After WikiLeaks and OpenLeaks split, Müller-Maguhn was tasked by Assange as mediator in the two groups’ digital custody dispute. Around the same time, as the CCC board member tells it, Domscheit-Berg seemed to suddenly and spontaneously regain his calm composure. “Some people in the CCC believed that he made a deal that would ensure his safety from prosecution,” Müller-Maguhn says knowingly. “I can’t tell you what happened. Maybe I’m a conspiracy theorist. But I imagine this is true.”
And adopting this conspiracy theory, what does Müller-Maguhn think of OpenLeaks? “If we step back and look at this from very far away, from outer space,” he says thoughtfully, “it looks like an intelligence agency’s dream. To control the infrastructure itself.”
(When I give Domscheit-Berg a chance to respond to these accusations, he laughs and says again that he has never cooperated with intelligence agents. He reminds me of Assange’s claim that government spies attended his wedding; in fact, Domscheit-Berg says, the only person at the event with ties to intelligence agencies was Müller-Maguhn himself, whose CryptoPhone company sells to government customers.)
But regardless of their motives, as Müller-Maguhn tells the story, Domscheit-Berg and the Architect seemed determined to make the handover of WikiLeaks’ files as difficult as possible.
Müller-Maguhn had been asked by Assange to retrieve three items from the OpenLeakers: the archive of already-published documents, the submissions system software, and the three thousand unpublished leaks. The CCC president went after the submissions system first, contacting the Architect over encrypted chat. To his surprise, the Architect immediately said he had no intention of giving back the submission system he had created under any circumstances. “He called it his intellectual property,” says Müller-Maguhn, pronouncing the two words with evident disgust. “I couldn’t believe it. To me, those were words from a different culture. That was the language of the enemy.”
The already-published documents were more easily retrieved. Domscheit-Berg sent them to Müller-Maguhn, and Müller-Maguhn relayed them to a WikiLeaks volunteer, who posted them in a downloadable format on WikiLeaks’ Twitter feed so that they would be mirrored around the world and could never again be removed from the Internet.
But when Müller-Maguhn asked for the as yet unpublished files, WikiLeaks’ eighteen-gigabyte collection of unrevealed secrets, Domscheit-Berg and the Architect seemed to respond with an endless stream of roadblocks and excuses. First, they said the files had been given to someone else and needed to be retrieved before they could be handed over. Then Domscheit-Berg reconsidered and said he would need to sort out the files that were addressed specifically to him from those addressed to WikiLeaks at large. At each step, whichever of the two OpenLeakers Müller-Maguhn managed to contact would say that he needed more time to discuss with the other, further stalling the process. “My mood toward Daniel was changing,” he says. “I was getting the feeling he was playing bullshit games. But there was nothing I could do.”
A few months into this game of tag, Domscheit-Berg committed what Müller-Maguhn considers a mortal sin against the unwritten hacker code. He published a tell-all book, one that detailed the group’s warts-and-all history and even included his bitter private chat logs with Assange. “Why did he print internal chat protocols, private correspondence that had no context in philosophical or political disputes?” asks Müller-Maguhn. “I decided from that moment that my trust in Daniel must be reduced.”
At the Chaos Communication Camp, Müller-Maguhn was dismayed to see Domscheit-Berg touting a penetration test of his systems by the Chaos Computer Club, even as he declined to make the site’s full code available. And then, when he asked one, final time for the OpenLeakers to hand over WikiLeaks’ data, they gave him what he describes as an entirely new excuse: that WikiLeaks couldn’t be trusted with any sensitive data, and that the pair owed it to sources to fully vet and redact the files before returning them.
Müller-Maguhn called a meeting of the Club’s board at ten P.M., and five hours later the five members had unanimously decided to oust Domscheit-Berg from the group. Officially, the decision was based on OpenLeaks’ abuse of the CCC’s name at the Camp. But for Müller-Maguhn, his anger toward Domscheit-Berg and the Architect had been building for nearly a year.
Eleven months of diplomacy between OpenLeaks and WikiLeaks had ended in failure. A few days after the Camp, Domscheit-Berg and the Architect decided that there was no way they would ever give WikiLeaks back its files, and that there was no use in holding on to them and endangering sources.
