Hacker's Corner: Be Leaker In depth leaking GlobaLeaks explained

1. Hacker's Corner: Be Leaker
In depth leaking by GlobaLeaks

2. Who are we?
Nerds + Security Experts ?
Human in the world ?
Internet enthusiasts ?
NO!
We are all Random GlobaLeaks Contributors

3. What we want to do
• Develop a platform for interaction between leakers, editors
and node maintainers
• Easy setup and maintenance
– Allows a diversification of leak sites based on geography and areas
of expertise
• Build a knowledge base on setup, maintenance and
promotion of the local leak sites for the node maintainer
• Knowledge base for leaker support

4. What we will do here
• Within HackersCorner we want to:
– Provide in-depth analysis of the leaking phenomena
– Analyze risks and duties of all subjects involved in various leaking approach
– Describe post wikileaks era leak site models
– Finally show how GlobaLeaks methodology works

5. Agenda
• Practically how leaking works
• Leaking as a political tool
• The Leaker
• The Leak Site
• The Leak Site Reviewer
• The Media Editors
• Information Transparency, Resiliency, Anonymity
• Existing leak sites and other leak initiatives
• OpenLeaks (maybe?)‫‏‬
• GlobaLeaks

6. How Leaking works
A conceptual introduction on leaking

7. How leaking works
Someone (the leaker) has a secret data he would like to share
The leaker analyzes the available methods and entry points
The leak site receives the data
The data is evaluated
The target is contacted by the leak site
The target puts the data into context producing valuable
information
breaking news!!

8. Leaking as a political tool
To enforce transparency in governments

9. Leaking as a political tool
• Leaking is a good practice to enforce transparency
in governments
• People with leaking capabilities are people
with democratic power
• Leaking is a key system to spot corruption
and malpractice in governments
• Leaking diffusion is required to force Governments
to implement true transparency via Government 2.0

10. Government 2.0
Obama’s Transparency and Open Government principles stated
Government should be transparent
Government should be participatory
Government should be collaborative
Foundation goals from the Open Gov Directive … stated
Publish Government Information Online
Improve the Quality of Government Information
Create and Institutionalize a Culture of Open Government
Create an Enabling Policy Framework for Open Government
Now getting implemented in UK, Australia, Canada, USA, Indonesia
and within 2015 targets of European countries

11. Government 2.0

12. Government 2.0

13. OpenData Program
• OpenData programs means “Opening Governments”
• OpenData means providing raw access to Governments databases
and information
• OpenData means creating value from Governments data
• In a perfectly transparent society Leaks are not needed!

14. Leaking & Government 2.0
• WikiLeaks Motto?
We Open Governments…
Same goals as Government 2.0!
• The environment of Leaking is close to the environment of
Government 2.0 programs
• When governments doesn’t implement transparency, the civic
transparency movements will do trough leaking!
• Gov 2.0: Is WikiLeaks Open Government?
http://gov20.govfresh.com/is-wikileaks-open-government/

15. The Leaker
Let's talk about sources of leaks

16. Leaker, who are you?
who should be a leaker
Anybody!
… who:
o Has access to some special undisclosed information
o Knows that he/she will make a difference
o Is someone who can trust an anonymous identity because
hopes to achieve results through leaking, a greater good :)‫‏‬
o Someone who views secrecy not as an asset, but as a
useless seclusion

17. Leaker, Risks?

18. Leaker, Risks?
• Having access to some undisclosed (secret? unpublished?)
information will be a matter of trust
• A leaker has to break this trust, in fact.
• The leaked data may be lost due to a bad policy (reselling of
used computers without cleaning, trashing of CD and papers).
• If a leaker is a hacker he has the knowledge and skills to
protect himself and minimize risk.
• If the data is not shared amongst many people, the risk is
higher (i.e. the leaker is the author)‫‏‬

19. Leaker, how to become a leaker ? 3/4
• It’s not important to become a leaker but to remain a leaker ;)‫‏‬
• Leaking services must allow a smart leaker to stay safe
• The leaker must evaluate all the available leak sites and
choose the most trusted/professional
• Security has to be a feature that is usable and easy to
comprehend

20. Leaker, who are you?
A leakers drive may be:
o personal strategy and motivation
o political awareness
o Information pollution (this is a threat)‫‏‬
o market, political, social awareness
o self suggestion and personal troubles (this may lead to a lot of
unneeded overhead)‫‏‬
o hate & anger (this will probably make him a sacrificial victim).
Is he a techno martyr?
High risk.

