WikiLeaks: Inside Julian Assange's War on Secrecy

The rise of WikiLeaks

Annual congress of the Chaos Computer Club,

Alexanderplatz, Berlin

December 2007

“How do you reveal things about powerful people without getting your arse kicked?”

BEN LAURIE, ENCRYPTION EXPERT

Julian Assange can be seen on the conference video giving an enthusiastic raised-fist salute. Alongside him stands a thin, intense-looking figure. This is the German programmer Daniel Domscheit-Berg, who has just met Assange at the 24th Chaos Communication Congress, the European hackers’ gathering, and is about to become a key lieutenant. Domscheit-Berg eventually gave up his full-time job with US computer giant EDS, and devoted himself to perfecting WikiLeaks’ technical architecture, adopting the underground nom de guerre “Daniel Schmitt”.

Domscheit-Berg’s friendship with Assange was to end in bitter recriminations, but the relationship marked a key step in the Australian hacker’s emergence from the chrysalis of his Melbourne student milieu. “I heard about WikiLeaks in late 2007 from a couple of friends,” says Domscheit-Berg. “I started reading about it a bit more. I started to understand the value of such a project to society.”

The Chaos Computer Club is one of the biggest and oldest hacker groups in the world. One of its co-founders in 1981 was the visionary hacker Herwart “Wau” Holland-Moritz, whose friends set up the Wau Holland Foundation after his death. This charity was to become a crucial channel to receive worldwide WikiLeaks donations. Chaos Computer Club members at the Berlin congress such as Domscheit-Berg, along with his Dutch hacker colleague Rop Gonggrijp, had mature talents that proved to be crucial to the development of Assange’s guerrilla project. (Assange himself nevertheless later tried to reject the hacker label. He told an Oxford conference that “hacking” has now come to be regarded as an activity “mostly deployed by the Russian mafia in order to steal your grandmother’s bank accounts. So this phrase is not as nice as it used to be.”)

Domscheit-Berg was fired up with social idealism, and preached the hacker mantra that information should be free: “What attitude do you have to society?” he would later exhort. “Do you look at what there is and do you accept that as god-given, or do you see society as something where you identify a problem and then you find a creative solution? … Are you a spectator or are you actively participating in society?” He and Assange wanted to develop physical havens for WikiLeaks’ servers across the globe. Domscheit-Berg whipped up his fellow hackers at Berlin, urging them to identify countries which could be used as WikiLeaks bases:

“A lot of the countries in today’s world do not have really strong laws for the media any more. But a few countries, like for instance Belgium, the US with the first amendment, and especially for example Sweden, have very strong laws protecting the media and the work of investigative or general journalists. So … if there are any Swedes here, you have to make sure your country [remains] one of the strongholds of freedom of information.”

Sweden did eventually become the leakers’ safe haven – ironically, in view of all Assange’s subsequent trouble with Swedish manners and morals. The hackers in Berlin had links to the renegade Swedish file-sharing site The Pirate Bay. And from there the trail led to a web-hosting company called PRQ, which went on to provide WikiLeaks with an external face. The bearded owner of the internet service provider (ISP), Mikael Viborg, was later to demonstrate his operation, located in an inconspicuous basement in a Stockholm suburb, on Swedish TV. “At first they wanted to tunnel traffic through us to bypass bans in places where they don’t like WikiLeaks.” he says. “But later they put a server here.”

PRQ offers its customers secrecy. They say their systems prevent anyone eavesdropping on chat pages, or finding out who sent what to whom.

“We provide anonymity services, VPN [virtual private network] tunnels. A client connects to our server and downloads information. If anyone at the information’s source tries to trace them, they can only get to us – and we don’t disclose who was using that IP [internet protocol] number. We accept anything that is legal under Swedish law, regardless of how objectionable it is. We don’t make moral judgments.”

This uncompromising attitude appealed to Domscheit-Berg: “PRQ has a track record of being the hardest ISP you can find in the world. There’s just no one that bothers less about lawyers harassing them about content they’re hosting.”

