Just days later, another document appeared on the site, again obtained through Tor. This one was a letter from one prosecutor to another, including a list of thirty Bulgarian names, all the prosecutors and judges in the highest levels of the country’s courts who were also Freemasons. “It is not illegal [to be a Freemason],” BalkanLeaks’ note in Bulgarian posted with the document read. “But does their oath to protect the public interest take precedence over their oath to the ‘brotherhood’? Perhaps the chairman of the Ethics Commission, Tsoni Tsonev, who is a member of the Masonic lodge, has an answer to this question.”
Bulgaria’s contribution to the leaking movement was warming up.
The next leak came shortly after, and it was a whopper: one hundred pages of documents. They represented the full transcript of hours upon hours of wiretaps in a bribery case against Bulgaria’s former minister of defense, a judge, and the former secretary general of the Ministry of Public Finance. They contained frank discussions of how much every level of the judiciary demanded in bribes for various matters, so many hundreds of Bulgarian lev for this crime, so many thousands for this contract. “This is the first publication of the full texts of these recordings, which are a true guide to the methodology of bribery in the judiciary,” BalkanLeaks’ representatives wrote.
The site had its first real scoop. And as dozens of other leaking sites launched over the next months only to produce nothing, the lone Bulgarian trickle of leaks kept flowing. A few months later, the site published a criminal complaint in Greek against a high-level Bulgarian prosecutor, Rossen Dimov. Nine years before his judicial appointment, it turned out, Dimov, his girlfriend, and two Greeks had been charged in Thessaloniki—though not convicted—with smuggling and money laundering.
Then it offered up transcribed, suppressed testimony of a witness saying that he had been pressured by a prosecutor to change his opinion in a Sofia real estate case. Then a list of the partial names and identification numbers of thirty-seven previously unexposed ex-members of the Darzhavna Sigurnost, Bulgaria’s brutal secret police during the country’s Communist era. BalkanLeaks had arrived: a lone beacon of success in the leaking diaspora.
So in the summer of 2011, I pay a visit to Atanas Tchobanov, one of BalkanLeaks’ founders. We meet in front of the roaring Fontaine Saint-Michel in Paris, where he’s lived as an expatriate for the last two decades. Tchobanov appears wearing a T-shirt promoting Bivol, the tiny news site that spawned BalkanLeaks, with its logo of a Bulgarian buffalo and its slogan in Cyrillic: “Horns ahead!” He’s a smallish man with a shaved head, elfin ears, and a perpetual few days’ growth of salt-and-pepper stubble. And after we sit down at a café outside the Sorbonne University nearby, he flashes an impish smile.
“We just got two new leaks, and they’re good ones,” he says in an accent that has layers of French and Bulgarian. One of those documents is rather tame: the budget for the national Bulgarian railways, showing that they’re deeply in debt. The other is significantly more interesting. It’s the full transcript of the trial of Angel Donchev, a Bulgarian prosecutor who was recently found guilty of blackmailing another prosecutor, threatening him with a corruption investigation and a raid by the dreaded antimafia police known as the “berets.”
The case was sealed in court, but the leak reveals the full thirty-three pages of transcribed phone taps. In those wiretaps, the blackmailed prosecutor mentions that he had a million-dollar home and was taking in ten thousand euros a month, far more than a typical prosecutor makes. Tchobanov believes the case was kept shut to avoid revelations about the plaintiff prosecutor as it revealed the crimes of the defendant. He points out that every prosecutor involved in the case is also shown in the transcript to be a Freemason. “Juicy stuff,” says Tchobanov with a tilt of his head and a giggle.
As usual, the two new submissions, like all but the few of BalkanLeaks documents that came through postal mail, were submitted through BalkanLeaks’ Tor Hidden Service. Tchobanov attributes the leak site’s rare success in part to that religious adherence to strong anonymity—nothing is accepted through e-mail, Facebook messages, or the chat protocol IRC. “Tor is not friendly,” says Tchobanov. “We wrote a detailed explanation of how to install it, how to connect, and so on. But it’s something pedagogical. We have to teach people to use anonymity, force them to use it.”
