Thursday, September 01, 2011

WikiLeaks Leaked Cables Update

In an earlier post, I suggested that security practitioners might want to pay attention to the content of leaked U.S. diplomatic cables in case information about their organization was present. Since perception can become reality, there's a chance the mention of an organization in some context might increase their risk exposure. Web sites such as CableDrum and CableGateSearch allow you to easily search for text in the cables that WikiLeaks has officially released.

Up until now, WikiLeaks has tightly controlled the flow of the compromised cables and hasn't released all of them. But as of yesterday, the entire, unredacted collection of cables (over 250,000) was unofficially leaked and has found its way onto the Internet (much to the dismay of WikiLeaks). 9/2/11 Update - There's a great description of how the encrypted cables were compromised here.

I'm not going to debate the legality or ethics of the release of this information. Only that the genie is out of the bottle, and anyone with a small amount of technical ability can now access the full set of cables.

A compressed version of the cables is currently available from various BitTorrent sources or can be directly downloaded (at the moment) from John Young's Cryptome disclosure site. The ~360 MB file is compressed in 7z format, you'll need a copy of the free compression utility 7-Zip to open the file. It uncompresses to a whopping ~1.7 GB text file. This is too large to open in Word or Excel for viewing (Excel's maximum number of lines is a bit over 65,000 and Word is constrained to around 100MB files but is also limited by system memory). So you'll either need to split the file into manageable chunks using a text file splitting program (such as HJSplit) or use a suitable text file reading program (Large Text File Viewer is a good, free Windows option). 9/2/11 Update - A colleague tipped me off to a much better and faster free program for viewing and searching large files. It's called Cream, a modern version of the old VIM programmer's editor, and is available here.

Searching through the entirety of such a large volume of unindexed data is a slow process (figure up to multiple hours for each text string you're interested in, depending on what program you're using). The search is going on in the background though, so you can be working on other things, checking the progress periodically and then clicking to search for the next instance of the text if it's found.

I suspect in the very near future someone will index all of the cables and put up an easy-to-use search Web site. But in the meantime, if you want to see if your organization is mentioned in any of the leaked cable traffic, the above information should help you get started. 9/2/11 Update - In response to the leak, WikiLeaks has now officially released all of the cables (with no redactions). They are available for browsing here or on CableGateSearch for full-text searching. I've written a follow-up to this post here.



Post a Comment

<< Home