WikiLeaks’ own laptops all have military-grade encryption: if seized, the data on them cannot be read, even directly off the disk. The volunteer WikiLeaks hacker, Seattle-based Jacob Appelbaum, boasts that he will destroy any laptop that has been let out of his sight, for fear that it might have been bugged. None of the team worries deeply about the consequences of losing a computer, though, because the lines of code to control the site are stored on remote computers under their control – “in the cloud” – and the passwords they need for access are in their heads.

Popular for day-by-day in-house conversations is the internet phone service Skype, which also uses encryption. Because it was developed in Sweden rather than the US, the team trusts it not to have a “back door” through which the US National Security Agency can peer in on their discussions.

As its name suggests, WikiLeaks began as a “wiki” – a user-editable site (which has sometimes led to confusion with the user-editable Wikipedia; there is no association). But Assange and his colleagues rapidly found that the content and need to remove dangerous or incriminating information made such a model impractical. Assange would come to revise his belief that online “citizen journalists” in their thousands would be prepared to scrutinise posted documents and discover whether they were genuine or not.

But while the “wiki” elements have been abandoned, a structure to enable anonymous submissions of leaked documents remains at the heart of the WikiLeaks idea. British encryption expert Ben Laurie was another who assisted. Laurie, a former mathematician who lives in west London and among other things rents out bomb-proof bunkers to house commercial internet servers, says when Assange first proposed his scheme for “an open-source, democratic intelligence agency”, he thought it was “all hot air”. But soon he was persuaded, became enthusiastic and advised on encryption. “This is an interesting technical problem: how do you reveal things about powerful people without getting your arse kicked?”

As it now stands, WikiLeaks claims to be uncensorable and untraceable. Documents can be leaked on a massive scale in a way which “combines the protection and anonymity of cutting-edge cryptographic technologies”. Assange and co have said they use OpenSSL (an open source secure site connection system, like that used by online retailers such as Amazon), FreeNet (a peer-to-peer method of storing files among hundreds or thousands of computers without revealing where they originated or who owns them), and PGP (the open source cryptographic system abbreviated from the jocular name “Pretty Good Privacy”).

But their main anonymity protection device is known as Tor. WikiLeaks advertises that “We keep no records as to where you uploaded from, your time zone, browser or even as to when your submission was made.” That’s a classic anonymisation via Tor.

US intelligence agencies see Tor as important to their covert spying work and have not been pleased to see it used to leak their own secrets. Tor means that submissions can be hidden, and internal discussions can take place out of sight of would-be monitors. Tor was a US Naval Research Laboratory project, developed in 1995, which has been taken up by hackers around the world. It uses a network of about 2,000 volunteer global computer servers, through which any message can be routed, anonymously and untraceably, via other Tor computers, and eventually to a receiver outside the network. The key concept is that an outsider is never able to link the sender and receiver by examining “packets” of data.

That’s not usually the case with data sent online, where every message is split into “packets” containing information about its source, destination and other organising data (such as where the packet fits in the message). At the destination, the packets are reassembled. Anyone monitoring the sender or receiver’s internet connection will see the receiver and source information, even if the content itself is encrypted. And for whistleblowers, that can be disastrous.

Tor introduces an uncrackable level of obfuscation. Say Appelbaum in Seattle wants to send a message to Domscheit-Berg in Berlin. Both men need to run the Tor program on their machines. Appelbaum might take the precaution of encrypting it first using the free-of-charge PGP system. Then he sends it via Tor. The software creates a further encrypted channel routed through the Tor servers, using a few “nodes” among the worldwide network. The encryption is layered: as the message passes through the network, each node peels off a layer of encryption, which tells it which node to send the payload to next. Successive passes strip more encryption off until the message reaches the edge of the network, where it exits with as much encryption as the original – in this case, PGP-encrypted.

An external observer at any point in the network tapping the traffic that is flowing through it cannot decode what is being sent, and can only see one hop back and one hop forward. So monitoring the sender or receiver connections will only show a transmission going into or coming out of a Tor node – but nothing more. This “onion” style encryption, with layer after layer, gave rise to the original name, “The Onion Router” – shortened to Tor.

