The leak movement: This Machine Kills Secrets

This Machine Kills Secrets - book on Wikileaks, cryptography, security

Note: this is a lengthy post so you may want to get yourself comfortable!

There is more to leaking than Wikileaks, and a more interesting tale to be told than theirs. In This Machine Kills Secrets, Andy Greenberg looks at that story – and it’s an important read for any journalist interested in working with sources in the 21st century.

The book combines a history of the leaks movement – from cryptography geeks and early document sites like Cryptome – to an overview of the proliferation of new, Wikileaks-inspired sites from Al Jazeera’s leaks site to Unileaks – many of which lack basic security.

Along the way there are insights into every aspect of leaking: the technology, organisational and human factors, the politics and the culture. It’s a timely book as the world embarks on a debate about privacy, security, and transparency sparked by Edward Snowden’s own latest ‘megaleak’.

On transparency, for example, Greenberg notes that the number of US government documents with ‘classified’ status has risen from 8.6 million in 2001 to 76.7 million documents in 2010. And yet the potential for leaks is greater than ever.

Four million Americans have some form of clearance to read classified information, with over a quarter of those having top secret clearance. Military-grade security tools including PGP encryption and anonymous browsing are available to anyone with internet access – and the literacy to use it is growing, with encryption meetups sharing best practice.

What Greenberg demonstrates throughout the book is that leaks are not just about the tools, but about people: and it is the personalities and settings which make this story both eminently readable and a great introduction to the tools being used by them, the dangers and the lessons learned.

Ellsberg vs Manning

The story of Pentagon Papers leaker Daniel Ellsberg sets the frame nicely: this is a man who had to spend the equivalent of $20,000 in today’s money on photocopying the documents he wished to leak.

“It was tedious work,” notes Greenberg:

“At first Ellsberg tried to copy two pages at a time from one of the forty-seven bound volumes. But he found that the words near the spine were faded and distorted. So he resorted to disassembling the binder and photocopying the pages one by one. “I tried to program my motions,” he wrote in his memoir, Secrets: One hand picked up a page, the other fit it on the glass, top down, push the button, wait … lift, move the original to the right while picking another page from the pile. … This is all very familiar now, but it was a new technology then”

Even with the help of family and friends, it took over a year to finish.

In comparison. the cheap rewritable CD used by Bradley Manning to copy data on Afghanistan, Iraq and other leaks could have “stored the Pentagon Papers about fifty times over … in a minute or two”. (A Manning-size leak, says Greenberg, would have taken Ellsberg eighteen years.)

As the story moves from Ellsberg and the New York Times to Manning and Wikileaks, there is a sense of history accelerating. Greenberg talks to Adrian Lamo, the hacker who outed Manning and who had himself once been turned over to the FBI by the New York Times after he demonstrated vulnerabilities in the newspaper’s systems. Cryptome founder John Young is interviewed – “a kind of paranoid twenty-first-century newspaperman, a collector of leaks, curios, raw data, and clues to mysteries”:

“Since launching the site fifteen years ago, Young has published the names of 2,619 CIA sources, 276 British intelligence agents, 600 Japanese intelligence agents, and internal documents from every company from Microsoft to Cisco to AT&T revealing their policies for secretly handing users’ data over to law enforcement. Many were leaked to Young by unknown sources. And despite threats, legal attacks, and even maneuvers by Microsoft to remove his site from the Internet in 2010 after he published what he calls the company’s “spying guide,” Young has never—with a few exceptions to protect private individuals—taken down a document.”

And he talks to Tor’s Jacob Appelbaum, whose experience at Greenpeace was instructive in his own development:

“The Rainbow Warrior [was] sabotaged and sunk by French intelligence agents in 1985, drowning one of the group’s photographers. “Greenpeace’s security issues are real,” says Appelbaum. “When things go badly, people die.”

(For two hours of Applebaum talking about security and privacy, see the embedded video below:)

Encryption is not anonymity

Parts of the book should be recommended reading for journalists and journalism students. The story of cryptography pioneer David Chaum, for example, highlights the difference between encryption (masking the contents of a message) and anonymity (masking the identity of the participants).

Other stories highlight just how complicated that is: WikiLeaks, it is noted, added a script to the site that looked like submissions to WikiLeaks’ secure server:

“To anyone snooping on WikiLeaks’ visitors, it would be impossible to distinguish between those who had come to the site to read its publications or make a donation and those who intended to drop secrets.”

Indeed Wikileaks itself exploited lax security on the part of Chinese “cyberspies” as they were leaving the Tor network to gather their first trove of “1.2 million documents from dissident communities and anonymous sources”

(Some of the biggest users of Tor include governments and corporations wanting to cover their tracks, while the technology can be used to hide the physical location of websites as well as its visitors by implementing the Hidden Service feature.)

Other stories highlight that while Tor hides a user’s IP address, if the user is using a satellite modem communication protocols reveal its location to the satellite provider. “Even if you use Tor, someone can still find all the users in a given country.”

Greenwald knows not to fetishize security technologies: sources frequently point out that no system is completely secure (the advice is that you should “still use [Tor] along with other, commercial proxy services to create extra layers of defence”), while humans will always be vulnerable to Rubber Hose Cryptanalysis (having a password beaten out of you), handing over contacts to reduce sentences, and social engineering.

