Wikileaks 'insurance' file decrypted: Names of informants exposed

The Wikileaks 'insurance file', a highly-encrypted file released onto the web earlier this year by the whistle-blowing organisation, has been decrypted.

The contents contain the entire cache of U.S. diplomatic cables, without redaction or editing.

The unredacted cables, which were not edited or blacked out like previous releases, could expose hundreds of sources of intelligence and put their safety at risk.

According to Der Spiegel, a series of conflicts between founder Julian Assange and former spokesperson Daniel Domscheit-Berg, led to the release of the password that protected the 'insurance file' that Wikileaks had circulated earlier this year.

It is believed that Assange had left the password to the insurance file on a secure Wikileaks server, to allow a trusted external contact to examine the cables.

Domscheit-Berg, one of Assange's greatest critics, left Wikileaks in September 2010. When he left, he took the contents of the secure server -- the original diplomatic cable cache, and the password -- with him.

Domscheit-Berg returned to Wikileaks towards the end of 2010, as Wikileaks supporters released the original cables in a 256-AES encrypted format -- not knowing the content of the data.

It is understood that the password was released earlier this year, without realising it would unlock the original, unredacted files of the U.S. diplomatic cable release, and was left undetected for several months.

OpenLeaks, set up by Wikileaks defector Domscheit-Berg, highlighted this major lapse in security, saying that it "proves allegations" made by the former spokesperson that data held by Wikileaks is "not secure".

A number of media outlets were given the unredacted and unedited versions of the U.S. diplomatic cables. The Guardian (United Kingdom), Der Spiegel (Germany) and the New York Times (United States) and others, went through the first few hundred cables that were sent to them and redacted -- blacked out -- names of sources and informants.

While now the insurance file has been open to decryption -- perhaps what Mark Stephens, Assange's lawyer once described as "secret material which it regarded as a 'thermo-nuclear device' to be released if it needs to protect itself" -- the names of informants may not be safe.

Update: In a tweet, the @wikileaks says: "WikiLeaks 'insurance' files have not been decrypted. All press are currently misreporting. There is an issue, but not that issue."

More soon.

Related content:

• Wikileaks: Homeland Security invokes Patriot Act on Assange; seeks server data
• Wikileaks Assange: 'Facebook open to US intelligence'
• US subpoenas Wikileaks tweets, and why this could affect you

ZDNet's Wikileaks series:

• Part 1: Wikileaks: The diplomatic cables release and media reactions
• Part 2: Wikileaks: A brief history, pre-2010
• Part 3: Wikileaks: How the organization functions and operates
• Part 4: Wikileaks: How ‘Anonymous’ subverted the most powerful governments
• Part 5: Wikileaks: How the diplomatic cables were leaked
• Part 6: Wikileaks: How the diplomatic cables sparked the 2011 Arab Revolutions