Tor also allows users to set up “hidden services”, such as instant messaging, that can’t be seen by tapping traffic at the servers. They’re accessed, appropriately, via pseudo-top-level domains ending in “.onion”. That provides another measure of security, so that someone who has sent a physical version of an electronic record, say on a thumb drive, can encrypt it and send it on, and only later reveal the encryption key. The Jabber encrypted chat service is popular with WikiLeakers.

“Tor’s importance to WikiLeaks cannot be overstated,” Assange told Rolling Stone, when they profiled Appelbaum, his west coast US hacker associate. But Tor has an interesting weakness. If a message isn’t specially encrypted from the outset, then its actual contents can sometimes be read by other people. This may sound like an obscure technical point. But there is evidence that it explains the true reason for the launch of WikiLeaks at the end of 2006 – not as a traditional journalistic enterprise, but as a piece of opportunistic underground computer hacking. In other words: eavesdropping.

On the verge of his debut WikiLeaks publication, at the beginning of 2007, Assange excitedly messaged the veteran curator of the Cryptome leaking site, John Young, to explain where his trove of material was coming from:

“Hackers monitor chinese and other intel as they burrow into their targets, when they pull, so do we. Inexhaustible supply of material. Near 100,000 documents/emails a day. We’re going to crack the world open and let it flower into something new …We have all of pre 2005 afghanistan. Almost all of india fed. Half a dozen foreign ministries. Dozens of political parties and consulates, worldbank, opec, UN sections, trade groups, tibet and falun dafa associations and … russian phishing mafia who pull data everywhere. We’re drowning. We don’t even know a tenth of what we have or who it belongs to. We stopped storing it at 1Tb [one terabyte, or 1,000 gigabytes].”

A few weeks later, in August 2007, a Swedish Tor expert, Dan Egerstad, told Wired magazine that he had confirmed it was possible to harvest documents, email contents, user names and passwords for various diplomats and organisations by operating a volunteer Tor “exit” node. This was the final server at the edge of the Tor system through which documents without end-to-end encryption were bounced before emerging. The magazine reported that Egerstad “found accounts belonging to the foreign ministry of Iran, the UK’s visa office in Nepal and the Defence Research and Development Organisation in India’s Ministry of Defence. In addition, Egerstad was able to read correspondence belonging to the Indian ambassador to China, various politicians in Hong Kong, workers in the Dalai Lama’s liaison office and several human rights groups in Hong Kong. “It kind of shocked me,” he said. “I am absolutely positive that I am not the only one to figure this out.”

The speculation was largely confirmed in 2010, when Assange gave Raffi Khatchadourian access to write a profile. The New Yorker staffer wrote: “One of the WikiLeaks activists owned a server that was being used as a node for the Tor network. Millions of secret transmissions passed through it. The activist noticed that hackers from China were using the network to gather foreign governments’ information, and began to record this traffic. Only a small fraction has ever been posted on WikiLeaks, but the initial tranche served as the site’s foundation, and Assange was able to say, ‘We have received over one million documents from 13 countries.’ In December, 2006, WikiLeaks posted its first document: a ‘secret decision’, signed by Sheikh Hassan Dahir Aweys, a Somali rebel leader for the Islamic Courts Union, that had been culled from traffic passing through the Tor network to China.”

The geeky hacker underground was only one part of the soil out of which WikiLeaks grew. Another was the anti-capitalist radicals – the community of environmental activists, human rights campaigners and political revolutionaries who make up what used to be known in the 1960s as the “counter-culture”. As Assange went public for the first time about WikiLeaks, he travelled to Nairobi in Kenya to set out their stall at the World Social Forum in January 2007. This was a radical parody of the World Economic Forum at Davos, Switzerland, where rich and influential people gather to talk about money. The WSF, which originated in Brazil, was intended, by contrast, to be where poor and powerless people would gather to talk about justice.

At the event, tens of thousands in Nairobi’s Freedom Park chanted, “Another world is possible!” Organisers were forced to waive entry fees after Nairobi slum dwellers staged a demonstration. The BBC reported that dozens of street children who had been begging for food invaded a five-star hotel tent and feasted on meals meant for sale at $7 a plate when many Kenyans lived on $2 a day: “The hungry urchins were joined by other participants who complained that the food was too expensive and police, caught unawares, were unable to stop the free-for-all that saw the food containers swept clean.”

