WikiLeaks Insurance File
Now this is an interesting development:
In the wake of strong U.S. government statements condemning WikiLeaks’ recent publishing of 77,000 Afghan War documents, the secret-spilling site has posted a mysterious encrypted file labeled “insurance.”
The huge file, posted on the Afghan War page at the WikiLeaks site, is 1.4 GB and is encrypted with AES256. The file’s size dwarfs the size of all the other files on the page combined. The file has also been posted on a torrent download site.
It’s either 1.4 Gig of embarrassing secret documents, or 1.4 Gig of random data bluffing. There’s no way to know.
If WikiLeaks wanted to prove that their “insurance” was the real thing, they should have done this:
- Encrypt each document with a separate AES key.
- Ask someone to publicly tell them to choose a random document.
- Publish the decryption key for that document only.
That would be convincing.
In any case, some of the details might be wrong. The file might not be encrypted with AES256. It might be Blowfish. It might be OpenSSL. It might be something else. Some more info here.
EDITED TO ADD (8/9): Weird Iranian paranoia:
An Iranian IT expert warned here on Wednesday that a mysterious download file posted by the WikiLeaks website, labeled as ‘Insurance’, is likely a spy software used for identifying the information centers of the United States’ foes.
“The mysterious file of the WikiLeaks might be a trap for intelligence gathering,” Hossein Mohammadi told FNA on Wednesday.
The expert added that the file will attract US opponents and Washington experts can identify their enemy centers by monitoring individuals’ or organizations’ tendency and enthusiasm for the file.
Sean Stapleton • August 4, 2010 8:13 AM
Not a bad strategy if you plan to release the content anyway, and simply want to ensure a nice, safe, broad distribution before the contents are revealed.