WikiLeaks Offer and Sarah Harrison Likely a Hoax
29 June 2014. Correction of host offer initiation.
28 June 2014
WikiLeaks Offer and Sarah Harrison Likely a Hoax
Previous: http://cryptome.org/2014/06/wikileaks-fails/wikileaks-offer-fails.htm
On 25 January 2014, by Tweet and by Twitter Direct Message, "WikiLeaks" offered to host Cryptome on its servers. Cryptome by DM asked "WikiLeaks" for preferred means to transfer a USB of the Cryptome Archives, requesting an answer by encrypted email to assure "WikiLeaks" was not an imposter.
To assure the proposal was legitimate Cryptome sent an encrypted email to Jacob Appelbaum asking if he could authenticate the offer. Appelbaum has not responded.
The next day an encrypted email arrived from "Sarah Harrison "
Date: Thu, 26 Jun 2014 14:14:19 +0000From: sarah[at]wikileaks.orgTo: cryptome[at]earthlink.netSubject: GPG Encrypted Message
The decrypted message:
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512Hi,I am writing regarding collection details. I can confirm who can do so later today. Can you please let me know where they should go and timing possibilities?Many thanks. BestSarah-----BEGIN PGP SIGNATURE-----Version: GnuPG v1.4.10 (GNU/Linux)iQIcBAEBCgAGBQJTrCTHAAoJEAG3uohTDKQYlAEP/0Xa8DldWfbIRpfqnudj4lRfQQJCjwitC436rFV3gAvlV3Y+o+IqotXAhbhQija9+F6/sEnryhd4587kVAeYdF71Bz/ATdiYxekR3PHWTEl4LiYqehlR1P4ruSp8V26w+q6su6IYDoivS9CcEEVoqsPki6uDKrghAq/GsCl1aOZLN0v5MX43KqjbMnDu1BcdLP3ijZPZLrjMCtB4xbUHii8uMSyzbfXciuoHuetWVdZg2gBjNeIqDsSlnqFmLYFkRPyYTPY8xzpp8QxM9SleCO5M7Hp9F51XXrf+qWWVUHPWjWaEtr6QMPFXCQorEn8DiDDLqlCV1gMT667nwaFQ94E3RjKGAPqtQSj4u0gNV3PvHGhcAonzCl5OsHL4xlcj/X1P0hLVufnj+rCf0ZLuDRtVjuuzzaPIb1Zoa9H68d03lJdSiMderMdK6JbQhJKkfSvX5YJX+r4JOXWu+ydpuA3llbom3djeOTbVyYQqj62muVLASX3hnRNzYYkEJr4mJdDU9/K76LRIRdzJczaSglUlVkl/rsVPFLEIRCpt/yaEUwfz5JodkeqfgWF+nQb7QRKXBF5dysUX+fEhY8KF4kRZuMd56gQGXqYGGyA/XIXZD2DgxxoBzPOaBlYJD+e8i7GvWgKhjKvBDNzFZfclkygT64c+EmjeGXoyZhux9xIH=Q8AC-----END PGP SIGNATURE-----Attached: key.ascThe "key.asc" PK provided (this key was not found on keyservers) and a PGPdump analysis:
-----BEGIN PGP PUBLIC KEY BLOCK-----Version: GnuPG v1.4.10 (GNU/Linux)mQINBFOsIUgBEAC2sl6oY5Y/6f+RR5Ze6Bh3sCZafdBzuiU0SF0s/qOnoOPvoCuyn60xZkQxBuIocwWy7beWyZmIaWtSh7Zflq+HbEBGw0gS7Mw/QCwgEhJkxq59QPrpZk4MI0v+8dmhHPXP+6BAi5FlBf5V0HW/YCHPW/L05bAgDfAkRNPUyyCQNj1lA6stB+dYcsRkKpmvMfVlYEtpkOjjM8G14Pec2H+wmEPHEG57+7iVYfwPyxPVIN1GokJWWuQZKXd8fTvwDx+72umDwxEGWxHhecY4jbtGvWqXA7lOAjRpaAssEyw60JrdCc1cJGzDDXeSlIi3YLzYsozRli93W3OZOAL1fxJe0c5sTAvHrVVnSjF3bNqwWI+VBOPk+dL/7Dx2SGCSVvwqx+V/MjTwoIgaXUZaU2FPRnQDNp0mGKDu/8GlPD+A+CU+RWGhvgcqP/4dR/MMIZ+x6WhPKYCqf0/BFlHvjXmwGgJBKjU444szdyZknc9sc3YiIU6s9ut6SvT0/4PqU7ErEx6DbspsL2fNkUeTs6BvI7GbzvM0os70PiMfL80TOXEQck3YjXVZ99LNpwveOEGOdfH4DxRTwZYC78W1NPFLx+n4VZnJWXKdD6tBSrImMq7eidu7cYxvjTspqUYpzmSKVB0GpVGx9b2wKwsUx3AVbgHIR+0dlfYqUhVH4CQb9wARAQABtCRTYXJhaCBIYXJyaXNvbiA8c2FyYWhAd2lraWxlYWtzLm9yZz6JAjcEEwEIACEFAlOsIUgCGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQAbe6iFMMpBjIKg//XivxkJCpOdbmGA44tzWrI4dSe8CWvEONGZ7G+1Sv7AsDK+66cbgtocf0ZFv+zPgWn5YBi5zdT3xaUCfOngT1SWUhuGzhkZUDpfu6v3hP2cInWBANcnlb/LhK9naYJwqpd8yZECLjIbbWbnJ/UsW3m0IZCuY0Mt2xSOIelwOYyF/t3f6/+PbXl2RVnRkmXgXTf0f8Bf4OzUj9KS7mdHUIjWYz8TJlGE6uBKGOV4t2g73I5GlU81FKi8dtlPrGsJTufV3BJ6E0Vgk9R9VaG3Z6ZlRoN5zRxA77fVvHkKApD+G9QPPHPjs0HzPenynyHzRxPUEIra/Myn7y/KQO0QNEeIZUT7er+oh6ZKQeo90HV2hqPyODWW3O4/H0xwgpYE4lKU0Sic/vGKzeK0yWmAeqc6ZpZPJhNOYjgr4bzNkIT52hQMyLr2+UMSnkwTiOvGGtsf5YTX6et0Iy9YzFXnwGVTR+eqwCndHnWc78TmHNbDjY405YWFVxPZ3pvtUSlF2JLLvkePwcfN+x6ENIg5RLXc2uCQoa8jT4K9yxIvkZggjAdgI+CZbgwTRT8z2FKaxIM8lFE2yPF0QW4zePogHtOpJwhlxkvy2CM5FGU79h4IWb/oS6h0ZwHcOVP1BFB5BLGEj9jptwjLdlJeTaTSaMUtPv3BpoC8+KIbLy/ufzPIS5Ag0EU6whSAEQAK/CZI15MmTwy1hNtr0lK4NYXYBOBZXDpf04TpmKDIERDLTaPu4ucG+Bew3sJYcU647Qx5z2vnsWbFfnfvU1wEz2g0Rzg6Kpm6h1E2pXl33ll9t/LWWswgKoRjsd3J0lWQajRI9IbXNB2WWCUHV+8qvRnjXhqAGvKhZNSrjHUb12h73acAwo065z8IEUy3EKCP7P9mrOOZVOoPnufPpbxL2Yy4R7L2I76mMrxHSDFWpMGUGkqr2c57kXMo+8Qg0GJjRbdM3X6n92radow7LOFZsualoAB/L8PFfUYbt1S6tQNlXO7TR5RBRbQaLEYJUxIvisuwC5ToVlkVtLQFf7J0PD9Ljbqid9Tp80vypvvwjJGjxfmQSllrjRhWn1PlVo4HdVmj1l4AW7vwHFP0dLgw2a6fJMhYkQSFUVd7JJRylK8wj5KYwunYtqbwZ2wYcZFZE+vBtALwEUbYNKxY0YIerwBEYJCMNuL+7sUlqPwguTSs2qOzg5NzZEtXRvVKccaMnMYPfc42crFUwGjell2aq0SUWzQ7btZSVNaMWUuBOG9xmeq11GTxCYbx3nvAm3dOltMYRJ+iRdwdXw+fSV2+hydlLymbaf4pl33kHWqwMaN/uK1P714rtTiMC+K/pogJFeqTGI3JAK3v2MLU0WJKRrj4IlHnFPZhFfRcj3rrq5ABEBAAGJAh8EGAEIAAkFAlOsIUgCGwwACgkQAbe6iFMMpBjiYw//WwGoRFE79zw8H9LAPiEAnZZckvOMtcVeGO6hFt+pNIuQffMJHPf1fGUVBnJJ0Qwyfr4dXtRUa5576TkF9gEdlXBzHdnytif91390XuCTIDp2Puyowa9wu35UnLre/utRFgJzhA5Yy2ciHjd1SY3zz6VQ/cjOm8YJGEHFreQpy9MAs6iwsbw1vVwmd1D+2KSg7tPjODYTH+D19yAPtYURI6RhHN4pe2UOuXOrmqBGHiNdW/OkI32qUJfybuSewWgQMAdMat9CquIbS4Tl6QLV+zgZtWzF2zPGYYSDPYvzAomJe284Dpimr97XKA/5bTMU1YtaPZy+SjVozqQr0nwnXX4iLU4UH1BbApch37OXQg4hN446ZKFcG7ZhJEcXoJldIbPntS2mhe/ibhPOj42M9MLRelggM0HfuxfsLhUYriZ8vtIdEPCYthwqzyDiSxql6GRAFID32c7xGidV4dLckkJF09bFLEnlgNnWrr5x5pRMhYMJ2rN0p15rE/hX/0JNyBdCf2XkOQXMTq8FQ7mQf8DBH024aZj9BTwcHOGD8uKrUQeAJSQtd52jCbXaTyIq5HAu90aEAGolEg6s2m3kmbqVQzhOzXhVrEvCl+pfA6E5wUqeoztBKz9iv2WJ/TgPuvDyjzI6eo1YbPy4dN4JBvfTw+DGnB4EC7FZFbesj2o==cfop-----END