Assange himself spent four days in a WSF tent with his three friends, giving talks, handing out flyers and making connections. He was so exhilarated by what he called “the world’s biggest NGO beach party” that he stayed on for much of the next two years in a Nairobi compound with activists from Médecins Sans Frontières and other foreign groups.

“I was introduced to senior people in journalism, in human rights very quickly,” he told an Australian interviewer later. “[Kenya] has got extraordinary opportunities for reforms. It had a revolution in the 1970s. It has only been a democracy since 2004.” He wrote that he met in Africa “many committed and courageous individuals – banned opposition groups, corruption investigators, unions, fearless press and clergy”. These brave people seemed like the real deal to him: his mail-out contrasted them witheringly with western fellow-travellers. “A substantial portion of Social Forum types are ineffectual pansies who specialise in making movies about themselves and throwing ‘dialogue’ parties for their friends with foundation money. They … love cameras.”

Assange cast himself in contrast to these people, as a man of courage. He invoked one of his personal heroes in that WikiLeaks mail-out: “This quote from Solzhenitsyn is increasingly germane: ‘A decline in courage may be the most striking feature that an outside observer notices in the west today. The western world has lost its civic courage … Such a decline in courage is particularly noticeable among the ruling and intellectual elites.’” Assange would often pronounce to those around him: “Courage is infectious.”

It was Kenya that gave WikiLeaks its first journalistic coup. A massive report about the alleged corruption of former president Daniel Arap Moi had been commissioned from the private inquiry firm Kroll. But his successor, President Mwai Kibaki, who commissioned the report, subsequently failed to release it, allegedly for political reasons. “This report was the holy grail of Kenyan journalism,” Assange later said. “I went there in 2007 and got hold of it.”

The actual circumstances of publication were more complex. The report was leaked to Mwalimu Mati, head of Mars Group Kenya, an anti-corruption group. “Someone dumped it in our laps,” he says. Mati, prompted by a contact in Germany, had previously registered as a volunteer with WikiLeaks. The fear of retribution made it too dangerous to post the report on the group’s own website: “So we thought: can we not put it on WikiLeaks?” The story appeared simultaneously on 31 August on the front page of the Guardian in London. The full text of the document was posted on WikiLeaks’ website headed, “The missing Kenyan billions”. A press release explained, “WikiLeaks has not yet publicly ‘launched’. We are open only to submissions from journalistic and dissident contacts. However, given the political situation in Kenya we feel we would be remiss to withhold this document any longer.” The site added: “Attribution should be to … ‘Julian A, WikiLeaks’ spokesman’.”

The result was indeed sensational. There was uproar, and Assange was later to claim that voting shifted 10% in the subsequent Kenyan elections. The following year, his site ran a highly praised report on Kenyan death squads, “The Cry of Blood – Extra-Judicial Killings and Disappearances”. It was based on evidence obtained by the Kenyan National Commission on Human Rights. Four people associated with investigating the killings were themselves subsequently murdered, including human rights activists Oscar Kingara and John Paul Oulu.

Assange was invited to London to receive an award from the human rights organisation Amnesty: it was a moment of journalistic respectability. Characteristically, he arrived in town three hours late after a convoluted series of flights from Nairobi which involved withholding his passport details from the authorities until the last minute. His acceptance speech was generous, if a little grandiose: “Through the courageous work of organisations such as the Oscar foundation, the KNHCR [Kenya National Commission on Human Rights], Mars Group Kenya and others we had the primary support we needed to expose these murders to the world. I know that they will not rest, and we will not rest, until justice is done.” Again, there was a symbiotic relationship with the MSM, the mainstream media: the Kenyan story only gained global traction when followed up by Jon Swain of the London Sunday Times.

A coda to the Kenya episode left a bad taste. In March 2009, journalist Michela Wrong published a book on corruption in the east African nation, called It’s Our Turn to Eat, which took her three years to write. Nairobi bookshops proved nervous about stocking it, but she was startled to find a pirated copy posted worldwide on WikiLeaks without consultation. “This was a violation of copyright, involving a commercial publication, a book not banned by any African government, not a secret document. It left me feeling pretty jaundiced.”

