Today, the site has a special Scientology section in its archives. It holds more than one hundred documents, one of the largest collections of the church’s internal papers stored anywhere in the world.
In July 2010, three months after WikiLeaks had released a clip of a U.S. Apache helicopter gunning down civilians and journalists in a Baghdad suburb and just days before the group would publish seventy-six thousand secret military documents from Afghanistan, Julian Assange was scheduled to deliver the keynote address to an audience of thousands at the Hackers on Planet Earth conference, a gathering held at the venerable Hotel Pennsylvania in New York. But when the keynote began, it was a young, dark-haired American, not Assange, who walked onto the stage. He wore a T-shirt that read “Stop Snitching,” a reference to Adrian Lamo, and was introduced by the conference organizers merely as “WikiLeaks.”
“Hello to all my friends and fans in domestic and international surveillance. I’m here today because I believe we can make a better world,” Appelbaum told a bewildered crowd that had expected a blonder, more Australian figure. “Julian, unfortunately, can’t make it, because we don’t live in that better world right now, because we haven’t yet made it.”
“I wanted to make a little declaration for the federal agents that are standing in the back of the room and the ones that are standing in the front of the room, and to be very clear about this: I have, on me, in my pocket, some money, the Bill of Rights, and a driver’s license, and that’s it. I have no computer system, I have no telephone, I have no keys, no access to anything. There’s absolutely no reason that you should arrest me or bother me. And just in case you were wondering, I’m an American, born and raised, who’s unhappy. I’m unhappy with how things are going.”
He explained that he worked for Tor, but that he wasn’t at the conference to represent his employer. “I’m certain they wouldn’t be too unhappy with me speaking here, but they certainly didn’t know about it before this moment.” Then he explained that he believed in standing up for human rights and social change, for free speech without retribution.
“To quote from Tron,” he said, “I fight for the user.”
For the next hour and fifteen minutes, Appelbaum railed against the war in Iraq and Afghanistan in steady, simple rhetoric. He lashed out at WikiLeaks’ critics and Lamo, whose name he refused to even utter, for informing on Bradley Manning. He argued against the idea of “speaking truth to power.” “You stick it to the man and show the man how it is? Well I think that’s stupid. Power knows power because power’s in power,” he told the crowd. “It’s important to take this power and give it to people who are not simply the ones who make the decisions. Give it to the people who vote them in and out of office.
“The people in power cannot issue a denial when everyone knows the truth,” he continued. “They can’t redact a document when everyone has a copy of it in their heart and in their mind.”
And then, he delivered the news: Appelbaum announced that WikiLeaks’ submissions system, which had been down the previous months, had been redesigned and relaunched. He displayed the Tor Hidden Services page that any leaker could visit to anonymously feed documents to the site.
And then Appelbaum went further, directly appealing for the audience of hackers, many of whom held day jobs in corporate cybersecurity, to become an army of leakers.
“I never expect to work in the computer security industry again. But that’s OK. I think this is far more important than anything like that,” Appelbaum said, with a vulnerable note in his voice. “Some of you won’t make this choice, and that’s OK. And some of you will pretend not to make this choice, and you’ll go in deep. And thank you for that.”
Appelbaum paused. The audience response began with a few sparse claps, as if the crowd wasn’t yet sure about its commitment to the role they were being asked to take on. Then it slowly grew, rippling through the room, and swelled into a steady roar of applause. As his talk ended, Appelbaum exited the stage, and seemed to reappear donning a black hoodie.
In fact, the hoodie wearer was a decoy. Appelbaum had slipped out a back exit to board a flight to Berlin. While he surreptitiously left the hotel, the Collateral Murder video was projected onto an enormous screen. Apache gunfire echoed over a silent throng of hackers: a dark orientation video for the newborn leaking movement.
PART THREE
THE FUTURE OF LEAKING
“Paranoia will kill us.”
