WikiLeaks Said to Draw More from P2P Than Leaks
Not all of the sensitive documents published by WikiLeaks over the past few years have come from anonymous whistleblowers, as the site has claimed, contends security firm Tiversa.
Rather, Tiversa claims that evidence suggests that at least some of the documents were obtained by WikiLeaks via its own searches on peer-to-peer networks.
Tiversa's claims were dismissed outright by Mark Stephens, WikiLeaks' attorney, who told Bloomberg News that they are "completely false in every regard."
Tiversa, whose clients include the FBI, helps organizations monitor P2P networks for leaked data.
Over the past few years, the company has served up several sensational examples of highly sensitive information accidentally posted on file-sharing networks.
In 2009, for example, Tiversa disclosed to Congress that it had found U.S. Secret Service details on a safe house for the U.S. First Family, along with presidential motorcade routes, on a LimeWire file-sharing network. Earlier that same year, Tiversa disclosed that it had found classified data about the President's Marine One helicopter floating on a P2P network.
Scott Harrer, brand director at Tiversa, said the security company has unearthed numerous sensitive documents on P2P networks that were later posted on WikiLeaks. The whistleblower Web site said all the documents had been anonymously leaked to it.
Bloomberg published some examples of Tiversa's latest claims.
For instance, WikiLeaks in 2009 published a document that exposed sensitive information about infrastructure upgrades at the Pentagon's Pacific Missile Range Facility in Hawaii. WikiLeaks claimed to have obtained the document from a source, though it had been available on a P2P network at least two months earlier, according to the Bloomberg report.
Bloomberg also cited WikiLeaks' posting posting of what it called a leaked spreadsheet containing detailed information on potential terrorist targets in Fresno County, Calif. The report said the the data was in fact inadvertently posted on a file-sharing network by a California state employee in August 2008.
In an interview, Harrer provided two more examples to Computerworld.
He said that WikiLeaks' release of Microsoft's Computer Online Forensics Evidence Extractor (COFEE) tool and related documentation in Nov. 2009 came several weeks after the information first become available on P2P networks.
WikiLeak's announcement of the Microsoft document suggests that it was obtained from a source, though it also appears to reference its previous availability on P2P networks.
Harrer added that Tiversa has in the past observed several highly targeted searches by computers with IP addresses based in Sweden for specific data on P2P networks. In almost all cases, the computers were searching for documents that were later published by WikiLeaks, Harrer added.
"It is very obvious to us that a lot of [what WikiLeaks posts] have been on P2P," he said. "We have kind of known about it since they came out in 2006."
The issue of inadvertent data leaks on P2P networks is an old one, though its threat to companies and governments remains as potent a threat as ever.
Such leaks typically occur when P2P client tools are improperly installed on computers containing sensitive data. Such improper installation has caused accidental data leaks at numerous organizations in recent years. The leaks have prompted Congress to consider laws banning the use of P2P software on government systems.
According to Tiversa and other security companies, P2P networks have become a treasure trove of information for data thieves and data harvesters. In most cases, all it takes to harvest the information is entering a few search terms. Often, such scavenging for information is not illegal because the data is already publicly available to anyone on the networks, Harrer said.
The key issue is not how WikiLeaks may have sourced its information but rather what it can do with it, said Eric Johnson, a professor of operations management at Dartmouth College's Tuck School of Business.
"I can totally believe that P2P stuff ends up on WikiLeaks," said Johnson who has testified on the issue before Congress. However, he added that the most important "thing is that Wikileaks is offers a whole new channel for these kinds of leaks."
"For the CIO of a Fortune 500 company, it doesn't matter how WikiLeaks gets the information," Johnson said. What really matters is that "WikiLeaks can amplify that information a thousand times."
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan , or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org .
Read more about security in Computerworld's Security Topic Center.