Last year, Wikileaks made tens of thousands of confidential international diplomatic cables public, but they’ve since been sitting on a cache of plenty more, that would possibly eventually be released piecemeal or held as insurance. But about a quarter million secret diplomatic cables hit the internet a couple days ago, apparently leaked out of Wikileaks.
Unlike the cables that WikiLeaks has been publishing piecemeal since last fall, these cables are raw and unredacted, and contain the names of informants and suspected intelligence agents that were blacked out of the official releases. Der Freitag said the documents include the names of suspected agents in Israel, Jordan, Iran and Afghanistan, and noted that interested parties—such as the Iranian government or intelligence agencies—could have already discovered and decrypted the file to uncover the names of informants.
“The story is that a series of lapses as far as I can see on behalf of WikiLeaks and its affiliates has led to the possibility a file becoming generally available which it never should have been available,” confirmed former WikiLeaks staffer Herbert Snorrason, of Iceland, who left the organization as part of a staff revolt last year, and is now part of the competing site OpenLeaks.
Information about the exposed file and password was also confirmed by the German newsweekly Der Spiegel. According to that publication, the cables were contained in an encrypted file that WikiLeaks founder Julian Assange had stored on a subdirectory of the organization’s server last year, which wasn’t searchable from the Internet by anyone who didn’t already know its location.
Assange had reportedly given the password for the file to an “external contact” to access the file’s contents. With both the file and the password now online, the leak is complete.
“The issue is double: on one hand there is the availability of the encrypted file, and on the other the release of the password to the encrypted file,” Snorrason told Threat Level on Monday. “And those two publications happened separately.”
The password leak was done “completely inadvertently,” Snorrason added. He declined to identify the leaker, or the circumstances of the leak, but said it was someone who was neither with WikiLeaks nor OpenLeaks.