- Carl Court/Getty Images
WikiLeaks founder Julian Assange told Fox News host Sean Hannity that he was sure that the Russian government was not the source of hacked emails from the Democratic National Committee and Hillary Clinton’s presidential campaign chairman John Podesta.
But Assange’s own website seems to disprove his assertion.
“We can say, we have said, repeatedly over the last two months that our source is not the Russian government and it is not a state party,” Assange said, in response to Hannity asking whether he could tell the American people “1,000 percent” that the emails did not come from Russia.
On its face, Assange’s claim that the emails were not from a state party could check out. For example, a criminal organization in possession of the documents (that were, theoretically, given to them by a state) could still leak that information to WikiLeaks, which would give Assange plausible deniability.
But WikiLeaks prides itself on anonymity for its sources. How does Assange even know anything about the source of the emails, let alone be absolutely certain they did not come from Russia?
It’s an interesting question, considering what it says on WikiLeaks’ own about page:
“Like other media outlets conducting investigative journalism, we accept (but do not solicit) anonymous sources of information. Unlike other outlets, we provide a high security anonymous drop box fortified by cutting-edge cryptographic information technologies. This provides maximum protection to our sources.”
WikiLeaks’ anonymous drop box can only be accessed through the encrypted Tor browser, which hides a user’s IP address. This is what it looks like:
The interface claims that it encrypts the files that are uploaded immediately. Further, WikiLeaks’ “About” page says that “we can not provide details about the security of our media organization or its anonymous drop box for sources because to do so would help those who would like to compromise the security of our organisation and its sources.”
“What we can say is that we operate a number of servers across multiple international jurisdictions and we we do not keep logs. Hence these logs can not be seized. Anonymization occurs early in the WikiLeaks network, long before information passes to our web servers. Without specialized global internet traffic analysis, multiple parts of our organisation must conspire with each other to strip submitters of their anonymity.”
In other words, the site’s anonymous drop box keeps no record of who submits documents, does not offer or require any identifying information, and there is no single WikiLeaks employee with the power to unmask an anonymous source.
At least, that’s what WikiLeaks claims.
There are other avenues through which the emails could have made their way to WikiLeaks; an insider could have brought it to their offices, for example, or mailed it. But documents brought in person or mailed by an insider don’t really line up with how the hack was carried out – a large-scale phishing campaign against nearly 2,000 accounts, most of which were Western military and government officials, journalists critical of Russia, and businesses with Russian ties.
And why would anyone with such a rich cache of electronic documents decide to mail them, or out themselves in person – in lieu of just using WikiLeaks “high-security anonymous drop box” to protect their documents and themselves, while transferring the files in mere minutes?
The US intelligence community has its own sources and methods to conclude that the most likely culprit is Russia, and it plans to release a report of its findings next week. But Assange has nothing of the sort. He just has an anonymous drop box.
Or, that drop box may not be anonymous after all.
This is an important Q not just re: DNC & Russia, but also to anyone considering submitting to Wikileaks: how safe is your identity, really? https://t.co/SoIHFlazfl
— Adam Weinstein (@AdamWeinstein) January 5, 2017