[ISN] Whistle while you work

From: InfoSec News (alerts@private)
Date: Mon Feb 25 2008 - 01:30:32 PST


http://www.guardian.co.uk/theguardian/2008/feb/23/internet.usa

By David Leigh and Jonathan Franklin
The Guardian
February 23 2008

A secretive Swiss bank landed an apparently novel censorship blow 
against the internet this week. Anyone who tried to call up 
wikileaks.org, a global website devoted to publicising leaked documents, 
found themselves frustrated. The site simply wasn't there any more.

The Julius Baer bank in Zurich succeeded in hamstringing the shadowy 
individuals behind the website by the simple trick of moving not against 
them, but against a US company that hosted their domain name.

Dynadot, the California resellers who collect a few dollars by this 
internet trade, submitted to a legal injunction ordering the name to be 
deleted. Yet however wise this scheme may have appeared at the time to 
the Swiss bank's Los Angeles lawyers, Lavely & Singer, it has now 
backfired in a big way.

The injunction blew up a gale of debate about internet freedom, and 
sprayed the bank's secret documents all over the net. It has also thrust 
into prominence an obscure group of dreamers and programmers who want to 
provide what they call an "untraceable and uncensorable" leaking 
machine, to be used by dissidents worldwide.

Those behind Wikileaks include Tibetan, Chinese and Thai political 
campaigners, an Australian hacking author, and Ben Laurie, a 
mathematician living in west London who is on the advisory board.

Wikileaks is not the first site of its kind. John Young, a New York 
architect, has been posting leaked intelligence documents on his 
Cryptome site for some years. But since its launch in late 2006, 
Wikileaks has had an impressive record.

When Northern Rock collapsed last autumn, print media in London were 
gagged by a judge's order from re-publishing its leaked sales 
prospectus. It was Wikileaks that kept the prospectus before the public, 
along with the text of some threatening "not for publication" letters 
from the British lawyers, Schillings.

In the US, Wikileaks also made headlines last November with the 
publication of secret documents, including the 238-page manual Standard 
Operating Procedures for Camp Delta, a document that even the US 
military grudgingly admitted was genuine. The Guantnamo document, 
including descriptions of everything from transferring prisoners to 
evading protocols of the Geneva convention, was a comprehensive guide to 
day-to-day operations at the controversial prison.

Wikileaks landed an even bigger coup last August with a previously 
secret 110-page draft report by the international investigators Kroll, 
which revealed allegations of massive corruption in Kenya. The family of 
former Kenyan leader Daniel Arap Moi were reported to have siphoned off 
more than 1bn.

The reason Wikileaks has now enraged the Zurich bank is that pages have 
been posted detailing the bankers' most intimate trade secret: the way 
they hide the funds of their ultra-rich international clients in 
offshore trusts. This sort of material is very hot stuff. In Germany, 
the federal intelligence service recently paid an informer almost 4m for 
a disc containing similar details from a Liechtenstein bank. That led to 
raids on hundreds of suspected tax evaders, the disgrace of prominent 
businessmen, and a diplomatic collision with the tiny tax haven.

The person Baer describes as a disgruntled former employee at their own 
Cayman Islands office has similarly made off with a large quantity of 
internal records. A handful of these have made their way on to the 
Wikileaks site, which advertises that individuals can leak with the 
confidence they won't be discovered, thanks to the site's cryptographic 
protection.

The files tell some interesting stories. One of Margaret Thatcher's life 
peers allegedly salted away more than $100m (50m) in a secret trust, for 
example. The late Lawrence Kadoorie, a Hong Kong millionaire, was 
ennobled in 1981 by the former British prime minister. He had built up 
the family's fortunes through China Light and Power, which provides Hong 
Kong with its electricity, and through a chain of hotels. According to 
the files, the Baer bank ran an anonymous company, registered in the 
British Virgin Islands and called Seneford Investments. A nominee 
director was based in a second tax haven, the Cayman Islands. But the 
real owner of Seneford Investments, it is claimed, was Kadoorie's family 
trust. In 1998, the documents listed six bank accounts for the company, 
in Switzerland and elsewhere. They held a total of $113m. There is no 
suggestion that this was illegal.

Kadoorie's son, Sir Michael, who still has major interests in the Hong 
Kong companies, did not respond yesterday to invitations from the 
Guardian to comment.

The other bank records posted by Wikileaks describe equally elaborate 
structures husbanding millions of pounds for Spanish financiers, Greek 
ship-owners, Chinese expatriates and wealthy New Yorkers. Although the 
leaker hints that tax frauds and bribery may lie behind some of these 
other accounts, he does not give enough detail to provide proof.

