WASHINGTON – An online whistle-blower’s threat to release more classified Pentagon and State Department documents is raising difficult questions of what the government can or would do, legally, technically or even militarily to stop it.
Constrained by the global reach of the Internet, sophisticated encryption software and the domestic legal system, the answer seems to be: Not much.
Additional Photos
But if the U.S. government believes that the release of classified documents WikiLeaks is preparing to disclose will threaten national security or put lives at risk, cyber and legal experts say the options could expand to include cyber strikes to take down the WikiLeaks website and destroy its files or covert operations to steal or disable the files.
At the center of the drama was the posting last week of a massive 1.4 gigabyte mystery file named “Insurance” on the WikiLeaks website.
The “Insurance” file is encrypted, nearly impossible to open until WikiLeaks provides the passwords. But experts suggest that if anyone can crack it, the National Security Agency could.
That file, coupled with WikiLeaks’ release of more than 77,000 secret military documents last month, prompted the Pentagon to demand that the website’s editor-in-chief, Julian Assange, cancel any new document dumps and pull back the Afghan war data he already posted.
WikiLeaks slammed the demand as an obnoxious threat, and Pentagon spokesman Geoff Morrell declined to detail what, if any, actions the Defense Department may be ready to take.
Officials say the data may include up to 15,000 military documents related to the Afghanistan war that were not made public in the initial release.
Daniel Schmitt, a WikiLeaks spokesman in Berlin, said Saturday the new batch of classified documents the website is preparing to release will contribute to the public’s understanding of the war.
“Hopefully with this understanding, public scrutiny will then influence governments to develop better politics,” he said.
Schmitt denied that the disclosure of the documents is a threat to U.S. security interests.
Assuming the documents contain highly sensitive information that threatens national security, the United States must weigh a number of options, experts say.
First, from a legal standpoint, there is probably little the U.S. government can do to stop WikiLeaks from posting the files. It is against federal law to knowingly and willfully disclose or transmit classified information. But Assange, an Australian who has no permanent address and travels frequently, is not a U.S. citizen.
Since Assange is a foreign citizen living in a foreign country, it’s not clear that U.S. law would apply, said Marc Zwillinger, a Washington lawyer and former federal cyber crimes prosecutor. He said prosecutors would have to figure out what crime to charge Assange with, and then face the daunting task of trying to indict him or persuade other authorities to extradite him.
“Could the U.S. get an injunction to force U.S. Internet providers to block traffic to and from WikiLeaks such that people couldn’t access the website?” Zwillinger said. “It’s an irrelevant question. There would be thousands of paths to get to it. So it wouldn’t really stop people from getting to the site. They would be pushing the legal envelope without any real benefit.”
Legal questions aside, it appears WikiLeaks used state-of-the-art software requiring a sophisticated electronic sequence of numbers, called a 256-bit key, to open the files.
The main way to break such an encrypted file is by what’s called a “brute force attack,” which means trying every possible key, or password, said Herbert Lin, a senior computer science and cryptology expert at the National Research Council of the National Academy of Sciences.
Unlike a regular six- or eight-character password that most people use every day, a 256-bit key would equal a 40 to 50 character password, he said.
If it takes 0.1 nanosecond to test one possible key and you had 100 billion computers to test the possible number variations, “it would take this massive array of computers 10 to the 56th power seconds — the number 1, followed by 56 zeros” to plow through all the possibilities, said Lin.
How long is that?
“The age of the universe is 10 to the 17th power seconds,” said Lin. “We will wait a long time for the U.S. government or anyone else to decrypt that file by brute force.”
Could the NSA, which is known for its supercomputing and massive electronic eavesdropping abilities abroad, crack such an impregnable code?
It depends on how much time and effort they want to put into it, said James Bamford, who has written two books on the NSA.
The agency, he speculated, has probably been looking for a vulnerability or gap in the code, or a backdoor into the commercial encryption program protecting the file.
At the more extreme end, the NSA, the Pentagon and other U.S. government agencies — including the newly created Cyber Command — have probably reviewed options for using a cyber attack against the website, which could disrupt networks, files, electricity, and so on.
Copy the Story Link
Send questions/comments to the editors.
Success. Please wait for the page to reload. If the page does not reload within 5 seconds, please refresh the page.
Enter your email and password to access comments.
Hi, to comment on stories you must . This profile is in addition to your subscription and website login.
Already have a commenting profile? .
Invalid username/password.
Please check your email to confirm and complete your registration.
Only subscribers are eligible to post comments. Please subscribe or login first for digital access. Here’s why.
Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.