So they deleted their keys, rendering the files permanently, irrevocably encrypted.
When the news emerged that the OpenLeakers had essentially destroyed three thousand submissions, WikiLeaks sent out a stream of angry comments on Twitter, listing the contents of files it claimed were lost to history: internal communications of twenty neo-Nazi groups, sixty thousand e-mails from the ultra-right-wing NPD party in Germany, a video of an airstrike in the Afghan town of Granai that allegedly killed 140 civilians, surveillance policies by over a hundred Internet companies, the entire U.S. No-Fly List, and, most significantly to me after a year of leakless waiting, five gigabytes of internal data from Bank of America.
Domscheit-Berg later told me that WikiLeaks trumped up most of those claims: Of the files WikiLeaks listed, only the No-Fly List was included in the encrypted cache and hadn’t been published because it was already available elsewhere online. (Sites like No-fly-list.com do offer some version of the list.) The others, he says, had been stored by WikiLeaks elsewhere, or didn’t exist. Both he and the Architect admitted the encrypted files did likely include some data from Icelandic financial institutions, but wouldn’t provide details. As for the Bank of America files, Domscheit-Berg claims that WikiLeaks simply lost them, a victim of the site’s mess of creaking servers and failing hard drives before its 2010 reorganization.
Just what files became collateral damage in the dispute between WikiLeaks and OpenLeaks will likely never be completely known. Domscheit-Berg says he and the Architect used the Department of Defense standard for data erasure for all existing copies of their secret keys, the most secure practice for eradicating information short of demolishing the hard drive that stores it. They wrote over the keys’ data seven times with pseudorandom patterns to cover all possible forensic traces. In a few minutes, the three thousand documents submitted by anonymous leakers to the world’s most successful whistleblowing site over the course of eight months were permanently reduced to eighteen gigabytes of chaos that would require longer than the history of civilization to decipher.
By early 2011, WikiLeaks had experienced the full eviscerating effects of disgruntled insiders—from Domscheit-Berg’s book to Heather Brooke’s transmission of the State Department Cables to The Guardian to James Ball’s leaked NDA contract. But WikiLeaks’ most damaging leak would result from a more mundane phenomenon: simple human carelessness.
When a WikiLeaks staffer received the archive of already-published leaks recovered by Andy Müller-Maguhn at the end of 2010 and posted it online, the collection was uploaded to the Pirate Bay within days. What better outlet to prevent the next Domscheit-Berg from undoing the group’s work, after all, than that Swedish bastion of uncensorable file-sharing? “Now you can have your very own copy of the WikiLeaks archive! How cool is that?” wrote the unnamed user who first uploaded the document collection.
Any curious visitor who downloaded the file might have noticed a strange folder among the CIA memos, Bilderberg meeting reports, lists of words banned from the Internet by the Chinese government, and stolen e-mails from Sarah Palin’s Yahoo! account. It came last in alphabetical order, and hardly attracted attention. It was called, simply, “xyz.”
Opening it revealed four files: x, y, y-docs, and z, each encrypted with PGP and thus unreadable. And they would have remained unreadable if it weren’t for another simple mistake, t
his one committed by David Leigh, the reporter from The Guardian who first engineered the partnership with WikiLeaks to release the Cablegate files. In January 2011, The Guardian’s reporters published their own tell-all book about their work with WikiLeaks. And there, in the heading to the eleventh chapter, were printed the words that to Julian Assange must have jumped off the page with horrifying significance:
“AcollectionOfDiplomaticHistorySince_1966_ToThePresentDay#—Julian Assange’s 58-character password.”
It was the full passphrase to WikiLeaks’ copy of the encrypted, unredacted cables. To a technological muggle like Leigh, the PGP password must have seemed like a harmless historical detail to add intrigue to his cloak-and-dagger story. He later claimed that Assange had told him the password would soon be changed, and saw no harm in publishing it a few months later. But to Assange and any other hacker, revealing a password represented a glaring security breach. Those familiar with PGP know that when a file is encrypted to a certain key, the private key will always open a copy of that encrypted file and thus can never be revealed. Secret keys remain secret for life.
