Rixstep
	`About \| ACP \| Buy \| Industry Watch \| Learning Curve \| News \| Products \| Search \| Substack`

Home » Industry Watch » The Technological

WikiLeaks Frontline Takeaway 24 October 2011

Lots of stenographers, not so many journalists.

Get It

Try It

This afternoon's WikiLeaks press conference was instructive and educational for a number of reasons.

WikiLeaks had something to say. In two parts.
The first part was that they need help to crush the VISA attack.
The second part was that they'll have a new submissions system online in time for the one year anniversary of Cablegate.
There was something wrong with the backdrop on stage behind the speakers.

The first part was covered (perhaps remedied to an extent) by the introduction of new payment methods for donations. The second part was covered only briefly as the introduction of the new submissions system remains a month off.

But a number of words were dropped in the brief referral, words the assembled ~~stenographers~~ journalists seem to have completely missed. Amongst others one heard mention of 'man in the middle attacks' and governments owning certificate authorities. And finally that the new WikiLeaks submission system will not rely on the old paradigm of digital certification.

And all this seems to have blown completely over the heads of the assembled erudite 158.

Looking at the media reactions afterwards, one found a conspicuous absence of mention of any of the technological announcements - which have to be seen not only as extremely interesting but also of vital importance.

Yet Julian Assange let drop that he and his crew have seen the situation with 'HTTPS' deteriorating for years. And he mentioned sending out probes by the thousands onto the Internet to gauge the prevalence of 'men in the middle'. And he also emphasised the fact that today's 'secure connection' systems can no longer be trusted.

So where were the journalists? Sleeping? Copying ~~passwords~~ encryption keys into their memoirs?

Doing the Research

What one should do in a situation as the above is use the Internet - which has far more uses than 'pulling up maps'.

http://en.wikipedia.org/wiki/Man-in-the-middle_attack

In cryptography the man-in-the-middle attack (often abbreviated MITM), bucket-brigade attack, or sometimes Janus attack, is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.

Oh goodness. Eavesdropping on private conversations? Such as when we connect to our webmail accounts? Such as when we connect securely to make online payments with our credit cards? They can eavesdrop? Can that be possible?

That's the question. Perusing the net (and Wikipedia) one finds a plethora of information (and question marks). SSL based on PKI and certificate authorities - something else Julian Assange briefly mentioned - can be vulnerable - as he pointed out - by virtue of the fact that CAs of today are often governments themselves.

So what are we looking at here? We're looking at public and private key pairs (as all browsers are aware of) that are 'trusted' because there's a root authority somewhere that can vouch for them.

Mark Shuttleworth made his half billion building up such an authority - and then on the eve of the New Millennium, VeriSign bought him out as they were getting the heebie-jeebies about the Y2K rollover. And the business points were so important to VeriSign that they paid Shuttleworth a cool half billion. And then Shuttleworth went into outer space and founded Ubuntu.

So how can someone decrypt your traffic if you encrypt it with your own encryption key? They use their own. Who keeps track of what's going on? Who keeps track of who is who? Who makes sure the 'conversation' is really confidential and secure?

The certificate authority.

But what happens if the certificate authority is up to no good? What happens if an evil government pressures a certificate authority to 'turn over the goods'?

The man in the middle attack.

Real Journalism

But what did we see instead after the WikiLeaks press conference?

One reporter asked Julian 'is this an existential problem for WikiLeaks? Julian said yes it was. An incredible number of reporters filed stories where they made sure they used the word 'existential'.
Several 'journos' wrote that WikiLeaks would no longer as of today be publishing embassy cables.
A Swedish rag owned by the Schibsted empire wrote that the WikiLeaks submission system was offline because Daniel Domscheit-Berg, the key figure, had quit and taken it with him.
Not to forget the childishness of Addley and Ball.

About the only intelligent question came from Guy Rundle who not only formulated himself well but saw to it he had it all scribbled down in full beforehand. But Rundle is persona non grata in London where the publicist elite like to toss wine at him.

And yet no one has yet written about the implications of the new WikiLeaks submission system and what it all means for e-commerce, online banking, and confidentiality in general.

Right Side Up?

Finally the matter of the backdrop CNN and a number of sites said was 'upside down'.

Here's WikiLeaks founder Julian Assange sitting down and fielding questions from the 158 today at Frontline.

The backdrop is obviously not right. (And odds are Bernd Fix, Julian, and Kristinn noticed it.) So if it's 'upside down' then we should be able to rotate the photo 180° in either direction to set it right again. Right?

Nope.

The Final Takeaway

So what's the final takeaway from Frontline 24 October 2011?

It was a great press conference. Mostly thanks to those on stage, not those sitting in front of it.
Journalists don't do shit. They really don't care about detail or about hunting down the real story.
A lot of them behave as if they just graduated from David Leigh's CityU course 'Phone Hacking 101'.