BIRGITTA JÓNSDÓTTIR
CHAPTER 5
THE PLUMBERS
In an unmarked government building on the edge of a residential Arlington, Virginia, neighborhood, a grinning, suit-wearing official named Peiter Zatko describes the anatomy of a leak.
His eyes flit over a table covered in printouts from a PowerPoint document, representing a blow-by-blow case study of one insider data theft. Zatko explains the example computer network’s data breach in a rapid-fire patter, shuffling the papers and referring to visualizations of branching file systems with a fluency polished by repetition. His cheeks, dabbled with a hint of pockmarks, twitch with the nervous energy of someone who is setting up a fantastic punch line.
In Zatko’s test case, the suspected leaker searches broadly over the network to find the areas where data related to critical infrastructure is stored, then returns to manually probe a few interesting files. “Then he walked away with enough information to shut down big chunks of the telephone systems in the United States,” Zatko concludes flatly, his face blank.
And who was that rogue insider? “That was me,” Zatko says. Then he giggles mischievously.
Zatko, a puckishly hyperactive forty-year-old, is not a typical Department of Defense employee. He wears a tie, has cut his once-shoulder-length mane of brown hair into a tidy executive part, and shaved his goatee. But even in his new Beltway digs, he still goes by the nickname “Mudge.” That’s the hacker handle Zatko used in decades of exploring the dark corners of the Internet and charting the back doors in its labyrinthine alleys, and he prefers his friends and acquaintances, his boss, even his parents, to refer to him by that name.
In the American hacker circles Mudge travels, it’s also an identity that elicits a certain amount of worship. Frank Heidt, a former security consultant at MCI and several military contractors, says that when he first read Mudge’s security exploit research in mid-nineties hacker zines, he believed that “Mudge” must be the pseudonym of a group. “He was so prolific that I thought he couldn’t be one person,” Heidt says. Mudge’s revelations included fundamental vulnerabilities in software as ubiquitous as Windows NT and Internet Explorer, digital sleights of hand that could humiliate multinational companies with a few lines of code. For an older generation of hacker, his sobriquet calls to mind other bold-faced names in the American digital underground like the L0pht, @stake, and Cult of the Dead Cow, elite hacker collectives where Mudge was often regarded as the most visible and brilliant member.
Lately, Mudge has led a very different sort of group: the cybersecurity research team at the Defense Advanced Research Projects Agency. DARPA, the mad-scientist wing of the Pentagon that built the Internet and funded Tor, hides a Silicon Valley sense of wild technological optimism behind its bureaucratic Washington exterior. For the last fifty years, it’s functioned as the Department of Defense’s blue-sky Skunk Works, devoted to seemingly science-fictional projects designed to keep America’s military forces a decade or more ahead of their foes.
Occasionally the agency’s imagination germinates into technologies that disrupt and reshape the world. In 1960, it put the first five GPS satellites into orbit. In 1969, it launched the ARPANET, a system of remotelynetworked computers that would later be renamed the Internet. In the late 1970s, it developed and flew the first stealth planes. From 2006 to 2008, DARPA organized a series of races of robotic, driverless cars through the desert. Several of the top scientists in those competiti
ons now work for Google, where they’ve built autonomous automobiles that have driven between San Francisco and Los Angeles with no human assistance. In 2011, it tested an unmanned plane that can fly twenty times the speed of sound. Other projects that it’s funded seek to build flying Humvees, mechanical bats that can suck electricity from power lines, cyborg cockroaches, and roving robots that can switch between liquid and solid form or feed themselves with grass and twigs.
Mudge’s new pet project, as outlined in a forty-six-page announcement DARPA released two months before our meeting, may sound less flashy. But it’s equally ambitious: He aims to rid the world of digital leaks.