Wikileaks itself admits that some of the documents might be fabricated, 
and the whole affair might have only been seen as a curiosity, had the 
Baer bank not called in their lawyers. The federal judge Jeffrey White 
in San Francisco not only ordered removal of the domain name, but banned 
further circulation of the documents. As a result, they reappeared on 
Wikileaks "mirror" sites, hosted in the UK, Belgium and the Christmas 
Islands. It even transpired that the deleted main Wikileaks site could 
be accessed, slightly less conveniently, by using its IP number 
(88.80.13.160) instead of the domain name.

Bloggers, online columnists and websites decried the bank's move as they 
launched a counterattack and lobbied in favour of Wikileaks' right to 
anonymously publish secrets. Less than a week after the court decision, 
a Google search for the court case turned up 69,000 hits. Four hours 
later, the tally was 78,000.

A further hearing on February 29 may well overturn the original 
decision.

The Zurich bank says: "It was the sole objective of Julius Baer to have 
legally protected documents removed from Wikileaks. We brought legal 
action against the website only after our initial efforts proved 
unsuccessful. In the course of taking such action, the bank has been 
made the subject of serious defamatory allegations. Such allegations are 
based on forged and stolen documents and are unequivocally denied. We 
have always sought to act in the best interests of our clients and shall 
continue to do so."

Who are Wikileaks? Although the project makes a feature of the anonymity 
of its volunteers, the minds behind it are not hard to find. One 
prominent driving force is Julian Assange, a much-travelled Australian 
programmer and author who has a flamboyant mane of silver hair. Before 
riding his motorcycle across Vietnam, he co-wrote a book about computer 
hackers.

"He's a pretty standard modern geek with a thing about dissidents," says 
the British encryption expert Ben Laurie, who advised the group on 
encryption. "He's quite techie and he can write code."

One of Assange's early schemes was to develop what he called "deniable 
cryptography". The idea was to help dissidents resist giving away 
secrets under torture. Texts would be encrypted in layers, so that even 
if a victim were forced to reveal a password, the torturer would not 
realise there was a second layer of information, hidden by a second 
password.

Assange then turned up in London and proposed the Wikileaks scheme for 
"an open-source, democratic intelligence agency". Laurie said: "I 
thought it was all hot air at first." But he became enthusiastic. He 
advised on an encryption system, first developed by the US Navy, which 
uses a chain of three separate servers, and ensures leakers can post 
documents anonymously.

Laurie is an international consultant on internet security. Earlier he 
set up a business that bought two military bunkers, at the abandoned US 
base at Greenham Common, and at an old RAF radar station in Kent. His 
company rents them out to firms and banks who want to protect their 
servers from attack. The Kent bunker is deep underground: "The radar 
operators were supposed to survive 30 days after a nuclear strike."

Some of his subversiveness may have rubbed off from his father, Peter 
Laurie, who wrote a cult book in the 1970s called Beneath the City 
Streets, which traced networks of secret government bunkers and tunnels.

Fresh off a flight from Washington, he answers the door to his rambling 
house in Acton in bare feet, and willingly explains why he approves of 
Wikileaks, while pointing out he is not personally responsible for any 
of their legally controversial deeds: "I have a long-term interest in 
privacy on the internet. It provides enormous opportunities for 
surveillance and this is not a good thing. Also, this is an interesting 
technical problem: how do you reveal things about powerful people 
without getting your arse kicked? Whistleblowing is a practice which 
should be encouraged.

"I'm really quite surprised at Wikileaks' success. They've done a lot of 
interesting stuff. It seems people are prepared to take the risk."

Another member of the advisory board is an American former draft 
resister, CJ Hinke. Speaking from his home in Thailand, he said: 
"Wikileaks is a decentralised phenomenon, and that means there are 
volunteers in dozens of countries. These volunteers form a very loose 
network so that, in fact, government can't home in on anybody and take 
drastic action against them."

In Thailand, Wikileaks has focused on efforts to block access to 
websites critical of the government. "The minute Wikileaks was 
announced, we sent them a huge trove of secret documents," said Hinke, 
founder of Freedom Against Censorship Thailand.

The documents included detailed lists of blocked sites, including all 
references to The King Never Smiles, a book published by Yale University 
Press. "Ordinary people come across things that governments or companies 
or individuals would prefer to keep secret. I think it is possible for 
almost everybody to expose these kind of events."

The wikileakers share the same belief in the "wisdom of crowds" that 
lies behind Wikipedia, the online encyclopaedia. Their theory is that 
their leaked documents will be self-verifying, thanks to the scrutiny of 
thousands of pairs of eyes. Some may wonder whether it's quite as easy 
as that.

Laurie cautions that Wikileaks' vaunted encryption is not completely 
unbreakable. Codebreakers such as the US National Security Agency could 
probably crack it, he says. "If my life was on the line, I would not be 
submitting [documents] to Wikileaks."


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Mon Feb 25 2008 - 01:38:12 PST