WikiLeaks Posts Mysterious 'Insurance' File

Originally posted by bikeshedding
Oh, there was once a WikiLeaks thread
That simply would not turn up dead
Each morn when I logged in
Someone posted again
Without getting what had been said.

1) There is only one Afghan War Diary "insurance" file released by WikiLeaks. One. Not two, not forty, not three thousand. Just one. It has a SHA1 hash of cce54d3a8af370213d23fcbfe8cddc8619a0734c. Any file that doesn't match that hash is not the insurance file that we're talking about or is an incompletely downloaded version of that file.

2) Just because something says "100%" doesn't necessarily mean that it is, just that the software thinks so. While you can generally rely on it to be correct (assuming that the software was well developed and tested), that doesn't mean it always will be, especially when a significant amount of data is being downloaded. As ArMaP noted, this is why hashes are typically provided. Once one has downloaded the insurance file, one should be able to generate a hash from it (using whatever software is available for his or her operating system to do checksum calculation). If the hash does not match cce54d3a8af370213d23fcbfe8cddc8619a0734c, then the file is NOT the one that WikiLeaks released.


[edit on 25-8-2010 by bikeshedding]

So you talked to wikileaks and assange and confirmed this. That they are not sending out different files for some reason. When you talk to him again ask him for the password

reply to post by jlafleur02


It's plainly there on the Afghan War Diary page. If they released other files, why wouldn't they link them there? This thread is about the file named "insurance.aes256" available for download from the WL Afghan War Diary page that matches the aforementioned SHA1 hash. If there is a file that does not meet those criteria, then that file is certainly not the one that I've been discussing.

The SHA1 hash, the file, it's all on the page. The SHA1 hash has not been changed since the day the file was put on the page, which means the file hasn't been changed since that date. Admittedly, it *could* mean that no one ever compared the file and hash, but since I know that I did so on the day that it was released, I can discount this possibility. Whether you choose to believe that is up to you. Feel free to try and find an archived original of the Afghan War Diary page to verify that the hash hasn't changed. Any "insurance" file that anyone has that is not on that page or does not match that hash came from a specious source or was incompletely downloaded from the WikiLeaks site. That has everything to do with how checksums work and nothing to do with WikiLeaks. I don't have to talk to Assange to know that, and denying it is honestly just denying reality.

Example:

$ cat original.txt good_download.txt bad_download.txt
I am the complete, original source file.
I am the complete, original source file.
I am the complete, original source file

Notice that the period character is missing from the contents of bad_download.txt, but not from the contents of good_download.txt.

Now let's compare hashes to see which of our files was properly downloaded. I'm using MD5 in this example. WikiLeaks used SHA1 instead.

$ md5sum original.txt good_download.txt bad_download.txt
59a628b5db2671bd00ac6fc9d0389ee9 original.txt
59a628b5db2671bd00ac6fc9d0389ee9 good_download.txt
2c4de95f2566d32898479ebd7434746f bad_download.txt

Notice the wildly different hash for bad_download.txt. This is due to the fact that just a single character is missing from bad_download.txt. Notice that the hash for good_download.txt matches that of the original.txt file, because it was fully and completely downloaded. The bad_download.txt file, while principally the same thing (just missing a character) as good_download.txt, appears to be a different file if all you do is look at the checksum or file size.

$ ls -l *_*d.txt
-rw-r--r-- 1 bikeshedding bikeshedding 40 2010-08-26 11:30 bad_download.txt
-rw-r--r-- 1 bikeshedding bikeshedding 41 2010-08-26 11:29 good_download.txt

Notice that bad_download.txt is a different size from good_download.txt (40 bytes as opposed to 41). Though they are different files on your local system and have different sizes and checksums, if we closely inspected the contents of each file, we could see that they were derived from the same source file and that one was a completed download and the other was not. For people who think they got 2 or more different insurance files, were they to actually open both files in a text editor and compare them, they would most likely find that the files are character by character matches with each other up to the point where the download failed for one of the files.