21. Leaker self protection
The leaker must be protected in 3 phases:
- The acquisition of the leak
- The submission of the leak
- Post leak submission

22. Leaker self protection:
the leak acquisition
If the data is accessible only by a limited amount of people the
risk is higher.
Internal security policies must be evaluated by the leaker.
He must consider:
• Technical tracking, logs of internal access
• Personal tracking, when few people have an access to a data
then personal behavior will acquire relevance
• Knowledge coherence (disk forensic, wiretapping)‫‏‬
• The detail of information an investigator may be able to
acquire

23. Leaker self protection
from the leak site
The selection of an appropriate leak site is mandatory
Criteria for selection must be:
- Level of trust the leak site has inside the network
- How professional it is
- What kind of technology it provides the leaker to protect
himself
It is possible (and inevitable) that there will be rogue leak site,
controlled for example by intelligence agencies.
It must therefore be:
- Trusted
- Wiretap resistant

24. The Leak site

25. The Leak Site:
Different kind of Leak Sites
Different kind of Leak Sites
• Editing & publishing leak site
• Raw data publishing (mirroring) leak sites
• Leak amplification leak sites
Different leak sites have different risk levels

26. The Leak Site
Avoiding takedowns
A leak site may contain some data dangerous that is a threat if
disclosed, one must suppose that a lot of resources are
dedicated to stopping the disclosure.
If distributed in different nations different laws and state
interrelationships can slow down seizing.
Censor resistant methodology (Tor hidden service, darknets,
redundancy)‫‏‬
Avoid traceability?
(trust/security tradeoff)‫‏‬

27. The Leak Site
How to establish credibility
The primary goal for a leak site is to obtain trustworthiness in
order to receive more interesting leaks
Trustworthiness will be built based on:
• Transparency
• Reliability
• Leak evaluation and context quality
… and the leaks Impact
Any leak site will not be trusted until first leaks serious impact in
local society

28. The Leak Site
Knowledge base and Safety Tips
Will provide knowledge base and tips to educate leakers
Information specific to laws in the leak sites country, if any (will
be distributed amongst leak site, git)‫‏‬
Knowledge useful for the leak node maintainer will also be
provided
A package of material for publicity campaigns is included

29. The Leak Site
Understand leak impact and plan properly
Different information has different impact potential.
The leak impact in most cases will be restricted to a specific
area of interest and location.
Global impact is very rare and often the effectiveness of global
impact can be less than local impact. (i.e. policy changes).
Act locally think globally
It is important to identify the context in which the information
must be distributed to achieve maximum impact and
effectiveness

30. The Leak Site
Rogue leak sites
In a decentralized and distributed network a big risk is that of
attackers impersonating legitimate nodes
This risk is inevitable and can only be mitigated
A network of trust is more difficult to infiltrate
The leaker must not disclose his identity to the leak site

31. The Leak Site Reviewer

32. The Leak Site Reviewers
Who will be a reviewer?
- A person who believes in the leaking process
- someone with the ability to recognize fake data
- someone known in a network of trust between the hacktivist
movement
- more or less like a wikipedia contributor: a skilled anonymous
for the social progress
someone pretending all the previous points, but doesn't know
the truth about him :)

33. The Leak Site Reviewer
How a source review works
Who will be a source reviewer
Internal rules of reviewing
Possible checks that should be performed by the reviewers
Reviews possible Outputs

34. Review of the leaking
Obtain trustworthiness
Be objective/super partes
Be reserved and private
Be multiple: in a distribuited process the community is the asset

35. The Media Editors

36. The Media Editors
A media editor is a trained professional (or motivated and
skilled people) that will give context to the leak.
They also serve as a second filter to avoid publication of fake or
useless documents.
They are doing the real hard work (WL say 90% of leaks are
garbage).
The output to media editors should be reduced by leak
reviewers (ideally they should not have to deal with a lot of fake
or useless information)‫‏‬

37. The Media Editors
To get the attention of trusted and skillful media editors, it is
important for a leak site to have credibility.
The context given by the media editor will then be submitted to
appropriate media.
They can also be inside media themselves.

