Claim: WikiLeaks Published Documents Siphoned Over File Sharing Software

Music and movie pirates may not be the only ones trolling peer-to-peer networks for booty. The secret-spilling site WikiLeaks may also have used file sharing networks to obtain some of the documents it has published, according to a computer-security firm.

The allegations come from Tiversa, a Pennsylvania peer-to-peer investigations firm, that claims it passed information of WikiLeaks’ file sharing activity to U.S. government officials, according to Bloomberg.

Tiversa asserts that on Feb. 7, 2009 it monitored four computers based in Sweden, where WikiLeaks’ primary servers were based, as they conducted 413 searches on peer-to-peer networks seeking Microsoft Excel files and other data-heavy documents, some of which were subsequently published online by WikiLeaks.

If the allegations are true, it would not be the first time that WikiLeaks published documents that were obtained through hacking or online surveillance rather than from a whistleblower or other insiders.

The site published data in 2008 that a hacker obtained from the private e-mail account of then vice-presidential candidate Sarah Palin. And, according to a New Yorker story published last year, the site also possesses a cache of more than a million documents that were grabbed by a WikiLeaks activist in 2006 after they traveled through the Tor anonymizing network. At least one of these documents was published on the WikiLeaks site, according to the magazine.

Those siphoned documents, supposedly stolen by Chinese hackers or spies who were using the Tor network to transmit data taken from victim computers, were the basis for WikiLeaks founder Julian Assange’s assertion in 2006 that his organization had already “received over one million documents from 13 countries” before his site was launched that year, according to The New Yorker. WikiLeaks disputed The New Yorker’s article after it was published, but the magazine, known for rigorous fact-checking, has never issued a correction to its story.

Regarding Tiversa’s claims that WikiLeaks obtained documents from file sharing networks, the company says that one of the files was a PDF siphoned from a computer in Hawaii, which revealed sensitive security information about the Pentagon’s Pacific Missile Range Facility. Tiversa says the document was renamed before it was published on WikiLeaks two months later.

Although the original WikiLeaks site is not currently online, a mirror of the site indicates that the document “was first publicly revealed by WikiLeaks working with our source.”

Mark Stephens, the attorney defending WikiLeaks’ Assange in an extradition case involving sex-crime allegations, did not immediately respond to an inquiry from Threat Level. But he told Bloomberg that Tiversa’s assertion was “completely false in every regard.”

Tiversa CEO Robert Boback told Bloomberg that his company discovered an ongoing pattern of documents being siphoned from file sharing networks to the WikiLeaks site. In some cases the documents had been on the file sharing network two months before they were published. In other cases they were exposed on the networks for many months before finding their way to the WikiLeaks site.

Boback estimated that “as much as half” of the documents posted by WikiLeaks might have come from file sharing networks instead of from whistleblowers. “There are not that many whistleblowers in the world to get you millions of documents,” Boback told Bloomberg. “However, if you are getting them yourselves, that information is out there and available.”

WikiLeaks, however, had released about 20,000 documents prior to the large-scale U.S. government leaks that began last year — not millions. And the U.S. leaks — including logs containing about 500,000 U.S. military files on the wars in Afghanistan and Iraq, and 250,000 U.S. State Department cables that WikiLeaks provided to media partners — originated with the government’s Secret-level SIPRnet network, not a peer-to-peer service. The peer-to-peer scenario would therefore account for a minority of WikiLeaks releases, and likely include none of its high-profile publications.

Boback did not indicate how he determined that WikiLeaks was responsible for grabbing the documents, as opposed to simply publishing documents that an anonymous source grabbed from the file sharing networks and then passed to WikiLeaks without indicating their origin. He did not respond to an inquiry from Threat Level.

U.S. prosecutors are currently conducting an investigation into criminal charges against Assange for possibly conspiring with Pfc. Bradley Manning, who is accused of siphoning thousands of classified documents from Army networks that were then published by WikiLeaks. If prosecutors could show that Assange or other WikiLeaks staffers also trolled file sharing networks to obtain documents, they could attempt to bring separate criminal charges against the group under the federal anti-hacking statute.

Peer-to-peer networks require users to install client software on their system that lets the users share music files and other documents with fellow users on the network. Users, however, can unintentionally expose their private files to others on the network if they configure the software insecurely or inadvertently place sensitive files in their shared folder. Hackers have also been known to surreptitiously load peer-to-peer software on a victim’s computer in order to move sensitive files to the shared folder for others to grab.

For security reasons, many companies and government agencies configure computers so employees can’t install peer-to-peer software on them. But sensitive files can still find their way to a peer-to-peer network if employees transfer them from a work computer to a personal computer that has file sharing software installed.

Tiversa made headlines in 2009 after it found a file containing blueprints and avionics for the presidential helicopter Marine One being traded on the Gnutella file sharing network. The documents landed on the network from a defense contractor’s computer that had Gnutella software installed on it, and were then downloaded from Gnutella to a computer in Iran.

In 2007, a Tiversa advisor testified to the House Oversight Committee about inadvertent leaks over peer-to-peer networks and claimed the company found more than 200 classified documents in just a few hours of searching the networks. These allegedly included a document from a contractor working in Iraq that detailed the radio frequency the military was using to defeat improvised explosive devices.

Another search uncovered sensitive but not classified information, such as a detailed diagram of the Pentagon’s secret backbone network with server and IP addresses, “password transcripts for Pentagon’s secret network servers,” contact information for Department of Defense employees, and certificates that allow someone to gain access to a contractor’s network.

According to testimony, the Defense Department traced the latter leak to someone with a top-secret security clearance who worked for a Pentagon contractor. The worker had P2P software on her home computer, on which she had apparently also loaded the sensitive work files.

Photo: Julian Assange (center) speaks to the media, flanked by his lawyers Mark Stephens and Jennifer Robinson after making a appearance at magistrates’ court in London on Jan. 11.
Matt Dunham/AP

See also