“Leaks,” of course, isn’t how Mudge describes the problem. He and DARPA use the more general industry term for an enemy within the system: an “insider threat.” Since the summer of 2010, Mudge has led a project known as CINDER, or Cyber Insider Threat, a DARPA program that aims to turn the question of information security inside out and look at it afresh: Instead of trying to keep the bad guys out of your system, assume they’re already inside and impersonating innocent staffers, whether in the form of malicious software that hijacks an authorized PC or a human leaker. CINDER was conceived to identify and neutralize moles of all varieties.
The telephone system theft case that Mudge dissected for me in an unassuming DARPA conference room was, of course, a mere penetration test, demonstrating that anyone with access to the victim’s network could exfiltrate any data he chose without detection, despite all the system’s sophisticated security software. Now this hacker’s challenge is to fix, rather than merely demonstrate, that epic problem: Like most DARPA initiatives, CINDER functions as an open, X-Prize-style invitation for ideas. While Mudge won’t reveal the project’s budget, qualifying DARPA-funded projects typically receive anywhere from hundreds of thousands to tens of millions of dollars in government capital. More than fifty entrants, ranging from tiny companies to the defense giant Raytheon, have publicly signed up to submit ideas—many more in secret. Projects at DARPA’s intelligence agency counterpart IARPA and other wings of the Pentagon are tackling the problem, too, but few have the mandate that Mudge has, to think years and decades ahead.
“We’re looking to everyone from academia to start-ups to large government contractors,” says Mudge with a salesman’s intensity. “We’re not looking for evolutionary improvement. We want to pull the rug out from the problem altogether.”
Despite his hacker past, Mudge fits in at DARPA. For years, he’s thought eleven steps beyond the corporations and government agencies whose security he gleefully dismantled. Now he’s working in the same office building as scientists tasked with equally unreal work, building Iron Man–like exoskeletons that multiply human strength by a factor of ten and surveillance systems designed to watch every moving object in entire cities.
But Mudge has something else in common with the agency that now employs him. Each has played both sides of the secret-spilling game. Without DARPA’s money and ideas, the transparency movement as we know it, built on the Internet and enabled by anonymity technologies, wouldn’t exist.
And Mudge, for his part, isn’t just any hacker-turned-fed. Peiter Zatko, loath though he may be to discuss it, knows Julian Assange.
The two forty-year-old ex-hackers grew up cruising the same primordial Internet of the 1980s and 1990s. They bristled under the same restrictions and shared a friendship through connections that spanned continents. Twenty years ago, Mudge and Mendax were teammates in the same digital free-for-all. Now they’ve found themselves on opposing sides, vying for the fate of the world’s information. And it’s Mudge’s move.
The Collateral Murder video was only the overture to Assange’s magnum opus of leaks.
Just days after Jacob Appelbaum’s call-to-arms speech at the HOPE conference, the first wave hit: seventy-six thousand documents from the Afghan War, detailing every significant action over nine years of skirmishes and pitched battles, every casualty and drone strike gone awry.
The Pentagon wasn’t surprised by the blowout leak—it had already read the chat logs of its prime suspect and thrown him in a military stockade. But there was little else the most powerful military in the world could do in its escalating battle with WikiLeaks other than issue rhetoric. Admiral Mike Mullen and Secretary of Defense Robert Gates criticized WikiLeaks’ release and lack of discretion in failing to redact names of informants, with Mullen stating in a press conference that the group “might already have on their hands the blood of some young soldier.” (Later reports from the Pentagon, widely touted by WikiLeaks’ supporters, said that the exposure hadn’t led to any documented casualties. WikiLeaks claimed it had taken out files with the most sensitive names.)
Three months later, WikiLeaks released 392,000 documents from the Iraq War, another record-breaking classified data breach that exposed American knowledge of torture by Iraqi police, evidence that Iraqi Prime Minister Nouri al-Maliki used “detention squads” in the Iraqi army to harass political rival groups, and another fifteen thousand civilian deaths that hadn’t been previously documented. Assange delivered the news in a London press conference, the long hair of his early thirties now cut short, his gray trench coat switched out for a well-tailored suit.
