Presentation slide proposing methods to discredit and destroy Wikileaks. Obtained from leaked HBGary emails. Source: ArsTechnica
Looks pretty bad, doesn’t it? Well, it’s worse. Not only did the security firm HBGary prepare a package of dirty tricks against Wikileaks, hoping to get paid by Bank of America’s law firm to put them into action, but they also constructed a similar package to use against labor unions, hoping to drum up business from the US Chamber of Commerce. As I write this, there is no confirmation that either B of A or the US C of C actually paid for these services to be rendered, but the authenticity of the leaked emails does not appear to be in doubt. The CEO of Palantir, whose company logo appears on the slide I linked, has apologized at least twice, severed all ties with HBGary, and placed on leave the engineer who developed this slide.
The best coverage I have seen of this sordid affair is at Ars Technica. Many commenters at Ars have stated that Nate Anderson should win a Pulitzer Prize for his coverage of the hack that led to the leaked emails, and the ongoing aftermath. That’s not hyperbole: this article by Anderson is the most riveting tech news story I have read in years, maybe ever.
A couple months ago, Richard Lipton proposed a method to stop Wikileaks. Essentially, the method boiled down to this: for every potentially compromising document generated, automatically generate a set of documents that look like it, but are different somehow — statements are contradicted but otherwise identical, numerical values are inflated or deflated, etc. Then, if the “real” documents are leaked, ensure all the shadow documents are leaked as well, so nobody knows what to believe. From the Palantir slide’s first bullet point, it appears that practice is keeping abreast of theory, or perhaps leaping ahead: “Create messages around actions to sabotage or discredit the opposing organization. Submit fake documents and then call out the error.”
More than 70,000 leaked emails from HBGary, HBGary Federal and rootkit.com are available for download and search on at least five mirror sites worldwide. They got there because Aaron Barr, CEO of HBGary Federal, went to the media with the (incorrect) claim that he had uncovered the identities of key members of the hacker group Anonymous. In response, Anonymous entered his computers, erased gigabytes of research data, downloaded and decrypted his hashed password database, remotely wiped his iPad, seized control of his LinkedIn profile and Twitter account — and, oh yes, posted 70,000+ emails that tell a story of three companies that specialized in dirty cybertricks, which is why the fallout from this story will be studied for months, or longer.
I took a graduate class in cryptography. I even did well. I had heard of salting passwords and dictionary attacks before this, but I didn’t really understand them. I had an intellectual grasp of them yes, but I’m talking now about the type of understanding that grabs your solar plexus, squeezes and won’t let go until you’ve really really got it. I believe this Ars Technica article by Peter Bright should be required reading in every cryptography class, and in every CS class when computer security is discussed. Normally I would also link to Wikipedia articles on “salting passwords,” for example, but not this time, I won’t. Bright does a superb job of making you feeeeeel how important it is to defend yourself against a dictionary attack, and I don’t want anything to get in the way of that. Bottom line: security professionals protected themselves like amateurs, and found their defenses easily compromised once their CEO went out of his way to provoke a hacker collective known for its willingness to attack.
It would not surprise me if Lipton’s idea gained traction, very soon. If nothing else, it would make searching through the email database far more difficult, because naive search algorithms would generate lots of false positives. It might be worth turning the question around, to ask something I don’t know how to answer: Is there an algorithmic method to separate real documents from shadow documents, assuming they are uploaded together in the same torrent?