This was no minor operational security slipup. If someone curious about the archive’s mysterious “xyz” folder—and Web forums of WikiLeaks-watchers were already buzzing about the folder’s mysterious contents—tried testing the printed password out on the four files, one by one, the result would be an incredible and terrible discovery: When he or she reached “z,” the final file would open to reveal the entire, unredacted set of State Department Cables, complete with every sensitive source’s name, from Chinese dissidents to African journalists, every innocent informant to the State Department in every repressive regime around the world. As Bradley Manning had described it, “world-wide anarchy in CSV format.”
WikiLeaks had accidentally published an encrypted copy of the cables in a form that it couldn’t unpublish. And now The Guardian had published the key.
For six months, the data breach was kept below the radar. If WikiLeaks was aware of its leak, it didn’t comment on it. On file-sharing sites like the Pirate Bay and Torrent.net, it seemed that at least a few users had put together the password with the “z” file, accessed the cables, and had noted the inclusion of the full cables in their description of the archive. Whether the cables were found and decrypted by foreign intelligence agencies who might use the information for their own purposes is less clear.
One person, at any rate, was both well aware of WikiLeaks’ cable breach and quite willing, it seemed, to talk about it: Daniel Domscheit-Berg.
In late summer of 2010, the small German newspaper Freitag, an OpenLeaks partner, published a story with the unassuming headline, “Leak at WikiLeaks.” It was a peculiar article, making the shocking claim that WikiLeaks’ security had failed and that it had lost control of the entire cable database, but carefully leaving out all details that might help someone find or decrypt it.
It was, nonetheless, the only hint that the Internet needed. Soon Twitter users were making the connections between the printed password and the “xyz” folder. Finally, it was John Young, the “spiritual godfather of online leaking,” who helpfully decrypted the entire database and posted it, entirely unredacted, to Cryptome. “Mediation of this disclosure is not needed in a democracy,” he explained in his Twitter feed. “That the unreconfigured cables have become public is to be applauded and not condemned.”
WikiLeaks found itself in the embarrassing position of holding back portions of files that anyone could already read online. So it soon followed Cryptome’s lead and published in unredacted form the remainder of the quarter million cables it hadn’t yet released. The metaleak was complete.
Then the recriminations began: WikiLeaks blamed The Guardian for having negligently published the password. The Guardian’s David Leigh pointed the finger at WikiLeaks for having published the encrypted file, even insinuating that Assange had wanted the full cables published all along and had purposefully tricked Leigh into printing the password so that the fiasco could be blamed on him.
In fact, it was Domscheit-Berg who, advertently or not, had caused WikiLeaks’ leak to be sprayed across the Internet. He later told me that it was indeed he who tipped off Steffen Kraft, the editor at Freitag who publicized the breach.
Domscheit-Berg claims that he had long known about the cable spillage, and believed it demonstrated exactly why he and the Architect couldn’t safely return WikiLeaks’ unpublished submissions. As for Andy Müller-Maguhn, Domscheit-Berg blamed him for having uploaded the archive file to the Web, what he had elliptically described to me at the Camp as the “biggest data-handover fuckup of all time.” (Müller-Maguhn denies any role in uploading the file.)
“I’ve been shutting up about this for months. I’ve been taking all the blame and all the heat from people who say my concerns for WikiLeaks’ operation security are just made up. That I’m just a liar. That I’m trying to make them look bad, because I’m not giving anyone proof,” he says. “So I pick one reporter that I trust at Freitag and told him the detail so he could verify I had a concern. I didn’t want him to spread the story. That was his choice. . . . I’m not interested in these cables leaking at all. It’s completely irresponsible, and it’s not the consequence of what I’ve done.”
But by alerting the mainstream media, hadn’t he screamed into a megaphone a secret that until then had only been whispered around the Web? “You think that would have gone on forever?” he asks angrily. “It was only a matter of time until one and one were put together. If that’s not communicated publicly, then the people implicated in the cables will never find out they need to be careful. That was the most important thing.”