38. Information
Transparency, Anonimity and
resiliency

39. Information transparency
How much you need to check trust
The data has to become information
Interpretation and contextualization
"When correction fail - The persistence of political
misperceptions"

40. Information transparency
from the "raw data" to the information for the masses
– it require contextual analysis (for people to understand the leak)‫‏‬
– it require source verifications (for people to trust the leak)‫‏‬
the data will be stripped of the metadata
the metadata will be used for evaluation of trust, and eventually
reported

41. Information transparency
Transparency/leaker protection tradeoff
- Metadata can be useful for two purposes
- Verify the leaks authenticity
- Identify the leaker
- A process to clean the metadata without breaking the leak is
important
- Probably this is possible only with intervention from the
leaker
- It might be useful for the target to have feedback from the
leaker to give it more context
- This puts the leaker into great danger and it must be a contemplated
choice

42. Information Resiliency
Available over the time
Available from all countries
Methodology used in the last years (mirrors, p2p, bittorrent, tor
free hidden service hosting, etc)‫‏‬
The leak must be spread with various methods
Streisand effect

43. Information Resiliency
If the information is worth something, and it gains a lot of
attention, it will be mirrored. (see wikileaks mirrors)‫‏‬
Once the information is out in "raw" form instructions on how to
mirror it, should be given.
Free file sharing systems (megaupload, rapidshare, dropbox,
etc.) can be useful to encourage non-technical people to
spread the data.

44. Information Resiliency
Tor hidden services can be a great tool for hosting sensitive
information.
- It must be easy to setup a tor hidden service even for a non
technical person
- Guides like the ones Anonymous give on how to spread the
data (step by step)‫‏‬

45. Information anonymity
Anonymity as a feature
Safe anonymity (community supported technology vs private
services)‫‏‬
Applicability to every layer of leaking flow
Tor Anonymous Hidden Services
tor2web

46. Existing leak sites and other leak initiatives
Leak sites similar to WikiLeaks and
supporting sites

47. Various leak sites
BalkanLeaks
https://www.balkanleaks.eu/
IndoLeaks
http://www.indoleaks.org/
ThaiLeaks
http://thaileaks.info/
WikiLeaks Croatia
http://wikileaks.hr/
Al Jazeera Leak Site
http://www.ajtransparency.com/how-submit
Pronistica il Ricercatore
http://pronosticailricercatore.blogspot.com

48. Al Jazeera has released a website acting like an
"anonymous dropbox”:
• They suggest to encrypt Leaks
• They suggest to use TOR
• The suggest to remove metadata
However…
“We recognize that - despite the best technology - our readers and
viewers are taking a risk by submitting materials, particularly those
living in countries where such disclosures are not protected by law. Our
journalists will ensure that the identities of our sources are protected,
and that submissions are scrubbed of sensitive information - like the
"metadata" that contains authoring information - before those
submissions are released to the public.”

49. Leak Support Sites
CrowdLeaks:
– Born from Anonymous Operation LeakSpin
– Crowd editing and publishing web site
WL Central WikiLeaks News, Analysis, Opinion
http://wlcentral.org/
Anonymous HBGary Leak Mirrors
http://hbgary.anonleaks.ch/

50. OpenLeaks
ASK DBerg to make it (15minutes)‫‏‬

51. GlobaLeaks
… shortly how it works!

52. GlobaLeaks: Disclaimer
• We do not receive leaks and we do not publish leaks
• We are developing a software and designing a leaking
methodology
• PLEASE DO NOT SEND US YOUR LEAKS!