She wrote protesting: “I was delighted when WikiLeaks was launched, and benefited personally from its fearlessness in publishing leaked documents exposing venality in countries like Kenya. This strikes me as a totally different case.” In what she terms a “gratingly self-righteous” reply, WikiLeaks, who eventually agreed to take the book down, wrote: “We are not treating document as a leak; it has been treated as a censored work that must be injected into the Kenyan political sphere. We thought you … had leaked the PDF for promotional reasons. That said, the importance of the work in Kenya as an instrument of political struggle eclipses your individual involvement. It is your baby, and I’m sure it feels like that, but it is also its own adult – and Kenya’s son.”

*

Assange and his group were by now starting to see a flow of genuinely leaked documents, including some from UK military sources. Assange sought to market them. He wrote several times to the Guardian, calling himself the “editor” or the “investigative editor” of WikiLeaks, trying to get the paper’s editor, Alan Rusbridger, to take up his stories. He seemed unable to accept that sometimes his leaks might just not be that interesting – no, the lack of response was always due to a failure of nerve, or worse, on the part of the despised MSM.

In July 2008, for instance, he declared: “[Have] the Guardian and other UK press outlets lost their civic courage when dealing with the Official Secrets Act?” He was offering the media access to a leaked copy of the 2007 UK counter-insurgency manual, but no one had signed up to his proffered “embargo pool”: “I suggest the UK press has lost its way … Provided all are equally emasculated, all are equally profitable. It is time to break this cartel of timidity.”

Those who recalled his Melbourne dating-site entry would have been intrigued by his remark that running combative journalistic exposures as he did was also, in fact, an excellent way to get laid: “In Kenya, where we are used to newspaper raids and manageable arrests, we don’t care too much. These hamfisted attempts drive home the story that ignited them, sell newspapers, look good on the CV, and attract lovers like knighthoods.”

A further Assange experiment in media manipulation in 2008 saw him try to auction a cache of what were claimed to be thousands of emails from a speechwriter to Venezuelan leader Hugo Chávez. The winning bidder was to get exclusive access, for a time, to the documents. The auction was based on his theory that nobody took material seriously if it was provided free of charge. He pointed out: “People magazine notoriously paid over $10 [million] for Brad Pitt and Angelina Jolie’s baby photos.” Bafflingly, the minutiae of Venezuelan politics did not prove as saleable as celebrities’ baby pics: nobody bid.

Assange had by now discovered, to his chagrin, that simply posting long lists of raw and random documents on to a website failed to change the world. He brooded about the collapse of his original “crowd-sourcing” notion: “Our initial idea was, ‘Look at all those people editing Wikipedia. Look at all the junk that they’re working on … Surely all those people that are busy working on articles about history and mathematics and so on, and all those bloggers that are busy pontificating about … human rights disasters … surely those people will step forward, given fresh source material, and do something?’ No. It’s all bullshit. It’s all bullshit. In fact, people write about things, in general (if it’s not part of their career), because they want to display their values to their peers, who are already in the same group. Actually, they don’t give a fuck about the material.”

He carried on hunting vainly for a WikiLeaks model that could both bring in working revenue and gain global political attention. His published musings from that period are revealing: they show he saw the problem from the outside, but could not yet crack it:

“The big issue for WikiLeaks is first-rate source material going to waste, because we make supply unlimited, so news organisations, wrongly or rightly, refuse to ‘invest’ in analysis without additional incentives. The economics are counter-intuitive – temporarily restrict supply to increase uptake … a known paradox in economics. Given that WikiLeaks needs to restrict supply for a period to increase perceived value to the point that journalists will invest time to produce quality stories, the question arises as to which method should be employed to apportion material to those who are most likely to invest in it.”

There was only one, relatively limited, way in which the Assange model was beginning to gain the interest of the mainstream media: and that was by behaving not as the originally envisaged anonymous document dump, but as what he called “the publisher of last resort”. A fascinating clash between WikiLeaks and a Swiss bank demonstrated that at least one of the key claims for Assange’s new stateless cyberstructure was true – it could laugh at lawyers.

