proper manner." Antisec is the arm of Anonymous that is known for hacking into servers.
While WikiLeaks has always maintained it doesn't hack, it has published information that has been obtained by hacking, such as the Climategate e-mails. But as Andy Greenberg points out at Forbes, "Since hitting the spotlight in 2010, WikiLeaks’ Julian Assange has played down the group’s associations with hackers and focused more on its role as a media organization and a conduit for whistleblowers."
WikiLeaks has undoubtedly received much support because of its choice of targets (the U.S. government, for example), but its high-tech submission system has also been lauded as a model for future whistle-blowing. However, that submissions system -- which meant that whistleblowers could anonymously and securely leak information -- has been dormant since 2010. Potential users just get a site-under-maintenance message and a link to an Internet relay chat channel. If, say, you were a whistle-blowing bureaucrat in Country X visiting the WikiLeaks website, it isn't immediately apparent how you would leak information.
Not only is WikiLeaks facing financial challenges, but security challenges. In December 2011, the "FT" reported that while WikiLeaks had been hoping to "re-engineer from scratch" its submission system, it had to delay the release because of "the deteriorating state of internet security which directly impacts the ability of sources to communicate with journalists and human rights activists securely."
With its submissions system on ice, WikiLeaks will no doubt rely more on the likes of Anonymous for its leaks. While many Anonymous activists are relatively low-skilled and just foot soldiers in DDoS operations, there are certainly hackers capable of sophisticated exploits. That could potentially bring WikiLeaks plenty of swag and also mean the organization doesn't have to maintain a secure dropbox on its site. It could also bring them a few PR headaches. Greenberg writes that, "A public association with a hacker group like Anonymous may hurt WikiLeaks’ moral credibility just when the group needs it most."
Would people feel the same about WikiLeaks -- in a post-Murdoch hacking scandal world -- if it just relied on hacked information obtained by shadowy and unaccountable groups like Anonymous? Assange, a former hacker himself, is certainly not troubled by the ethics of relying on hacked information, but other supporters might be. There was much public outrage over the "News Of The World's" alleged reliance on hacking, private investigators, and paying for sources, but as Assange revealed in this interview, he had no moral qualms.
The partnership with Anonymous could also put WikiLeaks under more legal scrutiny. A functioning submissions system could have been a handy legal loophole for WikiLeaks: one of the original concepts of the organization was that their technology enabled their sources to remain anonymous, even to WikiLeaks. But as a Canadian hacker, Oxblood Ruffin, commented on Twitter: "There's no plausible deniability if there was a hand-off, no?" referring to the exchange of information between WikiLeaks and Anonymous.
The other question is one of verification and trust. Anonymous is known for and has its origins in pranking. An e-mail circulating earlier on various forums used by Anonymous claimed that the Stratfor CEO, George Friedman, had resigned. But in interviews to wire agencies on February 27, Stratfor said that the e-mail was a fake and that Friedman remained the company's CEO.
Stratfor has said in a company statement that some of the published e-mails "may be forged or altered to include inaccuracies; some may be authentic." For WikiLeaks, the problem with working with Anonymous is that the decentralized structure means that technically anyone can do anything in Anonymous's name. There are plenty of serious hacktivist types who would identify as Anons; but there are also plenty of troublemakers and pranksters. For WikiLeaks -- keen to present itself as a serious media organization working in the public interest -- Anonymous might just be too lulzy to handle.
What is clear is that WikiLeaks is in desperate need of funding. Partnering with Anonymous on a release of pretty underwhelming information is a good way to get WikiLeaks back into the news cycle and raise funds.
Visit the WikiLeaks site and it's almost impossible to find out how you can leak information, but you can instantly see how to donate.
Marie Colvin, an American working for Britain's "Sunday Times," and French photographer Remi Ochlik
Marie Colvin's Death Raises Concerns About Use Of Satellite Phones
The Electronic Frontier Foundation has highlighted the possible risks for journalists using satellite phones after speculation that their signals might have allowed the Syrian army to target journalists Marie Colvin and Remi Ochlik, who were killed this week in Homs.
EFF shows the inherent dangers of using satellite phones:
There are a few different ways by which satellite phones can be tracked. The first—and easiest for a government actor—would be to simply ask or pressure a company to hand over user data. This is not beyond the realm of possibility (readers might recall an incident in which Yahoo handed over information about a Chinese dissident to his government, resulting in a ten year prison term), but is just one of several methods.
Satellite phones can also be tracked by technical means and there is ample technology already on the market for doing so. For example, this portable Thuraya monitoring system by Polish company TS2, which also counts several US government agencies as clients; these systems for monitoring Thuraya and Iridium phones, created by Singaporean company Toplink Pacific; or this satellite phone tracking technology from UK based Delma MMS.
Authorities can find the position of a satellite phone using manual triangulation, but in order to track a phone in this manner, the individual would need to be relatively close by. Nowadays, however, most satellite phones utilize GPS, making them even easier to track using products widely available on the market such as those mentioned above. Some of these products allow not only for GPS tracking, but also for interception of voice and text communications and other information.
Jacob Applebaum, a computer security researcher and hacker, also told the EFF via e-mail that "Satellite phone systems and satellite networks are unsafe to use if location privacy or privacy for the content of communications is desired. "
Writing at SaferMobile, an anonymous contributor from the telecommunications industry agrees that they are as vulnerable -- if not more sometimes -- as mobile phones:
Satellite communications, on the other hand, are somehow perceived to be more secure – there are satellites involved, complicated, expensive equipment, and there are not that many sat phones in operation globally.
The reality is that satellite telephone systems are as vulnerable and in some cases more vulnerable to attack than mobile phone systems.
Even though satellite phones use encryption, as SaferMobile points out this has been successfully cracked recently by researchers in Germany.
It's a tricky one for journalists and aid workers. As correspondents in the field know only too well, the satphone is a lifeline in far-flung locations -- more so when the authorities might have blocked all other channels of communications.
One possible solution might be better encryption, so journalists' could remain better hidden. The problem with better encryption is that it can lull people into a false sense of security and can always be broken. Another option might be less encryption, not more. Journalists could broadcast their location to the world, for example, by using a very public real-time map for all to see -- that layer of transparency might prevent armies from targeting journalists with impunity.
In a discussion on the liberationtech list, Stefan Geens, who writes about digital technology, explored this possibility:
So perhaps one (counterintuitive) place for legal innovation might be to make journalists' communications more visible and distinct, akin to hospitals. Uplink signals from journalist satphones could carry a specific signature that interceptors cannot fail to notice. Reports could be transmitted unencrypted -- so that they are verifiably civilian in nature. By transmitting GPS coordinates in the open, they would tell anyone who is listening where civilian journalists are at work, and where an attack would be illegitimate.
It's a very interesting idea. The broader problem, though, is that in places like Syria the government more than likely just doesn't care. If they aren't targeting journalists directly, they certainly have no interest in ensuring their safety.
For now, the reality is that satellite phones carry a risk. SaferMobile advises people to try not to use them in insecure environments and if they must to keep conversations short.
Despite the risks, though, tenacious journalists like Colvin and Ochlik who are already putting themselves in mortal danger, or humanitarian workers desperately trying to save lives in crisis zones, would still probably choose to make the call.