He admits that the system’s inflexibility has likely turned some leakers away. “In the end, we chose less usability and more anonymity. And it worked. We got submissions. In the long run, it pays to have that confidence. We became trusted because we don’t give away our sources. Because we don’t even know who they are.”
But BalkanLeaks’ reputation comes from more than its technology. The site and its parent, Bivol.bg, have two public faces among the dozen or so people who work behind the scenes: Tchobanov and another well-known Bulgarian journalist, Assen Yordanov. They make an odd pair: Tchobanov is small, bald, and cheery where Yordanov is bearish, grizzled, and wears a dour expression by default. But they have a rare attribute in common: Both have sterling journalistic records in a country where most of the media functions as a toothless state apparatus. “Reporters in Bulgaria are either scared or bought,” says Tchobanov. “Money and fear.”
In Bulgaria, newspapers frequently have contracts with government agencies to run notices and advertising on their behalf, a revenue stream that fuels a culture of self-censorship, Tchobanov explains. Many media owners have close ties to the government. According to Reporters Without Borders’ rankings, the country has the least freedom of the press of any in the European Union.
And on the darker side of its carrot-and-stick system, journalists are periodically and horrifically attacked. In 2006, TV journalist Vassil Ivanov, who had investigated organized crime in the country, had his apartment ripped apart by a bomb. A writer who covered the mafia, Georgi Stoev, was fatally gunned down in central Sofia in 2008. Another, Ognyan Stefanov, suffered a beating with hammers the same year that broke most of the bones in his body. No one was charged in any of the three cases. The tradition of journalistic intimidation goes back to the dark days of Communist rule, when the Bulgarian dissident writer Georgi Markov, living then in London, was nicked with an umbrella tip carried by a spy posing as an antiques salesman. The tip planted a pellet of the poison ricin in Markov’s leg, and he died in a hospital three days later.
Yordanov and Tchobanov live on opposite sides of Europe. By remaining in Paris and stashing BalkanLeaks servers elsewhere in France, Tchobanov and the site’s hardware are protected from the government and mafia in his home country. Yordanov, who still lives in the eastern Bulgarian city of Burgas, has no such protection.
Neither is immune from attacks. Tchobanov’s family house in southeastern Bulgaria was visited in 2010 by officials who claimed that it was built illegally, what Reporters Without Borders described in a report as a typical intimidation tactic often followed by violence. And in 2008, Yordanov was nearly murdered in his hometown by a knife-wielding hitman.
Like a government – and mafia-sponsored security audit, what hasn’t killed the pair has only proved their journalistic credentials, casting them as incorruptible in the eyes of leakers. And the enmity of Bulgaria’s powers-that-be may have also helped them gain the trust of their most useful source of all: Julian Assange.
Clay Shirky, a bald and brilliant new media professor at New York University, traces the concepts behind the Icelandic Modern Media Initiative to a time long before WikiLeaks, before science fiction novels like Cryptonomicon and Islands in the Net imagined havens for contraband data in Grenada, Singapore, or the fictional South Sea island of Kinakuta, before even the invention of the Internet.
He points instead to an agreement made at the end of World War II between the intelligence agencies in the United States, Great Britain, Canada, Australia, and New Zealand. With the war winding down and an elaborate system of intelligence sharing set up, this E
nglish-speaking subset of the Allies considered the prospect of giving up the stream of useful data each was receiving from its partners, and instead decided to simply keep pooling that information in the postwar era.
They called it the UKUSA agreement (exotically pronounced yoo-kew-za), and according to a theory that Shirky laid out for the audience at the Personal Democracy Forum in January 2011, it allowed the intelligence services to do more than continue spying on the Germans and the Japanese. Because the UKUSA member organizations were legally prevented from intercepting the communications of their own citizens, they traded off. Canada would spy on Australia’s citizens and share its data with the Australian Secret Intelligence Service, for instance, while Australia wiretapped the Canadian populace and handed over its data to Canada’s Communications Security Establishment.