Many services are also vulnerable to legal attack – Google and Facebook comply with thousands of requests to hand over data every year, and anonymity services like HideMyAss have done so too – and Greenberg devotes significant parts of the book to the fight taking place to establish ‘safe havens’ for whistleblowing journalism, most notably in Iceland.

Organisational weaknesses

The weaknesses of organisations are also explored – Julan Assange’s motives for Wikileaks, for example, did not just focus on the leaks themselves, but on the response to them:

“They induced the regime to stop communicating internally, a kind of calcification of its circulatory system more deadly than any outside enemy. “Hence in a world where leaking is easy, secretive or unjust systems are nonlinearly hit relative to open, just systems,” Assange wrote.”

And leaking organisations should expect attacks too. Wikileaks was famously starved of support when payment processing companies, web hosts and other services came under pressure from the US government. But one leaked document also outlined:

“[A prospective] disinformation campaign against WikiLeaks to sow internal dissension, fake submissions to discredit it, and social media analysis to identify the key players in the group. “Need to attack the organization, its infrastructure, and its people,””


Looming over parts of the book are the traces that we leave through our phones, payment and online activities. Chaum warns of “new and serious dangers” from computerized pattern recognition techniques:

“Even a small group using these and tapping into data gathered in everyday consumer transactions could secretly conduct mass surveillance, inferring individuals’ lifestyles, activities, and associations … The automation of payment and other consumer transactions is expanding these dangers to an unprecedented extent.” Big Brother was no longer a character in 1984. Data tracking and surveillance was an immense societal problem looming just over the newly formed Internet’s horizon.”

And elsewhere the book outlines the measures being taken to anticipate, prevent and detect leakers after the fact, including network forensics – “constantly collecting every fingerprint on a company’s servers to trace an intruder or leaker after the fact” – and designing patterns of behaviour that might identify someone preparing to leak documents:

“First comes reconnaissance, exploring file directories or scanning networks to map their architecture. Then comes analyses of files, searching their contents or reading their metadata, the hidden information that describes the files for the operating system and other applications. Then the leaker would need to gather the files together and prepare them for exfiltration, burning them to a CD, printing them, or encrypting them for transmission. And finally comes the leak itself, the moment when the insider walks out of the building with the physical material in hand, pushes it out by e-mail, or spills it onto the Web. Even after the initial leak, Mudge argues, the “tells” might continue.”

One proposal for a leak prevention system even describes “more erratic mouse movements and keystrokes as well as physical observations such as surveying surroundings, shifting more frequently, etc.”

Conversely, crackdowns on encrypted communications can leave their own traces which can be exploited by hackers. When Qaddafi shut down most of the Internet, only its military and government connections were left online. A tool called BlockFinder was used by Jacob Applebaum to list “which branches of the country’s networks remained online”. He passed on their IP addresses to any and all hacker allies. “Systems that are online in Libya are probably worth scanning; those are the systems required or used by the current government oppressors,” he wrote at the time.

The new generation of leaking sites

After Wikileaks’ breakthrough stories, the leaking scene became so crowded, notes Greenberg, that two – and – threatened legal action against each other over the rights to the name. His list of others includes

BaltiLeaks, BritiLeaks, BrusselsLeaks, Corporate Leaks, CrowdLeaks, EnviroLeaks, FrenchLeaks, GlobaLeaks, Indoleaks, IrishLeaks, IsraeliLeaks, Jumbo Leaks, KHLeaks, LeakyMails, Localeaks, MapleLeaks, MurdochLeaks, Office Leaks, Porn WikiLeaks, PinoyLeaks, PirateLeaks, QuebecLeaks, RuLeaks, ScienceLeaks, Trade-Leaks, UniLeaks.

But many – including those launched by media organisations – made no mention of Tor and “used only SSL encryption or PGP, which fail to hide the identity of the user visiting the site”. (The challenge for media organisations – whose websites host advertising that gathers user data – is particularly complex.)

There were some exceptions: GlobaLeaks, for example, is notable in aiming not to create a single site, but rather a “distributed leak amplification network” – a BitTorrent of leaking.

Meanwhile, Wikileaks itself has imploded, accidentally publishing unredacted cables that could be accessed by using an old password of Assange’s which had been published in a Guardian book. Chinese dissidents were outed and targeted in manhunts. Nine Iraqi Jews in Baghdad were advised to leave the country; two Zimbabwean generals now faced a possible court-martial on charges of treason; and an Ethiopian journalist was interrogated and fled the country.

“It hadn’t vowed to protect the people mentioned in its leak, but rather the identity of the leaker himself, a promise the group has never violated.”

The trove of unpublished leaks Wikileaks once held is likely gone forever. Two members of the team who took data with them when they left the group have now erased their own encryption keys, unwilling to trust the information to anyone.

The sousveillance ‘leaks’ movement

Towards the end of the book Greenberg touches on a different type of leaks movement: smartphone apps like OpenWatch and Cop Recorder which allow users to invisibly record audio and video.

“Content is uploaded to Jones’s servers, where Jones and his collaborators strip out any identifying information and post the file with a transcript. More than a hundred thousand users have already downloaded.”

Videos have already led to one police officer being fined six thousand dollars. As the debate over surveillance continues, ‘sousveillance’ – surveillance from below – could well be the next practice to face a clampdown from authorities. Meanwhile, I look forward to a second edition of This Machine Kills Secrets which tells the stories of Offshore Leaks, Edward Snowden, and the increasingly globalised nature of modern journalism.