A security breach has led to the WikiLeaks archive of 251,000 secret U.S. diplomatic cables being made available online, without redaction to protect sources. WikiLeaks has been releasing the cables over nine months by partnering with mainstream media organisations.
Selected cables have been published without sensitive information that could lead to the identification of informants or other at-risk individuals. The U.S. government warned last year that such a release could lead to U.S. informants, human rights activists and others being placed at risk of harm or detention.
A Twitter user has now published a link to the full, unredacted database of embassy cables. The Twitter user is believed to have found the information after acting on hints published in several media outlets and on the WikiLeaks Twitter feed, all of which cited a member of rival whistleblowing website OpenLeaks as the original source of the tipoffs.
The Guardian, New York Times (NYSE: NYT), Der Spiegel, Le Monde and El Pais were the first five news organisations to publish stories based on the documents, allegedly leaked by U.S. soldier Bradley Manning, in December 2010.
WikiLeaks published a statement blaming the documents’ release on the Guardian‘s book WikiLeaks: Inside Julian Assange’s War on Secrecy, by investigations editor David Leigh and Luke Harding, published in February 2011.
A statement released on WikiLeaks’ official Twitter feed alleged: “A Guardian journalist has, in a previously undetected act of gross negligence or malice, and in violation of a signed security agreement with the Guardian‘s editor-in-chief Alan Rusbridger, disclosed top secret decryption passwords to the entire, unredacted, WikiLeaks Cablegate archive. We have already spoken to the state department and commenced pre-litigation action. We will issue a formal statement in due course.” The Guardian denies WikiLeaks’ allegations.
The embassy cables were shared with the Guardian through a secure server online for a period of hours, after which the server was taken offline and all files removed, as was previously agreed by both parties. Such practice is considered a basic security precaution when handling files of such sensitivity.
However, unknown to anyone at the Guardian, the same file with the same password was republished at a later stage on BitTorrent, a network typically used to distribute films and music. This file’s contents were never publicised, nor was it linked online to WikiLeaks in any way.
The Guardian denied any charges of complicity in the release of the unredacted US embassy cables: “It’s nonsense to suggest the Guardian‘s WikiLeaks book has compromised security in any way. Our book about WikiLeaks was published last February. It contained a password, but no details of the location of the files, and we were told it was a temporary password which would expire and be deleted in a matter of hours.
“It was a meaningless piece of information to anyone except the person(s) who created the database. No concerns were expressed when the book was published and if anyone at WikiLeaks had thought this compromised security they have had seven months to remove the files. That they didn’t do so clearly shows the problem was not caused by the Guardian‘s book.”
This article originally appeared in MediaGuardian.