WikiLeaks may have exploited music, photo networks to get data

By Michael Riley

Bloomberg News

Published: Thursday, Jan. 20 2011 12:00 a.m. MST

WASHINGTON — WikiLeaks, condemned by the U.S. government for posting secret data leaked by insiders, may have used music- and photo-sharing networks to obtain and publish classified documents, according to a computer security firm.

Tiversa Inc., a company based in Cranberry Township, Pa., has evidence that WikiLeaks, which has said it doesn't know who provides it with information, may seek out secret data itself, using so-called "peer-to-peer" networks, Chief Executive Officer Robert Boback claimed. He said the government is examining evidence that Tiversa has turned over.

The company, which has done investigative searches on behalf of U.S. agencies including the FBI, said it discovered that computers in Sweden were trolling through hard drives accessed from popular peer-to-peer networks such as LimeWire and Kazaa. The same information obtained in those searches later appeared on WikiLeaks, Boback said. WikiLeaks bases its most important servers in Sweden.

"WikiLeaks is doing searches themselves on file-sharing networks," Boback said in an interview, summing up his firm's deductions from the search evidence it gathered. "It would be highly unlikely that someone else from Sweden is issuing those same types of searches resulting in that same type of information."

Tiversa's claim is "completely false in every regard," said Mark Stephens, WikiLeaks' London attorney, in an e-mail. Stephens regularly represents media organizations, including Bloomberg News.

Tiversa declined to say who its client was when it noticed the Swedish downloads. Howard Schmidt, a former Tiversa adviser, is cybersecurity coordinator and special assistant to President Barack Obama.

Tiversa researchers said the data-mining operation in Sweden is both systematic and highly successful.

In a 60-minute period on Feb. 7, 2009, using so-called Internet protocol addresses that every computer, server or similar equipment has, Tiversa's monitors detected four Swedish computers engaged in searching and downloading information on peer-to-peer networks. The four computers issued 413 searches, crafted to find Microsoft Excel spreadsheets and other information-rich documents among some of the 18 million users the company estimates are on such file-sharing networks at any given moment.

Those searches led to a computer in Hawaii that held a survey of the Pentagon's Pacific Missile Range Facility in that state. Tiversa captured the download of the PDF file by one of the Swedish computers. The document was renamed and posted on the WikiLeaks website two months later, on April 29, 2009, according to a mirror image of the site.

A product of the U.S. Navy's Space and Naval Warfare Systems Center, the document exposed sensitive details of infrastructure changes for outfitting the base with a new sensor system. The mirror site said only that the file "was first publicly revealed by WikiLeaks working with our source."

Boback said the retrieval and posting follows a pattern his researchers have tracked over and over. They estimate that as much as half of the postings by the group could originate from information siphoned from peer-to-peer users, he said.

"There are not that many whistleblowers in the world to get you millions of documents," Boback said. "However, if you are getting them yourselves, that information is out there and available."

Tiversa provided its findings to federal agencies to aid what Boback called the early stages of an investigation into the matter. A separate criminal probe is being conducted by a federal grand jury in Virginia regarding tens of thousands of diplomatic cables and other secret material allegedly provided by Army Pvt. Bradley Manning, Stephens said in December.

Try out the new DeseretNews.com design!
try beta learn more
Get The Deseret News Everywhere