Rudolf Elmer ran the Cayman Islands branch of the Julius Baer bank for eight years. After moving to Mauritius, and vainly trying to interest authorities in what he said was outrageous tax-dodging by some of his former employer’s clients, he contacted Assange to post his documents: “We built up contact over encrypted software and I received instructions on how to proceed … I wasn’t looking for anonymity.”

The fuming Zurich bankers then went to court in California to force WikiLeaks to take down the files, claiming “unlawful dissemination of stolen bank records and personal account information of its customers”. The bank won a preliminary skirmish when California-based domain name hosters Dynadot were ordered to disable access to the name “wikileaks.org”. But Baer very quickly lost the entire war: WikiLeaks retained access to other sites hosted in Belgium and elsewhere; many “mirror sites” sprang up carrying the offending documents; and the court ruling was reversed as a stream of US organisations rallied behind WikiLeaks in the name of free speech. They included the American Civil Liberties Union and the Electronic Frontier Foundation, as well as a journalistic alliance which included the Associated Press, Gannett News Service, and the Los Angeles Times.

The Swiss bank and its corrupt customers merely managed to shine more light on themselves, while WikiLeaks demonstrated that it was genuinely injunction-proof. It was WikiLeaks one, Julius Baer nil. Assange picked up another award in London from the free speech group Index on Censorship. One of the judges, poet Lemn Sissay, blogged about a typical piece of showmanship: “We did not know whether Julian Assange … was to turn up to accept. Thankfully he came, a tall, studious man with shock-blonde hair and pale skin. Seconds before stepping on stage he whispered, ‘Someone may lunge at the stage to present me with a subpoena. I cannot allow them to do this, and shall leave if I see them.’”

The Guardian in London now saw the value in having its own sensitive documents posted on WikiLeaks. Lawyers for Barclays Bank had woken up a judge one morning at 2am to force the takedown of the Guardian’s leaked files detailing the bank’s tax-avoidance schemes. But the files were promptly posted in full by Assange, rendering the gag futile. (In an entertaining blend of old and new anti-censorship techniques, the Guardian and all other British media were also at first legally gagged from saying that the files were available on WikiLeaks. It took a Liberal Democrat member of the House of Lords, speaking under the ancient device of parliamentary privilege, to blow that nonsense away.)

Similarly, WikiLeaks functioned as an online back-up, along with Dutch Greenpeace and Norwegian state TV, in posting in full a damning report on toxic waste dumped by the oil traders Trafigura. Trafigura’s lawyers had gagged the Guardian in the UK from running the leaked report: their draconian moves were thus proved to be a waste of time in a digitally globalised world.

Yet Assange himself was still striving for a way to be more than a niche player. At the outset, in 2006, he had incurred the ire of John Young, of the parallel intelligence-material site Cryptome. Young deplored Assange’s approaches to billionaire George Soros, who funded a variety of mostly eastern European media projects, and he broke off relations angrily when Assange talked of raising $5 million. “Announcing a $5 million fund-raising goal by July [2007] will kill this effort,” he wrote. “It makes WikiLeaks appear to be a Wall Street scam. This amount could not be needed so soon except for suspect purposes. Soros will kick you out of the office with such over-reaching. Foundations are flooded with big talkers making big requests flaunting famous names and promising spectacular results.”

Now, two years on from that false start, Assange made another attempt to raise a substantial sum. He and his lieutenant, Domscheit-Berg, approached the Knight Foundation in the US, which was running “a media innovation contest that aims to advance the future of news by funding new ways to digitally inform communities”. Domscheit-Berg asked for $532,000 to equip a network of regional newspapers with what were, in effect, “WikiLeaks buttons”. The idea, developed and elaborated by Domscheit-Berg, was that local leakers could make contact through these news sites, and thus generate a regular flow of documents. A rival project, Documentcloud, designed to set up a public database of the full documents behind conventional news stories, was backed by staff at the New York Times and the nonprofit investigative journalism initiative ProPublica. They got $719,500. Assange got nothing. As 2009 ended, WikiLeaks was still struggling to make a name for itself.