WikiLeaks founder Julian Assange lost control of his site’s submission system in an internal revolt last fall, and has never regained it, according to a tell-all book penned by the organization’s top defector, who accuses Assange of routinely exaggerating the …

WikiLeaks Defector Slams Assange In Tell-All Book

WikiLeaks founder Julian Assange lost control of his site’s submission system in an internal revolt last fall, and has never regained it, according to a tell-all book penned by the organization’s top defector, who accuses Assange of routinely exaggerating the security of the secret-spilling website and lying to the public about the size and strength of the organization.

Although WikiLeaks has claimed for months that its submission system is down due to a backlog of documents it has no time to process, Daniel Domscheit-Berg writes in Inside WikiLeaks that he and a top WikiLeaks programmer seized the submission system when they defected from the organization last September, along with documents in the system at the time.

“This is the first time we’ve told anyone about this,” Domscheit-Berg writes.

Domscheit-Berg, who was known as Daniel Schmitt during his nearly three-year tenure with the organization, had a high-profile fallout last year with Assange, whom he once considered a best friend. He now says of Assange, “Sometimes I hate him so much that I’m afraid I’d resort to physical violence if our paths ever cross again.”

Along with other former WikiLeaks staffers and volunteers, he’s currently developing a competing leak system called OpenLeaks.org. His book is set for simultaneous publication Thursday in 14 countries, according to his U.S. distributor. Threat Level obtained a prerelease version of the book from the publisher, therefore quotes from the book cited here may not match the final version.

Last August, in the wake of rape allegations against Assange as well as criticism that the site had mishandled the names of informants in Afghan documents the site published with media partners, Domscheit-Berg and two WikiLeaks programmers fed up with the way things were being run, staged a halfhearted mutiny. They disabled the WikiLeaks wiki and changed the passwords to the Twitter and e-mail accounts. In response, Assange shut down the whole system, causing the mutineers to cave in. But within weeks, Domscheit-Berg and one of the programmers had left WikiLeaks for good and taken the submission system with them.

They seized the system because they had doubts Assange would handle the documents securely, due to lack of care he had allegedly shown for submissions in the past.

Inside WikiLeaks“Children shouldn’t play with guns,” Domscheit-Berg writes. “That was our argument for removing the submission platform from Julian’s control … We will only return the material to Julian if and when he can prove that he can store the material securely and handle it carefully and responsibly.”

The submission system had been recrafted by the programmer, whom Domscheit-Berg refers to only as “the Architect”, after he became frustrated with the jerry-built infrastructure Assange, and perhaps others, had set up when Wikileaks launched in December 2006, according to the book. WikiLeaks had been running on a single server with sensitive backend components like the submission and e-mail archives connected to the public-facing Wiki page. The Architect separated the platforms and set up a number of servers in various countries.

In a statement Wednesday, WikiLeaks essentially confirmed Domscheit-Berg’s version of why the site’s submission system is missing. The organization said the system remains down months after Domscheit-Berg left because his “acts of sabotage” forced the organization to “overhaul the entire submission system” and the staff lacks time to do so.

The statement does not explain why Assange had previously claimed the submission system was down by design to stop an already huge backup of documents from growing even larger.

Domscheit-Berg writes that he and the Architect won’t release the unpublished documents and will return them to WikiLeaks once Assange builds a secure system. Noting that the current site has no SSL support, Domscheit-Berg warns that anyone who visits the site to read submission instructions could be monitored.

“The current system has become a security risk for everyone involved,” he writes.

Domscheit-Berg told Threat Level in an interview on Sunday that the hijacked leaks only include those submitted since the time the system came back online in July following an outage, and the time it went down permanently. Anything submitted before then, or via other methods, would still be in Assange’s possession.

Aside from the infrastructure issues, Domscheit-Berg’s book alleges that Assange has told other tall tales to the press and supporters. For example, Assange told a New Yorker writer last year that his group had spent three months decrypting a U.S. Army video that the site published in April 2010 under the title “Collateral Murder.” The implication was that the skills and resources of WikiLeaks staffers were so elite, they could crack the government’s encryption.

In fact, Domscheit-Berg says, WikiLeaks had the password to the video.

That account is supported by statements alleged leaker Bradley Manning made in chats with ex-hacker Adrian Lamo when he claimed to have leaked the video to WikiLeaks. Manning told Lamo that the Iraq video “was never really encrypted” when he found it on an Army server, but that he encrypted the file to transmit it to WikiLeaks and then separately sent the password to WikiLeaks to unlock the video file.

Speaking of Manning’s arrest last May, Domscheit-Berg writes: “It was the worst moment in the history of WikiLeaks.” Though he doesn’t acknowledge Manning was WikiLeaks’ source, he says that he opposed further publication of U.S. documents after Manning was incarcerated. “Given the opaque nature of the situation,” he writes, “we should have ruled out any further publication of the American documents.” He also says that WikiLeaks “utterly failed” in organizing financial and other support for Manning.

Domscheit-Berg began working with Assange after meeting him at a hacker conference in Germany in December 2007. Although WikiLeaks claimed to have hundreds of volunteers and an untold number of staffers, the organization consisted essentially of Assange and Domscheit-Berg, who pored through submissions, did little more than simple Google searches to verify documents and posed as non-existent staffers in e-mail and other correspondence to make WikiLeaks seem heftier than it was.

The two were later joined by “the Technician” in 2008 and “the Architect” in 2009, both of whom assumed responsibility for the technological infrastructure, while Assange and Domscheit-Berg handled content and media relations. That is, until internal fighting began in 2009. Initially, the fights were over Assange’s lack of transparency in handling donated funds, but eventually encompassed everything from the security of sources and submissions, to Assange’s lack of trust in Domscheit-Berg, and Assange’s relations with women.