In fact, the mutual domestic spying Shirky describes has never been reliably documented. But Shirky’s analogy remains useful: Just as governments may have spied on each other’s citizens for the last sixty years, citizens are now spying on each other’s governments.
“What we’re seeing is a pattern of transnational leaking,” he told the conference. “WikiLeaks is the first media outlet that is genuinely multihomed. There is no one country’s laws that govern how WikiLeaks operates.”
Just minutes before, Birgitta Jónsdóttir had spoken to the same crowd via Skype, unable to travel to the United States for fear that her association with WikiLeaks would tempt U.S. authorities to keep her for questioning in its unfolding investigation. In her virtual talk, she outlined her plan for the Icelandic Modern Media Initiative and how she had tasked four ministries of the Icelandic government with changing thirteen laws to make Iceland the most liberated media nation in the world.
Shirky followed Jónsdóttir by describing how the combination of that plan and WikiLeaks functions as the inverse of his UKUSA scenario, a “globalization of citizen oversight.” Pointing to the South African government’s attempts to control and redact the local press, he suggested that the path of a future leak might be routed from Johannesburg to Reykjavík, through London, and back to Cape Town. Just as WikiLeaks detoured its whistleblowers’ documents through Sweden and BalkanLeaks routed its submissions through France, perhaps the future of secret-spilling lay in WikiLeaks’ and IMMI’s multinational leak-laundering.
“This is an alternate way of leaking that is, in at least its current instantiation, obviously superior from the point of view of the leaker to any previous system,” he told the crowd.
And then he ended with a prediction: that this innovation in leaking across national boundaries would lead to leak suppression laws that crossed national boundaries too. “There will be a massive push for globalization of control of secrets. . . . I think we can expect an enormous amount of pressure to be brought to bear against the system we’ve just heard described,” he warned. “I think this will fail. But that is the struggle we’re going to see today.”
Around the corner from a sunny square on Stockholm’s Nytorget Street, where blond youths wear straw hats, eat ice cream, and lounge on the grass, walls of craggy granite spring up and drop the sidewalk into the shadows. A hundred-foot rocky hill rises to a peak overlooking Vita Bergen Park, a large patch of green in Södermalm, the hip neighborhood where Lisbeth Salander lived in Stieg Larsson’s Millennium Trilogy. At the summit perches a picturesque nineteenth-century stone cathedral. But, as in Larsson’s novels, the darker, more interesting world lies beneath.
Jon Karlung, the gray-stubbled and blue-eyed founder of the Internet service provider Bahnhof, leads me into a tunnel cut into the hill, past a pair of twenty-inch-thick steel doors, and into the White Mountain Data Center, a digital bunker first built as a Cold War nuclear shelter and now converted into one of the world’s most secure places to store information.
We walk past two backup power generators originally designed for German submarines, a hydroponic garden, and a network operations center housed in the room that would have been used to run Sweden’s civil defense in the event of a nuclear winter. In a cave full of servers cooled by roaring fans, a glass-walled conference room hangs above the racked computers, embedded in the ceiling rock with thirteen-foot steel bolts. Climbing up a set of stairs, through a tiny door that forces the tall Swede to stoop and bend, and past a wall of gallon-size lead batteries, we arrive at our destination in a messy storage room.
On a cluttered IKEA shelf sit the two elongated pizza-box-shaped objects that Karlung has brought me here to see: a pair of Dell servers. From the day of WikiLeaks’ October 2010 Iraq War exposé through the first seven months of its Cablegate release, these two machines ran the world’s most controversial website.
He picks one up and hefts it into my hands, admiring the computer with a boyish smile. “I like to imagine it’s the Ark in the first Indiana Jones movie, a box in a warehouse somewhere that contains all the world’s secrets,” he gushes.
In fact, even now, a month after WikiLeaks ended its contract with Bahnhof, the data center’s staff still hasn’t erased the servers’ data. “I’m thinking of putting them on eBay. A joke! A joke!” Karlung adds, pronouncing the word “yoke.”