But by this time WikiLeaks’ enemies were responding with more than mere words. Prior to the Iraq release, the site faced a digital intrusion by what one WikiLeaks source told me were “very sophisticated attackers,” compromising the encryption keys the group used for instant messaging and forcing it to issue new keys and move its chat server from Amsterdam to somewhere in Germany. One British payment provider, Moneybookers, froze donations to the site, claiming it violated the company’s terms of service.
But the leak that would give way to an all-out Cold War on WikiLeaks was yet to come. On November 28, seventeen days after Assange had told me of an upcoming data dump that would affect every government and every industry in the world, the data bomb struck on schedule: the first of 251,000 State Department Cables, candid communiqués from American diplomats in every corner of the world, all secret, all utterly exposed.
They included frank insults of world leaders’ nepotism, corruption, and sexual appetites, countless stories of America’s sticky fingers penetrating into political dealings in supposedly independent democracies, and evidence of filthy practices on the part of multinational corporations, a Leviathan bundle of secrets torn open to feed the front pages of the world’s newspapers and magazines for months, even years. The headlines rang out with a force and volume greater than any leak since the Pentagon Papers: “Saudi Arabia Urges U.S. Attack on Iran to Stop Nuclear Program.” “China Leadership ‘Orchestrated Google Hacking.’” “Did Pfizer Bribe Its Way Out of Criminal Charges in Nigeria?” “Texas Company Helped Pimp Little Boys to Stoned Afghan Cops.” “China ‘Ready to Abandon North Korea.’” “WikiLeaks Cables on Afghanistan Reveal Monumental Corruption.” “Iraqi Children in U.S. Raid Shot in Head.” “U.S. Bombs Yemen in Secret.” “U.S. Diplomats Spied on UN Leadership.” An analysis by the magazine The Atlantic five months later would show that close to one out of every two issues of The New York Times in 2011 cited a document published by WikiLeaks.
It was a cypherpunk apotheosis, and the greatest hacktivist coup in history.
Detailing the true nature of war was one thing. Massively embarrassing the world’s most powerful politicians and companies was quite another. After Cablegate, the counterattacks were immediate and relentless. Vice President Joe Biden said in a television interview that Assange was “closer to being a hi-tech terrorist than the Pentagon Papers.” Sarah Palin suggested he should be “pursued with the same urgency we pursue al-Qaeda and Taliban leaders.”
Senator Joe Lieberman called the release “an outrageous, reckless, and despicable action that will undermine the ability of our government and our partners to keep our people safe and to work together to defend our vital interests.” After
receiving a call from Lieberman staffers, Amazon, which had hosted some WikiLeaks Web servers, banned the group. (The company denies the decision was political.) WikiLeaks moved to a new host in Switzerland, where untraced cyberattacks flooded its servers. Its DNS service provider EveryDNS, which allowed the site to use the name WikiLeaks.org, exiled the group as well, forcing it to switch to alternatives like WikiLeaks.ch and WikiLeaks.de. PayPal cut off the site’s main faucet of donations. Visa, MasterCard, and then Bank of America followed by ending all payments to the increasingly isolated digital fugitives.
Assange responded to the digital and financial attacks by putting out a call for volunteers to “mirror” the site, setting up an exact replica of WikiLeaks.org. In a show of solidarity, hundreds of clones were set up around the world in a matter of days.
But Assange himself, whether through pressure from the American government or mere coincidence, was coming under fire as well. Interpol issued a Red Notice of arrest for him, not for any data-related crime, but for sex crimes against two women in Stockholm. According to documents from the Swedish justice system that leaked to the Web, both women alleged that WikiLeaks’ headstrong founder had unprotected—if consensual—sex with them despite their protests that he use a condom. In one case, a woman said he had sabotaged the condom so that it broke during intercourse. Another woman said he had begun having sex with her in her sleep.
This Machine Kills Secrets Page 20