Below are some of the highlights from the book.

On WikiLeaks’ Efforts to Redact Sensitive Information from U.S. Documents

Domscheit-Berg adds to recent revelations from the Guardian that Assange cared little about protecting the identity of sources named in U.S. Army documents that were published with media partners last July. The Guardian reported recently that editors insisted Assange redact names of anti-Taliban informants before publishing the documents, but Assange replied, “Well, they’re informants. So, if they get killed, they’ve got it coming to them.” Assange later publicly touted WikiLeaks’ “harm minimization policy” in redacting the names.

To that, Domscheit-Berg adds that four days before the documents were to be published, Assange had not told the WikiLeaks staffers preparing the documents for publication to redact names. Domscheit-Berg learned of the issue when editors at the German newspaper Der Spiegel asked how the redactions were going. WikiLeaks couldn’t complete the redactions before publication, so its media partners told it to withhold a subset of 14,000 documents that contained most of the names. Assange asked the New York Times to help redact, but did so only 24 hours before publication. He then later complained he’d received no help from the paper, Domscheit-Berg writes.


 

On the Swedish Rape and Coercion Allegations

When Birgitta Jonsdottir, an Icelandic member of Parliament who worked with Assange on the Iraq video and other projects, learned of the rape allegations against Assange, she told him, “You have mixed WK with this in a very bad way.”

He replied: “No WL has sabotaged my private life.”

Domscheit-Berg says that when the story of the allegations broke, Assange wrote that he had just been through “the worst week of my life in the past 10 years.”

When Domscheit-Berg and others became concerned the allegations would tarnish WikiLeaks, Assange responded angrily with a list of things they had failed to consider doing for him, such as ensuring his legal support or coming up with political approaches to stop what he considered a smear. Among the list was a reference to safe houses and false papers, suggesting Assange might have considered obtaining false papers to flee Sweden before he could be arrested.

Other Revelations

E-mail sent to the WikiLeaks accounts for spokesman Kristinn Hrafnsson and an unidentified 17-year-old staffer were automatically forwarded to their Gmail accounts, opening the organization to government monitoring and other security risks.

Assange passed the U.S. diplomatic cables to an Icelandic volunteer to consider ways to present them graphically, but the volunteer passed them to freelance journalist Heather Brooke, breaking the security chain established for the documents. When WikiLeaks found out, Hrafnsson made the Icelander sign a declaration saying the documents had been taken from him illegally.

Domscheit-Berg doesn’t know what’s in the encrypted “insurance” file WikiLeaks posted to the site last July. They’d initially sent it out on about a dozen USB sticks to Green Party politicians, journalists and others, and had planned to distribute a password if anyone tried to take down WikiLeaks. But then the file appeared on the site for anyone to grab, and WikiLeaks has recently said the password would be released if anything “grave” took place involving WikiLeaks staff. WikiLeaks has not elaborated on whether this would mean the password would be released if Assange were to lose his legal battle over the rape allegations, but Domscheit-Berg seems to have interpreted it this way and writes that the file was never meant to be used as a threat for Assange’s personal matters.

When journalists asked about problems with WikiLeaks’ infrastructure, Domscheit-Berg would purposely confuse them with technobabble. He writes that it was amazing how often their obfuscation strategy worked. “To create the impression of unassailability to the outside world, you only had to make the context as complicated and confusing as possible,” he writes. “It was the same principle used by terrorists and bureaucrats. The adversary can’t attack as long as he has nothing to grab hold of.” The truth was, he notes, their “technical infrastructure was a joke and irresponsible. If someone knew where the server was located they could have shut WL down permanently … We were acting irresponsibly, playing a risky game with our sources’ trust and our supporters’ donations.”

Assange has a secret “nanny” (Domscheit-Berg’s term for her) who flies in to help deal with problems Assange doesn’t want to handle. She’s described as an old friend of Assange, who is around 40 and lives in a timezone “far apart” from the U.S. She sometimes arrives just before conferences to write Assange’s speeches. “After other people and I left WL she was also the one who ended up traveling the world mediating between Julian and us and asking us not to damage the project by publicly criticizing it,” Domscheit-Berg writes. “For personal reasons I don’t want to go into here, she would never want to talk about her contact with WL.”

Until WikiLeaks began working with media partners in 2010, it did little vetting of submissions beyond simple Google searches to see if documents seemed legitimate. This proved to be a problem when someone identified in a Julius Baer document as having a secret Swiss bank account claimed he’d been misidentified. Domscheit-Berg says the source who gave them the documents had also “included some background information he had researched about the bank’s clients.” But the source had apparently confused a Swiss account holder with a German man who had a similar name. When the German threatened to sue for slander, Assange and Domscheit-Berg added a caveat to the document saying, “according to three independent sources” the information might be false or misleading. The three independent sources, however, didn’t exist. Domscheit-Berg says they made them up.

In June 2009 long before the New York Times became a WikiLeaks media partner, PayPal froze WikiLeaks’ account over questions about its nonprofit status. A female journalist from the New York Times intervened with PayPal and got the account unfrozen for WikiLeaks telling PayPal that WikiLeaks was “being supported by the New York Times.”

Photo: WikiLeaks founder Julian Assange and then-spokesman Daniel Domscheit-Berg in Germany, 2009. (Jacob Appelbaum/Flickr)

Pages: 1 2 View All

Kim Zetter

Kim Zetter is a senior reporter at Wired covering cybercrime, privacy, security and civil liberties.

Read more by Kim Zetter

Follow @KimZetter and @ThreatLevel on Twitter.