PGP PUBLIC KEY BLOCK-----PGPdump ResultsOld: Public Key Packet(tag 6)(525 bytes) Ver 4 - new Public key creation time - Thu Jun 26 13:34:00 UTC 2014 Pub alg - RSA Encrypt or Sign(pub 1) RSA n(4096 bits) - ... RSA e(17 bits) - ...Old: User ID Packet(tag 13)(36 bytes) User ID - Sarah Harrison Old: Signature Packet(tag 2)(567 bytes) Ver 4 - new Sig type - Positive certification of a User ID and Public Key packet(0x13). Pub alg - RSA Encrypt or Sign(pub 1) Hash alg - SHA256(hash 8) Hashed Sub: signature creation time(sub 2)(4 bytes) Time - Thu Jun 26 13:34:00 UTC 2014 Hashed Sub: key flags(sub 27)(1 bytes) Flag - This key may be used to certify other keys Flag - This key may be used to sign data Hashed Sub: preferred symmetric algorithms(sub 11)(4 bytes) Sym alg - AES with 256-bit key(sym 9) Sym alg - AES with 192-bit key(sym 8) Sym alg - AES with 128-bit key(sym 7) Sym alg - CAST5(sym 3) Hashed Sub: preferred hash algorithms(sub 21)(4 bytes) Hash alg - SHA512(hash 10) Hash alg - SHA384(hash 9) Hash alg - SHA256(hash 8) Hash alg - SHA224(hash 11) Hashed Sub: preferred compression algorithms(sub 22)(4 bytes) Comp alg - ZLIB (comp 2) Comp alg - BZip2(comp 3) Comp alg - ZIP (comp 1) Comp alg - Uncompressed(comp 0) Hashed Sub: features(sub 30)(1 bytes) Flag - Modification detection (packets 18 and 19) Hashed Sub: key server preferences(sub 23)(1 bytes) Flag - No-modify Sub: issuer key ID(sub 16)(8 bytes) Key ID - 0x01B7BA88530CA418 Hash left 2 bytes - c8 2a RSA m^d mod n(4095 bits) - ... -> PKCS-1Old: Public Subkey Packet(tag 14)(525 bytes) Ver 4 - new Public key creation time - Thu Jun 26 13:34:00 UTC 2014 Pub alg - RSA Encrypt or Sign(pub 1) RSA n(4096 bits) - ... RSA e(17 bits) - ...Old: Signature Packet(tag 2)(543 bytes) Ver 4 - new Sig type - Subkey Binding Signature(0x18). Pub alg - RSA Encrypt or Sign(pub 1) Hash alg - SHA256(hash 8) Hashed Sub: signature creation time(sub 2)(4 bytes) Time - Thu Jun 26 13:34:00 UTC 2014 Hashed Sub: key flags(sub 27)(1 bytes) Flag - This key may be used to encrypt communications Flag - This key may be used to encrypt storage Sub: issuer key ID(sub 16)(8 bytes) Key ID - 0x01B7BA88530CA418 Hash left 2 bytes - e2 63 RSA m^d mod n(4095 bits) - ... -> PKCS-1The PGPDump shows the key was generated a few hours before the message was sent.
Cryptome provided a location and time frame by encrypted email to "Sarah Harrison" using a public key provided by "Harrison." The decrypted message:
Hi Sarah,Anytime today, 11AM to 5PM, the parcel can be picked up at our front desk. No need for face to face with us. However wewould appreciate the person leaving a simple sign of receipt.Any kind will do that indicates legitimacy. Let me know whatform that sign will be. This will help us avoid being spoofed by an imposter, all too common these days as you know.Address:251 West 89th Street Northwest corner of Broadway, No. 1 subway, 86th Street stopWill be in grey envelope with material inside. Name on envelope:Margaret Mead FoundationOur tel: 212-873-8700Regards,JohnThere was no answer to this email and nobody came for the pick-up. Cryptome then sent an encrypted email to "Harrison" stating the handover did not occur. The decrypted message:
Dear Sarah,The collection is canceled due to not receiving confirmation by encrypted email within proposed time frame. Concerned about being spoofed by animposter. And cannot authenticate your PK.Regards,JohnThis email was not answered.
Yesterday Cryptome sent an encrypted email to Trevor Timm asking if he could request Sarah Harrision to authenticate the "Harrison" public key. He emailed he would attempt to do so. No answer has been provided by Timm.
Yesterday Cryptome sent an encrypted email to Sarah Harrison describing the receipt of an encrypted email from a party claiming to be her, provided details of the public key provided -- email used, key ID, date and time of generation -- and asked if she could verify the key. No response has been received. The decrypted message:
*** PGP SIGNATURE VERIFICATION ****** Status: Good Signature*** Signer: Cryptome (0x8B3BF75C)*** Signed: 6/27/2014 1:23:46 PM*** Verified: 6/28/2014 12:37:52 PM*** BEGIN PGP DECRYPTED/VERIFIED MESSAGE ***Dear Ms. Harrison,Yesterday we received an encrypted email from a partyidentified as Sarah Harrison We were able to decrypt the message.However sent an encrypted response to the email addressbut have not received an answer.We have been unable to verify the public key providedas an attachment for responding to the email.Public key creation time - Thu Jun 26 13:34:00 UTC 2014 User ID - Sarah Harrison Key ID - 0x01B7BA88530CA418Do you recognize this email address and public key?We are concerned that the email may be a forgery.Thanks very much,John YoungCryptome.orgNew York, NY212-873-8700*** END PGP DECRYPTED/VERIFIED MESSAGE ***Today, 28 June 2014, appeared unsubstantiated allegation that Sarah Harrison has had a falling out with Julian Assange, and that she was preparing a book on the Snowden affair.