Bahnhof’s granite walls, Karlung assures me, are strong enough to protect its computers from even a nuclear blast. But that’s not why WikiLeaks sought out the data center’s pricey services, starting at fifteen hundred dollars a month and steeply rising with power and bandwidth costs. Instead, he says, the underground fortress is “a kind of metaphor.” Since 1766, Sweden has had some of the world’s strongest protection for journalistic sources and freedom of information, rooted in a constitution written before the United States’ First Amendment. Under that constitution, censorship of the press is virtually impossible. And except in cases of national security or treason, prosecutors are prevented from even asking a media organization for the identity of a confidential source.
Despite its subterranean chambers and bulletproof doors, not even Bahnhof pushes the boundaries of those free-speech laws quite as far as another company across the city in a bedroom-size basement of a rundown building in a northwestern Stockholm neighborhood. PeRiQuito AB, also known as PRQ, has no hydroponic gardens or other James Bond villain accessories in its humble server room. But the company served as the central hub for WikiLeaks, including its submissions system, long before it engaged the services of Bahnhof. In fact, since 2004 PRQ has assembled some of the Web’s most controversial and legally questionable denizens, and the company brags that it has never once taken down one of their sites.
Before WikiLeaks, the most famous inhabitant of PRQ’s racks was undoubtedly the Pirate Bay, the world’s most popular source of pirated music and videos. Both PRQ and that iconic piracy site were founded by two Swedish hackers, Gottfrid Svartholm and Fredrik Neij, a pair of neolibertarian coding savants who were nineteen and twenty-five years old at the time.
The Pirate Bay draws more Web visits than The New York Times, the Huffington Post, or Netflix, not simply by maintaining an enormous index of downloadable copyright-violating material, but also with entertaining antics like posting the legal threats it receives, along with its own responses, on its website. Once the Swedes advised lawyers from Steven Spielberg’s DreamWorks studio to “please go sodomize yourself with retractable batons.” On another occasion they went so far as to suggest a specific model of baton to Apple’s attorneys, the ASP twenty-one-inch. In 2007, Neij, Svartholm, and a third owner, Peter Sunde, tried to raise enough donations from their users to purchase Sealand, an abandoned UK military platform in the North Sea that would serve as a home outside of any nation’s copyright laws. (Sealand refused to sell to them.)
After Swedish police raided PRQ in 2007 and confiscated servers with the intention of taking the Pirate Bay offline, the file-sharing site left its original home to bounce among a variety of temporary hosts across Europe. But PRQ has kept plenty of other colorful customers. Kavkaz Ce
nter, a Chechen rebel media site, was one of the first to take refuge in PRQ’s basement in 2005. The site’s users regularly post Islamist extremist rants about violent jihad against Russian, American, and Israeli infidels along with uncensored news about the war-torn Caucasus. The Russian ambassador to Sweden demanded Kavkaz be taken down in 2007, but when the Stockholm prosecutor had the server seized, PRQ immediately put up a backup server, fought the decision in court, and extracted fourteen thousand dollars in damages from the government.
PRQ also hosts Perugia Shock, an Italian blog that was banned from Google’s Blogger service for allegedly defaming the prosecutor of 2011’s Amanda Knox murder trial. It even offers a home to Pedophile.se and the website of the North American Man/Boy Love Association, Web forums where users discuss sex with children but are restricted from posting images of child pornography.
“Even though I loathe what they say, I defend them,” says Mikael Viborg, a short, muscular lawyer who was recruited by Svartholm and Neij to become PRQ’s chief executive. “We don’t cooperate with the authorities unless we absolutely have to.”
That absolutist antiauthoritarian policy means PRQ keeps no logs of traffic that could identify site visitors, as little information about its two thousand customers as it can, and that it encrypts the small amount of identifying information that it does obtain. It requires sites to pay up front rather than ask for any personal details that would allow the company to extract payment later, and often receives those funds in envelopes without return addresses or handed over in briefcases of cash. “Generally we don’t know who our customers are, and by Swedish law we’re not required to,” Viborg says.
This Machine Kills Secrets Page 27