53. leaker protection reduced
risks and
leak filtering resources
(ham/spam)
leak management •The organization takes
responsibility
Wiki Leaks workflow
leak validation the organization •Can be easily taken down by
assumes authorities (or censored)
responsibility of
what is published •Does not scale up to a regional
information and how it is level
organized
rationalization
responsibility for the
leak publishing publishing of the
content
requires costly IT
leak resilience infrastructure and
resources
requires human
media coordination resources

54. resources are
GlobaLeaks
leak acquisition provided by
volunteers
leak filtering
(ham/spam)
•Democratic tool for democracy
by sending
leak amplification the leak to
•Secure bridge between leaker
targets
and target
•Does not take responsibility
•Scale up to regional leak level
•Takedown resistant
leak validation
qualified and
professional targets
information
will work together NGO
to classify and
crowdsourcing
rationalization organize leaks Journalists
Activists
Bloggers
leak publishing will be handled by the interested media
based on the leak
importance/type the
regional or interest
interested target will
specific coverage be contacted

55. GlobaLeaks: goals
• Develop a platform for interaction between leakers, editors
and node maintainers
• Easy setup and maintenance
– Allows a diversification of leak sites based on geography and areas
of expertise
• Knowledgebase on setup maintenance and promotion of the
local leak site
• Knowledgebase on leaker support

56. GlobaLeaks: information flow
media
leak Submission
!"#$"%
leak Pubblication
!"#$
%&' $
leak download
!"#$%
&'()*'()$+
leak node !"#$%&'
• the node leak notification • the target is a
maintainer journalist, NGO
select a list of • A Leank is or Blogger
targets created • he reviews the
• Targets are leak content and
notified via mail analyses it

57. GlobaLeaks: The Leaker
• Leaker education
• If the leaker is smart he will be given all the information and
technologies to stay safe
• Ideally a leaker will connect via a tor client
– Or simply with tor2web

58. GlobaLeaks: The Leak Node
• Easy Setup even
for a non-technical
crowd
• No payment, or
domain names
• Running as Tor
Hidden service
• A web interface

59. GlobaLeaks: The Leak Node
• Knowledgebase for the leaker
• Leaks are tagged
• Each leak node, contains a target list with associated tags
• Based on the tags that are selected by leaker, the node will
notify the required targets
• The targets are notified with a leank

60. GlobaLeaks: Node maintainer
• Customize leak site presentation (graphical appearance and
some content)‫‏‬
• Selects the target list based on the leak nodes interests and
crowd
• He can also be in the list of the targets
• He will also carry on publicity campaigns to promote his leak
site

61. GlobaLeaks: Leanks
• Leak Link
• The method through witch a target perceives a leak
• A bit.ly style URL unique for each target
• They are dispatched via email (in a future possibly with other
methods)‫‏‬
– Random delay between each dispatch
• They expire after a fixed or customizable amount of clicks
and amount of time
– To avoid leak link sharing
– Once expired a blank page is returned

62. GlobaLeaks: Leanks
• A target can add a password to his leank page, but this is
disabled by default
• Two types of leak pages, one containing the actual material
the other containing a status page
• The status pages is:
– used to monitor the impact of the leak
– useful for a leaker, who can see how many people have downloaded
the leank (the risk is higher)‫‏‬
• The actual leak (can be multiple files) is distributed in a
packaged format (.zip)‫‏‬

63. GlobaLeaks: Leanks

64. GlobaLeaks: Leanks
• It also provides a channel through witch targets can
communicate
– Integrated comment functionality
– A leaker can also visit the status page and ,knowing the risks he will
face by doing so, talk with the target and give more details on the
leak
– Discussion channel for leak targets

65. GlobaLeaks: Organisation
• Being part of the leak process will bring some sort of
problems
• By splitting responsibility we demotivate attackers to plan an
attack strategy
• There are no specific roles (we are all Random GlobaLeaks
contributors)‫‏‬
– Spokespeople are randomly rotated
– Code produced is Free Software
– All encryption and security technology are community produced
and tested free software

66. Conclusions