Another Assange Foot Soldier (Sarah Harrison) Missing In Action
We just love Assange gossip, its the stuff that makes the world go round: Back in 2010 we had a pretty good incite into just what was going on within [at]wikileaks. Some of the leaked "Insiders"stuff was questionable, however, with the passage of time some of it was absolutely spot on. Remember this was 2010 when Assange was being treated as some sort of Messiah by an adoring and unquestioning media. In a series of "Wikileaks Insider" messages that were run at www.cryptome.org forwarded by PGPBOARD Assange was exposed as an untrustworthy and arch manipulator, and [at]Wikileaks a virtual one man band.
Over the years we have maintained casual contact with the source of these 2010 Insiders leaks, who I might add has nothing to do with Wikileaks any more, and has a professional career in Germany.
SARAH HARRISON
OK having set the scene; let's continue. The parting of the ways between Assange and Sarah Harrison WAS NOT as amicable as Wikileaks aka Julian Assange would have one believe. Firstly Assange was intensely jealous of firstly Snowden for effectively freezing him out of the NSA leaks and his collaboration with Greenwald, and even more so with Sarah Harrison, who he suspected of becoming more of a personal advisor to Snowden than he anticipated!!
True to his colours, Assange's paranoia got the better of him, the relationship turned toxic and they eventually broke up. This was prior to Harrison leaving Russia.
Her next stop was Berlin, this was not by accident or fear of arrest in the UK, or anywhere else for that matter. This was yet another smoke screen. Sarah had something else on her mind, and that was the writing and publication of a kiss and tell book about her tenure at Wikileaks. Berlin would be prime choice, since many of the characters that were actively involved in Wikleaks early days, and subsequent schism were resident in Germany. Sarah needed no help concerning the later developments in the Swedish sex case issues, she was front and centre here.
We have been told that Sarah found or was contacted by the Berg's; they met in Berlin and was extensively briefed in detail about Assange and his early engagement of Wikileaks and donor funding irregularities.
Finally; as far we are concerned, this will be the DEFINITIVE tome about Assange and the disaster that became Wikileaks. I cannot wait for its publication, or details about who will publish...
Regards
AT
« Last Edit: Today at 12:32:14 AM by Alan Taylor »
(Cryptome is familiar with Alan Taylor's skeptical views of Assange and WikiLeaks.)
Based on the lack of response to our emails to "Harrison" and Harrison and if the allegations are credible, it suggests the true Sarah Harrison did not send the encrypted email to Cryptome, that instead her identity was forged as hoax. This may also suggest the "WikiLeaks" offer to host Cryptome was forged or a hoax.
A reader has warned that the hoax may have been perpetuated by Robert David Graham [at]ErrataRob (and associates) who first taunted WikiLeaks to host Cryptome (it is easy to forge Twitter Direct Messages as well as public keys):
The reader's warning message:
I just read "June 26, 2014 2014-0923.htm WikiLeaks Offer to HostCryptome Fails"http://cryptome.org/2014/06/wikileaks-fails/wikileaks-offer-fails.htmYou refer to a trusted third party [Appelbaum]? I hope this is not:Robert David Graham [at]ErrataRob.I'm certain that he has very very close links with GCHQ. If you rememberFull-Disclosure.pdf, he was basically the mouth piece ofGCHQ at the time. I addressed his comments and opposition in the lastupdate of Full-disclosure.http://cryptome.org/2013/12/Full-Disclosure.pdfTo be continued, or not.