We didn't get a different file because the server gave us a different file, we got a different file because we failed to download it completely.

If you can present evidence that WikiLeaks itself released multiple "insurance.aes256" files, please do so. I'd love to see it. Quite simply, no one in this entire thread has presented compelling evidence for more than one "insurance.aes256" file released by WikiLeaks.


[edit on 26-8-2010 by bikeshedding]

Uh.. maybe we should focus on doing something useful here instead of just denying ignorance?
Or is there a taboo on that here at ATS?

reply to post by the.krio


I don't see why the slash between denying ignorance/doing useful things has to indicate an "or" instead of an "and." Can't we do do useful things and deny ignorance? Got a neural net cracking that file yet?

Edited to seem less argumentative. A jocular tone was intended, but not evident upon re-reading my original post.


[edit on 26-8-2010 by bikeshedding]

I don't have time to read this whole thread but, apparently lot's of people think this 'insurance file' is something very important.

Can someone tell me what they think this file is? Is it just more Afghan war stuff or what?

I guess no one knows but, has there been any clues as to what it could possibly be?

thanks.

reply to post by Romans 10:9


The most common ideas are that the encrypted file is an archive of documents or audio/video. As for the subject matter, I lean towards "more Afghan War stuff," since the file is only linked from their Afghan War Diary page. Some people think that the additional leaked Afghan War documents that WikiLeaks has (but has not yet released) are part of the archive. Some people think it is a backup of everything they have on the Afghan War. I personally believe that it is, for the most part, an archive of unreleased documents that may also contain some audio or video files.

Despite the roughly 50 pages of posts, none of these things are known for certain, but they are reasonable assumptions. We're ultimately just going to have to wait on WikiLeaks to be more forthcoming about the file or to release the password to it before we know anything for sure. Unless, of course, someone gets astronomically lucky and cracks the file (in my opinion, cracking the file is not going to happen any time in the next few years).


[edit on 27-8-2010 by bikeshedding]

Cool. Thanks for the come-back.

I hope this does not fall on deaf ears.

My hypothesis as to what the insurance file holds is two-fold.

a) It is random meaningless data. Simply a bluff. Part of me says this is true to buy Julian Asange and his legal team time to position themselves politically since he has really pissed off some important and powerful people. Although everyone must perish sooner or later, he could be labled as a martyr or a mover and shaker of society such as Nikolai Tesla was if he lives long enough. He needs more time to solidfy his name before he dies. But part of me says it is not a bluff, because Julian is a very intelligent individual and can successfully deflect blame onto others and continue to upgrade his persona to live into the future after he does perish. NSA and higher powers will not intervene when it comes to bluffs though. Even though AES256 doesn't contain the creme de la creme, it contains enough to piss off some top brass.

b) Because he is an intelligent individual, I feel he knows that AES 256 and other encryption algorithms have a fatal flaw. They can be defeated and once you do open the insurance file (without brute force or dictionary attacks or other basic methods people are trying as I type this) you will be greeted with a message saying congratulations! There are no videos or secret cables or emails in the file. Just a message stating you have done what many have been unable to do. He wants you to share your knowledge on how to break the encryption so the blame is taken away from him! As far as I know, NIST and NSA are the boss when it comes to what you are allowed to use to protect national secrets with. But why do they think they know more than other people? Do they really have the upper hand, best mathematicians in the world, unlimited budget and propietary hardware?

My reasons for the above hypothesis are due to national security and Julian also knows he would most likely be assasinated if he let something too "extreme" or "sensitive" out in the public too blatently.

For example, the proof of God and Jesus or extraterrestrial beings would be too detrimental to not only the United States but also the world as a whole. This is why I believe very strongly that the insurance file does not contain such information. Not even remotley close to this level of information.

Buy posting the insurance file, the death of AES256 encryption will not be Julian's fault. It will be the creator's fault, the hacker's faults and the fault of others who chose to leak other similarly encrypted files. But let me be clear, files that have been encrypted in this fashion will NOT be detrimental to the world's fate. They can't be. It's too risky.

