The relations between Wikileaks and The Guardian and the New York Times have gone very sour the last time and when the community working for free saw how the papers and the journalists were earning big checks with their story, work and filmscripts they were even more angry.
so they decided not to give the full access to the diplomatic cables to the New York TImes and wanted to work with the Washington Post amongst other papers. But The Guardian already had the full archive to work on and decided to forward it to the New York Times without the consent of Wikileaks (bit hard to have a copyright on that)
and as relations soured even more after the publication of a book about Wikileaks by a Journalist of the Guardian who not only takes a kiss-and-tell tone (always very suspicious about that kind of personalised storytelling books) but also leaked
* the full passwords to the full archive of the cablegate (they thought it was just temporary, but didn't mind to check before publishing - so the high morals are used to protect sources of diplomats but not for passwords that give access to all unredacted wikileaks diplomatic cables ?)
* the method of constructing the passwords inside wikileaks which is even more dangerous because now you know exactly how you have to make your lists of possible passwords if you are trying to attack (bruteforce) the passwords to the kingdom (of unredacted and unpublished lists and their sources and participants and financiers)
they will have to add another layer and change totally the way in which passwords are constructed and salted (additional words and symbols that are automatically generated and added afterwards)
update another version says that the full unredacted archive of the 250.000 cables was placed on an obscure website with a website. It is that archive that has been connected to the passwords and that has been sent to download for safekeeping during the attack
but as if that was not enough
during the attack against wikileaks by an Anonymous operator wanting to test his #refref tool against a bulletproof hosted site (probably never thinking that it would work as they always said that their hosting was attackresistant) the community workers for wikileaks panicked and thought that was the real one (the big attack everyone was waiting for and that would destroy the site forever) and leaked the whole archive on the web asking the hundreds of other mirrorsite to keep a copy for safekeeping
only there is no redaction and the password and passphrase were discovered quickly enough with the help of a paper in Germany that is connected to the anti-wikileaks project Openleaks operated by disgruntled ex-wikileaks administrator Domscheidt which said they have found the file and the passwords
Links to the files (which could be trusted to be integral and safe)
1 September 2011: The URL below for "z.gpg" is working again. Working torrents from the Wikileaks Archive downloaded 12/11/2010:
http://cryptome.org/xyz/x.gpg.torrent(Returns xyz_x.gpg, 409MB. No passphrase yet)
http://cryptome.org/xyz/y.gpg.torrent (Returns xyz_y.gpg, 88MB. No passphrase yet)
http://cryptome.org/xyz/y-docs.gpg.torrent (Returns xyz_y-docs.gpg, 8MB. No passphrase yet)
http://cryptome.org/xyz/z.gpg.torrent (Returns xyz_z.gpg, 368MB. Passphrase below)
"xyz_z.gpg" and "z.gpg" appear to be identical and both decrypt to "z.7z." The decrypted file is "z.7z," 368MB, which unzips to "cables.csv," about 1.7GB in size, dated 4/12/2010.
31 August 2011: Cryptome has decrypted the "z.gpg" file from the Wikileaks Archive using the passphrase obtained from several sources:
The decrypted "z.7z" file will be mailed on a DVD by request to cryptome[at]earthlink.net with the subject: z7z. For the DVD provide a postal address.
footnote : luckily the riskadvisors of the state department always said that all the information would become public in unredacted form and took all measures necessary accordingly to protect their informers (although not publishing would always be better)
so who is to blame
* a journalist for publishing passwords and its composition
* an Anonymous operator for attacking Wikileaks as a test without forewarning
* a Wikileaks operator for panicking and not thinking straight and releasing this information in the wild
* wikileaks security people for not seeing the #refref attacj
* domscheidt for publishing the link between the backup file and the known passwords and passphrases
* the rest of the internet downloading it (be quick because I am not 100% sure cryptome will be able to hold up)
and foremost the absolute zero-security price goes to
* the person who has placed and left that so important file on an obscure fileserver somewhere and forgetting all about it (and the change of passwords, links and in fact protecting it better behind better infrastructure)
oh also seen
next week the full archive may be officially released - september is going to be all about Anonymous and #antisec and wikileaks (who cares about politics in Belgium anyway:))
the file was according to the New York Times already online since december 2010 because some wikileaks community worker leaked it by mistake (the file without redaction that is)
this is the official message from wikileaks and the link to the torrent file (that was encrypted at the time of writing)
WikiLeaks is currently under heavy attack.
In order to fully protect the CableGate archives, we ask you to mirror it again. For now the best way to do so is to grab a copy of our website (generated at least once daily) and unpack it to your web-server.
You can find the most recent version here