Cybersecurity

WikiLeaks grabs election spotlight

The anti-secrecy organization WikiLeaks is making its presence felt in the presidential election, leaking a trove of stolen Democratic National Committee (DNC) emails last week that rocked the political world.

The emails released by WikiLeaks created a political storm for the Democratic Party, seemingly validating suspicions of Bernie Sanders and his supporters that the DNC worked against his candidacy. DNC Chairman Debbie Wasserman Schultz (D-Fla.) was forced to resign.

{mosads}The furor has put the national spotlight on WikiLeaks, a site that claims to be “a giant library of the world’s most persecuted documents,” specializing in “the publication of large datasets of censored or otherwise restricted official materials involving war, spying and corruption.”

The leader of WikiLeaks, Julian Assange, has promised that the group plans to publish “a lot more material” on the elections in the coming months.

“This is having so much political impact in the United States,” Assange told CNN.

But the work of WikiLeaks is highly controversial, even among whistleblower advocates, due to the site’s tendency to leak information indiscriminately.

Some researchers are now concerned that the platform has been “weaponized” by the Russian government, which is widely believed to have been behind the theft of the DNC documents.

“The DNC email dump is just the latest in the saga of WikiLeaks being a useful idiot of intelligence services,” said Nicholas Weaver, a senior researcher at the International Computer Science Institute.

WikiLeaks did not respond to a request for comment on this story.

The site has a vocal following online, with supporters portraying it as a force against global censorship.

But even supporters of the organization’s stated mission — information transparency — have criticized WikiLeaks’ philosophy of publishing leaks without redacting any information.

“Democratizing information has never been more vital, and @wikileaks has helped. But their hostility to even modest curation is a mistake,” National Security Agency whistleblower Edward Snowden tweeted on Thursday.

WikiLeaks fired back immediately, tweeting that “Opportunism won’t earn you a pardon from Clinton & curation is not censorship of ruling party cash flows.”

Snowden is wanted in the United States for leaking National Security Agency (NSA) documents. Hillary Clinton, the Democratic presidential nominee, has said Snowden should not be allowed back into the U.S. unless he is punished for his crimes.

In most major data dumps managed by news outlets — like the Panama Papers leak and the Snowden files — journalists comb through the information first to black out any personal data that isn’t newsworthy and might harm innocent individuals if published.

WikiLeaks doesn’t do this — but they used to.

In the first WikiLeaks dump in 2010, Assange delayed the release of 15,000 classified field reports from the U.S. war in Afghanistan until technicians could redact the documents.

“I used to defend WikiLeaks on the grounds that they were not indiscriminate dumpers of information,” Glenn Greenwald, the former Guardian journalist who handled the Snowden leak, told Slate. “They were carefully protecting people’s reputations.

“They have changed their view on that — and no longer believe, as Julian says, in redacting any information of any kind for any reason — and I definitely do not agree with that approach and think that they can be harmful to innocent people or other individuals in ways that I don’t think is acceptable.”

While many supporters have lauded the exposure of the DNC’s behind-the-scenes plotting against Sanders’s campaign, critics note the dump included a lot of personal information of no legitimate public interest.

Many of the emails included the credit card, Social Security and passport numbers of Democratic donors.

In another recent dump, WikiLeaks published a link to a database containing identifying information on every female voter in all but two of Turkey’s 81 provinces.

The data has no news value, wrote sociologist Zeynep Tufekci, but is “out there for every stalker, ex-partner, disapproving relative or random crazy to peruse as they wish.”

WikiLeaks has defended itself by arguing that it only linked to the file and didn’t host the database itself.

“Fix your error. Acknowledge your error. You are the one that has opportunistically drawn attention to the content. No-one else,” WikiLeaks tweeted at Tufekci, who first reported that it had “doxxed” or exposed vulnerable Turkish women.

WikiLeaks also told Tufekci to “stop running flak for [Turkish President Recep Tayyip Erodogan] or we will file a formal complaint with HuffintonPost & others.”

The website has been unequivocal in its defense of absolute transparency, citing its “accuracy policy.”

”We do not tamper with the evidentiary value of important historical archives,” it tweeted in response to questions about why it released seemingly-irrelevant donor voicemails in the DNC leak.

But WikiLeaks is far less forthcoming about how it decides whether it will publish a leak it receives.

A number of recent leaks that have visible political upsides have lead some critics to argue that the group is allowing itself to act as a bullhorn for foreign intelligence services who want to damage another government — or another political party.

“They want notoriety, they want publicity, they want to be relevant, they want people to keep putting pressure to drop a sexual assault investigation [against founder Assange], so they are willing to basically take data from whoever and dump it as long as it’s in their interests,” Weaver said.

In 2015, the site published confidential documents from Saudi Arabia that appeared to have been stolen by Iran. The leak contained few bombshells, but painted an unflattering portrait of Saudi diplomats obsessed with Iran.

Later in the year, it published a trove of NSA documents that also contained few revelations beyond the execution of the agency’s work as an intelligence arm of the United States.

“Airing such surveillance out in the open seems to be deliberately designed to damage U.S. relationships,” Weaver wrote at the time.

In the case of the DNC hack, the Clinton campaign and some policy experts believe that the Russian government was attempting to influence the outcome of the U.S. election by passing damaging information to WikiLeaks on the eve of the Democratic convention.

Greenwald and others have pushed back on that suspicion, noting that journalists often hold stories until the moment when they will have the most impact.

“It is in the interest of WikiLeaks to post provocative data at the height of relevance,” Jim Walter, a senior member of the security firm Cylance’s research team.

Assange has denied that the leak was a Russian influence operation, arguing that “there is no proof of that whatsoever.”

“We have not disclosed our source, and of course, this is a diversion that’s being pushed by the Hillary Clinton campaign,” he said in a recent interview.

Some onlookers have posited that WikiLeaks, which fiercely guards the anonymity of its sources, may not even know who gave it the information.

It is unclear how the organization vets the information it receives for accuracy.

WikiLeaks claims to have a “perfect record in document authentication” — and journalists typically treat the data released by the site as legitimate — but computer science experts aren’t so sure.

No one has publicly disputed the veracity of the DNC emails and Weaver, like most researchers The Hill spoke to, believes the dump to be authentic.

But he questions broadly whether WikiLeaks “with their dump-it-all attitude” is hand-sorting information and corroborating it with a second source, the way a journalist would.

“WikiLeaks does not have the immune system to act against sabotaged data in a larger dump,” Weaver said.

The concern is that ifWikiLeaks is publishing information it receives from intelligence agencies wholesale, some of the documents could be tampered with to fit an agenda.

“In light of #DNCLeak, worth thinking how worryingly effective a single falsified email in a doc-dump of real ones would be,” tweeted Matt Tait, founder of the U.K.-based security consultancy Capital Alpha Security.