Anybody who has been paying attention to the news for the past couple of years is probably familiar with Wikileaks, a website dedicated to spreading around secret information that is being hidden by governments, corporations, and other powerful entities. While some have argued and will continue to argue about the moral implications of just such a site, one thing is entirely clear: the powerful interests that are at the greatest risk do not want it to be able to keep publishing secret paperwork and videos and will do anything in their power to stop that. That’s not to mention the likely thousands of hackers who would love to be able to get their hands on that information and either release it themselves or find a way to gain financially from it.
So, how does Wikileaks keep their data secure from hackers and governments? Strangely, they employ two diametrically opposed techniques that work together to serve for some of the best security that could be asked for.
Before getting into the non-standard techniques, it’s probably best to keep in mind that the Wikileaks servers and related computer systems are among the best in the world, with highly developed security and safety measures installed in order to keep them running near constantly without having to worry about outages or DDoS attacks knocking the site down.
That being said, the first thing that Wikileaks does to keep governments and hackers from accessing the cables that they get is that the vast majority of the data that their receive is not stored on computers connected to outside sources until it’s ready to go out. Perhaps the simplest, lowest tech solution out there, but it is nearly 100% effective at keeping people from remotely accessing and either copying or deleting data. You can’t hack a computer that isn’t connected to the Internet unless you’re physically present or find somebody who is to collaborate with you. Data is moved from unconnected computers to connected ones using physical media like external hard drives when it’s time to actually publish any results.
The other technique that Wikileaks employs to keep others out of their cables is by spreading the information far and wide. What they will often do is create multi-gigabyte files, sometimes up to half a terrabyte, that they encrypt. Since encryption is both cheap and easy, there is nothing that prevents them from putting some of the best on this file and ensuring that it would take the most powerful computers in the world decades or centuries to crack into it without the proper key phrase. These “insurance” files serve as a form of passive blackmail, since anybody who moves against the company knows that they only need to publish the passphrase and potentially millions of people will be able to access that data anyway. As far as governments go, they recognize that the site is at least somewhat judicious about what it releases where random people might not be, and hackers have less incentive to steal something that is free.
Combined with the highest available security technology, Wikileaks can keep their data secure by storing it where it can’t be touched and giving it to everybody so that attempts to shut them down result in the same problems as allowing them to exist, only in a far less controlled fashion. Ultimately, these techniques have and continue to serve Wikileaks well.