Hardware, software, languages and related technologies that have been built in-house are what are of the utmost secrecy. ACSII characters and known languages are exempt from the utmost secrecy and encryption because they are too risky. If you want the creme de la creme, you WILL NOT FIND IT with traditional methods no matter how hard you try. It just makes sense.

They build what they cannot buy. Never forget this.

Originally posted by the.krio
Uh.. maybe we should focus on doing something useful here instead of just denying ignorance?
Or is there a taboo on that here at ATS?

You know your audience...such an inflected expression contradicts your point, if I am reading correctly.

Originally posted by mirageofdeceit
Close to breaking it is not breaking it. It was found that AES256 could be broken in fewer rounds than AES192 with the same particular key, but it wasn't a total break of AES256, and not if you use a strong key. You must be specific about the situation in which it was found to be weak(er).

Rijendael is publicly available and not subject to patents. Who you trust to get it from is the hard part. AES is actually Rijendael in a specific configuration.

If they chose a long, complex password that does not contain words from any language or dictionary, with current processing ability the Universe will cease to exist before you get close.

[edit on 31-7-2010 by mirageofdeceit]

Just assuming that computer technology will evolve and become much faster over the next few decades...I'd say if the password is complex it would indeed take decades to get to, which by then it will be outdated and irrelevant.

Originally posted by muzzleflash

The only way someone could be giving him this is from like the NSA. Seriously this is messed up.

I spoke to two kids (young lads) that worked for the NSA that were really disgusted by what their agencies were doing and talked about leaking info and spilling the beans. The guys wouldnt tell me what they worked with, but it was something they refused to discuss on the grounds that I didnt have clearance. (data analysis or something like that)

I bet that if anyone at the NSA was leaking to wikileaks, it would be the likes of those guys. I should ask them next time I get to visit them.

reply to post by Happyfeet


What is going on with this site?

That is bull, through and through.

reply to post by MemoryShock


masters degree in info warfare

Originally posted by the.krio
masters degree in info warfare

Awesome; I needed a piece of paper to roll a smoke with...

Originally posted by Happyfeet
I spoke to two kids (young lads) that worked for the NSA that were really disgusted by what their agencies were doing and talked about leaking info and spilling the beans. The guys wouldnt tell me what they worked with, but it was something they refused to discuss on the grounds that I didnt have clearance. (data analysis or something like that)

I bet that if anyone at the NSA was leaking to wikileaks, it would be the likes of those guys. I should ask them next time I get to visit them.

Dude. If you are really telling the truth atm, then you are just ratting them out. If someone is really following these boards then I bet disgrunted and possibly leaky NSA workers are pretty high at top of their interest list.

Now I am sure that you are a reasonably smart and careful person but the people we are talking about do this kind of thing for a living. If they want, they WILL track you down and either by following/monitoring/analyzing your social network will find out who are the NSA people you were talking about.

So the only thing you did right now was boost your ego by telling us you have NSA contacts and at the same time exposed them and possibly removed a source of information for us.

I am downloading now. I do not believe that it is a bluff. I think there is something heavy inside. WHAT I have no clue but it will be interesting to see how far the players are willing to move the pieces. No more secrets? I can imagine that by the time the key is released (or broken) the information will no longer be available for download. Might as well download now and have it ready.

reply to post by Alphard


I dont have a social network, I deal with people in person or not at all.

I'll tell you what is inside. It's Schroedinger's cat!
Or perhaps it is Evil.

Interesting developments

Now is a good time to mirror this WikiLeaks 'insurance' backup

Source twitter.com/wikileaks/status/27854791764

Could everything being leaked be intentional, including this; whatever may lie behind the curtains?

All part of a plan, and very precisely executed with intentional leaks in order to push a certain view on the people, even if their intention doesn't seem appearant in the near future or from the outcome of these videos/document/whatever may be.

Is there a bigger picture behind the public realization of corruption and/or choices of the (U.S.) government?