Hackers Corner: Be Leaker In depth leaking by GlobaLeaks
Who are we?Nerds + Security Experts ?Human in the world ?Internet enthusiasts ?NO!We are all Random GlobaLeaks Contributors
What we want to do• Develop a platform for interaction between leakers, editors and node maintainers• Easy setup and maintenance – Allows a diversification of leak sites based on geography and areas of expertise• Build a knowledge base on setup, maintenance and promotion of the local leak sites for the node maintainer• Knowledge base for leaker support
What we will do here• Within HackersCorner we want to: – Provide in-depth analysis of the leaking phenomena – Analyze risks and duties of all subjects involved in various leaking approach – Describe post wikileaks era leak site models – Finally show how GlobaLeaks methodology works
Agenda• Practically how leaking works• Leaking as a political tool• The Leaker• The Leak Site• The Leak Site Reviewer• The Media Editors• Information Transparency, Resiliency, Anonymity• Existing leak sites and other leak initiatives• OpenLeaks (maybe?)• GlobaLeaks
How Leaking worksA conceptual introduction on leaking
How leaking worksSomeone (the leaker) has a secret data he would like to shareThe leaker analyzes the available methods and entry pointsThe leak site receives the dataThe data is evaluatedThe target is contacted by the leak siteThe target puts the data into context producing valuableinformationbreaking news!!
Leaking as a political toolTo enforce transparency in governments
Leaking as a political tool• Leaking is a good practice to enforce transparencyin governments• People with leaking capabilities are peoplewith democratic power• Leaking is a key system to spot corruptionand malpractice in governments• Leaking diffusion is required to force Governmentsto implement true transparency via Government 2.0
Government 2.0Obama’s Transparency and Open Government principles stated Government should be transparent Government should be participatory Government should be collaborativeFoundation goals from the Open Gov Directive … stated Publish Government Information Online Improve the Quality of Government Information Create and Institutionalize a Culture of Open Government Create an Enabling Policy Framework for Open GovernmentNow getting implemented in UK, Australia, Canada, USA, Indonesiaand within 2015 targets of European countries
OpenData Program• OpenData programs means “Opening Governments”• OpenData means providing raw access to Governments databasesand information• OpenData means creating value from Governments data• In a perfectly transparent society Leaks are not needed!
Leaking & Government 2.0• WikiLeaks Motto? We Open Governments… Same goals as Government 2.0!• The environment of Leaking is close to the environment ofGovernment 2.0 programs• When governments doesn’t implement transparency, the civictransparency movements will do trough leaking!• Gov 2.0: Is WikiLeaks Open Government?http://gov20.govfresh.com/is-wikileaks-open-government/
Leaker, who are you?who should be a leakerAnybody!… who:o Has access to some special undisclosed informationo Knows that he/she will make a differenceo Is someone who can trust an anonymous identity becausehopes to achieve results through leaking, a greater good :)o Someone who views secrecy not as an asset, but as auseless seclusion
Leaker, Risks?• Having access to some undisclosed (secret? unpublished?)information will be a matter of trust• A leaker has to break this trust, in fact.• The leaked data may be lost due to a bad policy (reselling ofused computers without cleaning, trashing of CD and papers).• If a leaker is a hacker he has the knowledge and skills toprotect himself and minimize risk.• If the data is not shared amongst many people, the risk ishigher (i.e. the leaker is the author)
Leaker, how to become a leaker ? 3/4• It’s not important to become a leaker but to remain a leaker ;)• Leaking services must allow a smart leaker to stay safe• The leaker must evaluate all the available leak sites andchoose the most trusted/professional• Security has to be a feature that is usable and easy tocomprehend
Leaker, who are you?A leakers drive may be: o personal strategy and motivation o political awareness o Information pollution (this is a threat) o market, political, social awareness o self suggestion and personal troubles (this may lead to a lot of unneeded overhead) o hate & anger (this will probably make him a sacrificial victim).Is he a techno martyr?High risk.
Leaker self protectionThe leaker must be protected in 3 phases:- The acquisition of the leak- The submission of the leak- Post leak submission
Leaker self protection:the leak acquisitionIf the data is accessible only by a limited amount of people therisk is higher.Internal security policies must be evaluated by the leaker.He must consider:• Technical tracking, logs of internal access• Personal tracking, when few people have an access to a datathen personal behavior will acquire relevance• Knowledge coherence (disk forensic, wiretapping)• The detail of information an investigator may be able toacquire
Leaker self protectionfrom the leak siteThe selection of an appropriate leak site is mandatoryCriteria for selection must be:- Level of trust the leak site has inside the network- How professional it is- What kind of technology it provides the leaker to protecthimselfIt is possible (and inevitable) that there will be rogue leak site,controlled for example by intelligence agencies.It must therefore be:- Trusted- Wiretap resistant
The Leak Site:Different kind of Leak SitesDifferent kind of Leak Sites• Editing & publishing leak site• Raw data publishing (mirroring) leak sites• Leak amplification leak sitesDifferent leak sites have different risk levels
The Leak SiteAvoiding takedownsA leak site may contain some data dangerous that is a threat ifdisclosed, one must suppose that a lot of resources arededicated to stopping the disclosure.If distributed in different nations different laws and stateinterrelationships can slow down seizing.Censor resistant methodology (Tor hidden service, darknets,redundancy)Avoid traceability?(trust/security tradeoff)
The Leak SiteHow to establish credibilityThe primary goal for a leak site is to obtain trustworthiness inorder to receive more interesting leaksTrustworthiness will be built based on:• Transparency• Reliability• Leak evaluation and context quality… and the leaks ImpactAny leak site will not be trusted until first leaks serious impact inlocal society
The Leak SiteKnowledge base and Safety TipsWill provide knowledge base and tips to educate leakersInformation specific to laws in the leak sites country, if any (willbe distributed amongst leak site, git)Knowledge useful for the leak node maintainer will also beprovidedA package of material for publicity campaigns is included
The Leak SiteUnderstand leak impact and plan properlyDifferent information has different impact potential.The leak impact in most cases will be restricted to a specificarea of interest and location.Global impact is very rare and often the effectiveness of globalimpact can be less than local impact. (i.e. policy changes). Act locally think globallyIt is important to identify the context in which the informationmust be distributed to achieve maximum impact andeffectiveness
The Leak SiteRogue leak sitesIn a decentralized and distributed network a big risk is that ofattackers impersonating legitimate nodesThis risk is inevitable and can only be mitigatedA network of trust is more difficult to infiltrateThe leaker must not disclose his identity to the leak site
The Leak Site ReviewersWho will be a reviewer?- A person who believes in the leaking process- someone with the ability to recognize fake data- someone known in a network of trust between the hacktivistmovement- more or less like a wikipedia contributor: a skilled anonymousfor the social progresssomeone pretending all the previous points, but doesnt knowthe truth about him :)
The Leak Site ReviewerHow a source review worksWho will be a source reviewerInternal rules of reviewingPossible checks that should be performed by the reviewersReviews possible Outputs
Review of the leakingObtain trustworthinessBe objective/super partesBe reserved and privateBe multiple: in a distribuited process the community is the asset
The Media EditorsA media editor is a trained professional (or motivated andskilled people) that will give context to the leak.They also serve as a second filter to avoid publication of fake oruseless documents.They are doing the real hard work (WL say 90% of leaks aregarbage).The output to media editors should be reduced by leakreviewers (ideally they should not have to deal with a lot of fakeor useless information)
The Media EditorsTo get the attention of trusted and skillful media editors, it isimportant for a leak site to have credibility.The context given by the media editor will then be submitted toappropriate media.They can also be inside media themselves.
InformationTransparency, Anonimity and resiliency
Information transparencyHow much you need to check trustThe data has to become information Interpretation and contextualization"When correction fail - The persistence of political misperceptions"
Information transparencyfrom the "raw data" to the information for the masses – it require contextual analysis (for people to understand the leak) – it require source verifications (for people to trust the leak)the data will be stripped of the metadatathe metadata will be used for evaluation of trust, and eventuallyreported
Information transparencyTransparency/leaker protection tradeoff- Metadata can be useful for two purposes - Verify the leaks authenticity - Identify the leaker- A process to clean the metadata without breaking the leak is important- Probably this is possible only with intervention from the leaker- It might be useful for the target to have feedback from the leaker to give it more context - This puts the leaker into great danger and it must be a contemplated choice
Information ResiliencyAvailable over the timeAvailable from all countriesMethodology used in the last years (mirrors, p2p, bittorrent, torfree hidden service hosting, etc)The leak must be spread with various methodsStreisand effect
Information ResiliencyIf the information is worth something, and it gains a lot ofattention, it will be mirrored. (see wikileaks mirrors)Once the information is out in "raw" form instructions on how tomirror it, should be given.Free file sharing systems (megaupload, rapidshare, dropbox,etc.) can be useful to encourage non-technical people tospread the data.
Information ResiliencyTor hidden services can be a great tool for hosting sensitiveinformation.- It must be easy to setup a tor hidden service even for a nontechnical person- Guides like the ones Anonymous give on how to spread thedata (step by step)
Information anonymityAnonymity as a featureSafe anonymity (community supported technology vs privateservices)Applicability to every layer of leaking flowTor Anonymous Hidden Servicestor2web
Existing leak sites and other leak initiatives Leak sites similar to WikiLeaks and supporting sites
Various leak sitesBalkanLeaks https://www.balkanleaks.eu/IndoLeaks http://www.indoleaks.org/ThaiLeaks http://thaileaks.info/WikiLeaks Croatia http://wikileaks.hr/Al Jazeera Leak Site http://www.ajtransparency.com/how-submitPronistica il Ricercatore http://pronosticailricercatore.blogspot.com
Al Jazeera has released a website acting like an"anonymous dropbox”: • They suggest to encrypt Leaks • They suggest to use TOR • The suggest to remove metadataHowever…“We recognize that - despite the best technology - our readers andviewers are taking a risk by submitting materials, particularly thoseliving in countries where such disclosures are not protected by law. Ourjournalists will ensure that the identities of our sources are protected,and that submissions are scrubbed of sensitive information - like the"metadata" that contains authoring information - before thosesubmissions are released to the public.”
Leak Support SitesCrowdLeaks: – Born from Anonymous Operation LeakSpin – Crowd editing and publishing web siteWL Central WikiLeaks News, Analysis, Opinionhttp://wlcentral.org/ Anonymous HBGary Leak Mirrors http://hbgary.anonleaks.ch/
GlobaLeaks: Disclaimer• We do not receive leaks and we do not publish leaks• We are developing a software and designing a leaking methodology• PLEASE DO NOT SEND US YOUR LEAKS!
leaker protection reduced risks and leak ﬁltering resources (ham/spam) leak management •The organization takes responsibilityWiki Leaks workﬂow leak validation the organization •Can be easily taken down by assumes authorities (or censored) responsibility of what is published •Does not scale up to a regional information and how it is level organized rationalization responsibility for the leak publishing publishing of the content requires costly IT leak resilience infrastructure and resources requires human media coordination resources
resources areGlobaLeaks leak acquisition provided by volunteers leak ﬁltering (ham/spam) •Democratic tool for democracy by sending leak ampliﬁcation the leak to •Secure bridge between leaker targets and target •Does not take responsibility •Scale up to regional leak level •Takedown resistant leak validation qualiﬁed and professional targets information will work together NGO to classify andcrowdsourcing rationalization organize leaks Journalists Activists Bloggers leak publishing will be handled by the interested media based on the leak importance/type the regional or interest interested target will speciﬁc coverage be contacted
GlobaLeaks: goals• Develop a platform for interaction between leakers, editors and node maintainers• Easy setup and maintenance – Allows a diversification of leak sites based on geography and areas of expertise• Knowledgebase on setup maintenance and promotion of the local leak site• Knowledgebase on leaker support
GlobaLeaks: information flow media leak Submission !"#$"% leak Pubblication !"#$ %& $ leak download !"#$% &()*()$+ leak node !"#$%& • the node leak notiﬁcation • the target is a maintainer journalist, NGO select a list of • A Leank is or Blogger targets created • he reviews the • Targets are leak content and notiﬁed via mail analyses it
GlobaLeaks: The Leaker• Leaker education• If the leaker is smart he will be given all the information and technologies to stay safe• Ideally a leaker will connect via a tor client – Or simply with tor2web
GlobaLeaks: The Leak Node• Easy Setup even for a non-technical crowd• No payment, or domain names• Running as Tor Hidden service• A web interface
GlobaLeaks: The Leak Node• Knowledgebase for the leaker• Leaks are tagged• Each leak node, contains a target list with associated tags• Based on the tags that are selected by leaker, the node will notify the required targets• The targets are notified with a leank
GlobaLeaks: Node maintainer• Customize leak site presentation (graphical appearance and some content)• Selects the target list based on the leak nodes interests and crowd• He can also be in the list of the targets• He will also carry on publicity campaigns to promote his leak site
GlobaLeaks: Leanks• Leak Link• The method through witch a target perceives a leak• A bit.ly style URL unique for each target• They are dispatched via email (in a future possibly with other methods) – Random delay between each dispatch• They expire after a fixed or customizable amount of clicks and amount of time – To avoid leak link sharing – Once expired a blank page is returned
GlobaLeaks: Leanks• A target can add a password to his leank page, but this is disabled by default• Two types of leak pages, one containing the actual material the other containing a status page• The status pages is: – used to monitor the impact of the leak – useful for a leaker, who can see how many people have downloaded the leank (the risk is higher)• The actual leak (can be multiple files) is distributed in a packaged format (.zip)
GlobaLeaks: Leanks• It also provides a channel through witch targets can communicate – Integrated comment functionality – A leaker can also visit the status page and ,knowing the risks he will face by doing so, talk with the target and give more details on the leak – Discussion channel for leak targets
GlobaLeaks: Organisation• Being part of the leak process will bring some sort of problems• By splitting responsibility we demotivate attackers to plan an attack strategy• There are no specific roles (we are all Random GlobaLeaks contributors) – Spokespeople are randomly rotated – Code produced is Free Software – All encryption and security technology are community produced and tested free software