Domscheit-Berg wasn’t alone in thinking that the covers of the State Department’s informants were already blown. P. J. Crowley, the former spokesperson for the State Department who had resigned after criticizing the military’s treatment of Bradley Manning, commented that “any autocratic secret service worth its salt” had already accessed the cables.
Nonetheless, after the Freitag story, new damage from the leak was already beginning to surface. Two Zimbabwean generals whose names had been marked “strictly protected” in the cables had met secretly with State Department officials to criticize the leader of the country’s armed forces, calling him an inexperienced leader in the sway of corrupt president Robert Mugabe’s political party. With their names exposed, they faced a possible court-martial on charges of treason. The names of Chinese dissidents exposed in the leak were passed around on nationalist Web forums, with some calling for manhunts and violence against them. Nine Iraqi Jews in Baghdad who were named in the cables were advised by the U.S. embassy and the Iraqi Anglican church to leave the country for fear of violent reprisal. After one Ethiopian journalist who communicated with the embassy in Addis Ababa was exposed as having met with a confidential informant in the government’s communication office, he was interrogated by officials who gave him twenty-four hours to reveal his source. Instead, he fled to Uganda. “It’s very sad, within a week leaving your home without any preparation,” he told the BBC. “I love my country and I love my job and it’s a big loss for me.”
WikiLeaks, to be fair, had never promised its sources it would redact or edit the information it received from them—only that it would maximize that information’s impact. It hadn’t vowed to protect the people mentioned in its leak, but rather the identity of the leaker himself, a promise the group has never violated.
But when that mission came up against the practical, humanitarian necessity of keeping some secrets secret while revealing others, WikiLeaks had tried to resist the natural tendency of all shared information to leak. And when it inevitably failed to control that tendency, it put at risk some of the very truth-tellers and whistleblowers it had sought to empower. The secret-killing machine had turned upon itself.
Fifty-five miles north of Berlin, on the north edge of a group of picturesque
lakes, stands a cluster of single-story buildings inside a brick-walled compound: the remains of the Ravensbrück Nazi concentration camp. From 1939 to 1945, the all-female camp imprisoned more than 130,000 women from across Europe: Jews, gypsies, lesbians, political activists, resistance fighters, and a small contingent of children who had been in the victims’ care when they were captured. More than 100,000 women of all ages were gassed, shot, lethally injected, buried alive, murdered in inhuman medical experiments, or marched to death as their captors moved them westward to hide from the invading Soviet army. Almost all of the children died from starvation. Most of the victims’ remains are buried in a mass grave covered in stones facing a lake that contains the ashes of thousands of cremated bodies.
Across that body of water, just two miles away, inside a white, three-story house in a sleepy German town that he asks me not to name, Daniel Domscheit-Berg invites me into his home and the future headquarters of OpenLeaks.
Domscheit-Berg didn’t intend to move his family and his organization next to the site of one of the twentieth century’s darkest atrocities, he explains as he shows me around the house. But he got a very good deal on the property.
The OpenLeaks founder’s office on the ground floor is strewn with random computer paraphernalia. Unused servers are stacked waist-high in the corner. Near his desk lies an enormous, 160-watt megaphone he recently used in a protest against European Union data retention laws. A length of four-inch-diameter copper cabling that he took as a souvenir from his high school summer job laying electrical lines rests at the foot of a couch. He recently purchased a four-foot-tall, fourteen-hundred-pound steel safe he plans to install in the basement to hold his family’s and OpenLeaks’ most sensitive files.
Despite the maelstrom of anger and blame swirling around the test launch of OpenLeaks, the irretrievably lost WikiLeaks submissions, and the leak of the unredacted cables, Domscheit-Berg seems utterly relaxed, sitting with me and munching on an apple from the century-old tree in his backyard. “We felt like Frodo in Lord of the Rings,” he says of the files he and the Architect scuppered. “People kept finding reasons why we should give them the data. In the end, we knew we had to destroy it. And since we did, life is good. I’d rather take the shit storm and be everyone’s scapegoat than go against my best knowledge and risk compromising sources.”
This Machine Kills Secrets Page 35
