Does WikiLeaks need its 'defenders'? Or does it have its own cyber insurance?

As cyber war rages against WikiLeaks' enemies, WikiLeaks itself may already have concocted an explosive contingency plan

Vengeful denial-of-service attacks on PayPal, MasterCard, and Visa in support WikiLeaks amount to an unprecedented cyber war. The "anonymous" vigilantes no doubt see themselves as valiant defenders of WikiLeaks and its freedom to let loose whatever it wants to disclose.

But does WikiLeaks really need help? As has been previously reported, WikiLeaks has taken out an insurance policy in the form of a 1.4GB AES-encrypted file that was originally released on various BitTorrent sites and is still available. Nobody knows what that file may contain except the creators.

This is pure speculation, but if I was planning this out, that big encrypted archive would contain several smaller encrypted archives. Each would have a different key, with inflammatory file names like "Proof of 9/11 coverup" or "Missing White House Emails, 2000-2007." There'd be little sense in making this insurance file a one-shot deal.

Then there's the method of key distribution. I imagine there are several servers socked away all over the globe, probably running services that have nothing to do with WikiLeaks, and each holding one or more decryption keys. The systems would be connected to one another via a series of heartbeats, and one or more of those servers would be able to cause the release of one or more keys -- triggered either by a direct signal, such as an email containing a passphrase, a Twitter post, or the absence of such a signal over a period of time.

I'd wager it's the latter. I wouldn't be surprised if WikiLeaks has created a dead man switch.

Perhaps Assange or another member of the group suppresses the release of these keys by sending an email or visiting a specific URL every 24 hours. As long as those signals are received, nothing happens. But if one is missed, the first decryption key would automatically be posted to Twitter and submitted to Reddit or any number of other public venues. Once that key sees daylight, it'll be all over the Internet in a matter of seconds, and the contents of the main file will be known forever.

If there were other encrypted files in that bundle, they'd each need their own key, which could be released in the same way, but would have to come from different servers and at least to different Twitter accounts or different sites altogether. You can be certain that once the first key hit the Net, there would be a deluge of guys in suits and dark sunglasses demanding the IP information from every site that got the direct information. Once a single key is out, the system that sent it can no longer be relied upon. To counter that, the system would erase all traces of its involvement in the key release and probably run a continuous DOD disk erase on the drive that contained the code and keys.

That's where the heartbeats come in. As the primary system releases a key, it stops sending and responding to the heartbeats, which triggers timers in the other systems, and they begin releasing their keys every 24, 48, or 72 hours. It would be like a series of political time bombs located all over the Earth, with no way to find them.

Naturally, there would also have to be an immediate release -- a kill switch -- and a self-destruct method baked into the code. This would cause all the participating systems to dump their keys, reset the timers, or self-destruct immediately.

But the trigger doesn't even need to be a manual step. There could be code out there parsing Twitter feeds, Google News feeds, the New York Times, and the Huffington Post looking for specific keywords and balancing that against the news saturation of a story containing those keywords. Once a threshold is eclipsed, the key release process begins.

There very well could be a few lines of Perl out there looking for "Julian Assange," "arrested," "state department," "trial," "bail," and so forth that has already started the process as you read these words -- all very fascinating from a computer science angle, but terrifying from the point of view of the U.S. State Department.

From WikiLeaks' point of view, it would simply be insurance.

This article, "Does WikiLeaks need its 'defenders'? Or does it have its own cyber insurance?," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies