Journalist’s book gave away secret passcode, court hears

Unredacted US government cables were released online after a Guardian journalist, David Leigh, published a book which contained the key to decrypt them, a court has heard.

The claim came from a computer scientist, Professor Christian Grofthoff, who was giving evidence for the defence on the 9th day of evidence at the Julian Assange extradition hearing.

In sworn testimony, Grothoff related that in 2010 and 2011 the main Wikileaks website was coming under sustained “denial of service attacks,” which involved remote computers in their thousands logging on to the site so as to overload its servers. In response, many people made copies of the site, “mirrors,” a few of which contained the cables, but added, “they were strongly encrypted.” These, he said, “were useless without the key,” which was a long string of letters and numbers.

The witness then told the that in early 2011, Leigh released a book, “WikiLeaks: Inside Julian Assange’s War on Secrecy” telling his story of working with Assange. One of the chapter headings, Grothhoff said, was simply the encryption key, which he had been given when he was working as a media partner of Wikileaks.

In August 2011, a German newspaper Der Freitag published a story saying that there was a password going around the internet that could access the data. “People could now put two and two together, go over the WikiLeaks archive and decrypt the file,” he said. Asked if WikiLeaks could have taken any action to prevent this, he replied “no.”

The full archive was then published on various internet sites, including a searchable version on well known US-based website Cryptome, where he said it could still be found. Asked if the US government had prosecuted Cryptome over this, Grothoff replied to the best of his knowledge they had not.

Cross-examining the witness on behalf of the US government, barrister Joel Smith suggested to Grothoff that Wikileaks themselves had given access to the data to over 50 organisations, including media organisations and non-governmental groups asking, if Wikileaks gave the password to too many people. Grothoff replied, “Well if you put it in a book, like David Leigh did, you give it to a lot of people.”

The prosecutor then put it to the witness that it was WikiLeaks itself who had encouraged people to build “mirror sites,” so they could not be totally knocked offline by a cyber attack. The witness said this was a usual strategy for organisations under a denial of service attack.

Grothoff continued that often the best way to hide mirror websites which contained the files, was to build thousands of mirrors which did not contain it, making it almost impossible for someone searching for them to locate ones holding the data, “building a haystack,” as he called it.

The prosecutor asked about an earlier release of some of the cables. The witness told the court that he had checked these saying that they were marked “unclassified.” Smith asked, “Were they marked secret?” Grothoff replied, “unclassified documents are not usually secret.”

Under re-examination by defence counsel Mark Summers QC, Professor Grothoff told the court that according to Leigh’s own book, he had pressured Assange to give him the passcode to the decrypted files telling him, “You could be in an orange jumpsuit heading to Guantanamo Bay before you release them.” Grothoff also testified that he had carried out an exhaustive search and had been unable to locate a single example of the code being released online before the Guardian journalist published it in his book.

The trial continues.

Follow us on Twitter for live updates on the proceedings: @bridges4media