We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

WikiLeaks 'obtains data from P2P nets, not leaks', firm claims

Whistleblower site denies Tiversa claim

WikiLeaks officials deny claims by a security firm that it has obtained some sensitive documents on P2P networks rather than from anonymous whistleblowers.

Not all of the sensitive documents published by WikiLeaks over the past few years have come from anonymous whistleblowers, as the site has claimed, contends security firm Tiversa.

Rather, Tiversa claims that evidence suggests that at least some of the documents were obtained by WikiLeaks via its own searches on peer-to-peer networks.

Tiversa's claims were dismissed outright by Mark Stephens, WikiLeaks' attorney, who told Bloomberg News that they are "completely false in every regard."

Tiversa, whose clients include the FBI, helps organizations monitor P2P networks for leaked data.

Over the past few years, the company has served up several sensational examples of highly sensitive information accidentally posted on file-sharing networks.

In 2009, for example, Tiversa disclosed to Congress that it had found U.S. Secret Service details on a safe house for the U.S. First Family, along with presidential motorcade routes, on a LimeWire file-sharing network. Earlier that same year, Tiversa disclosed that it had found classified data about the President's Marine One helicopter floating on a P2P network.

Scott Harrer, brand director at Tiversa, said the security company has unearthed numerous sensitive documents on P2P networks that were later posted on WikiLeaks. The whistleblower Web site said all the documents had been anonymously leaked to it.

Bloomberg published some examples of Tiversa's latest claims.

For instance, WikiLeaks in 2009 published a document that exposed sensitive information about infrastructure upgrades at the Pentagon's Pacific Missile Range Facility in Hawaii. WikiLeaks claimed to have obtained the document from a source, though it had been available on a P2P network at least two months earlier, according to the Bloomberg report.

Bloomberg also cited WikiLeaks' posting posting of what it called a leaked spreadsheet containing detailed information on potential terrorist targets in Fresno County, Calif. The report said the the data was in fact inadvertently posted on a file-sharing network by a California state employee in August 2008.

In an interview, Harrer provided two more examples to Computerworld.

He said that WikiLeaks' release of Microsoft's Computer Online Forensics Evidence Extractor (COFEE) tool and related documentation in Nov. 2009 came several weeks after the information first become available on P2P networks.

WikiLeak's announcement of the Microsoft document suggests that it was obtained from a source, though it also appears to reference its previous availability on P2P networks.

Harrer added that Tiversa has in the past observed several highly targeted searches by computers with IP addresses based in Sweden for specific data on P2P networks. In almost all cases, the computers were searching for documents that were later published by WikiLeaks, Harrer added.

"It is very obvious to us that a lot of [what WikiLeaks posts] have been on P2P," he said. "We have kind of known about it since they came out in 2006."

The issue of inadvertent data leaks on P2P networks is an old one, though its threat to companies and governments remains as potent a threat as ever.

Such leaks typically occur when P2P client tools are improperly installed on computers containing sensitive data. Such improper installation has caused accidental data leaks at numerous organizations in recent years. The leaks have prompted Congress to consider laws banning the use of P2P software on government systems.

According to Tiversa and other security companies, P2P networks have become a treasure trove of information for data thieves and data harvesters. In most cases, all it takes to harvest the information is entering a few search terms. Often, such scavenging for information is not illegal because the data is already publicly available to anyone on the networks, Harrer said.

The key issue is not how WikiLeaks may have sourced its information but rather what it can do with it, said Eric Johnson, a professor of operations management at Dartmouth College's Tuck School of Business.

"I can totally believe that P2P stuff ends up on WikiLeaks," said Johnson who has testified on the issue before Congress. However, he added that the most important "thing is that Wikileaks is offers a whole new channel for these kinds of leaks."

"For the CIO of a Fortune 500 company, it doesn't matter how WikiLeaks gets the information," Johnson said. What really matters is that "WikiLeaks can amplify that information a thousand times."

IDG UK Sites

Windows 10 for phones UK release date, price and new features: When will my phone get Windows 10?

IDG UK Sites

It's World Backup Day 2015! Don't wait another minute: back up now

IDG UK Sites

Get the free Adobe Comp CC iPad app for rapid layout design

IDG UK Sites

New 13-inch Retina MacBook Pro (early 2015, 2.7GHz) review: Just about the greatest upgrade any...