How Wikileakers Wikileak
Wikileaks has been in the news a lot lately due to its disclosure of tens of thousands of classified American documents, leading many to ask, "How do they get away with this?" Or, to put a finer point on it, "How does an Army Private in an Army office using Army computers on an Army network transmit tens of thousands of classified documents to a suspect Web site and nobody notices or intercepts it?" (I say "suspect" because the U.S. military has long been suspicious of Wikileaks and its motives, therefore it's suspect in the Army's eyes, at least.)
But this massive leak of classified data got by more than just the U.S. Army. The NSA and other government agencies comb the Internet and other communications networks daily, much of it in real time, looking for precisely this kind of information. Yet somehow they all missed this massive transfer of secret info happening right under their noses.
It's like people counting goldfish missing a whale that went by. How did that happen?
Well, there's a one-word answer: TOR.
"TOR" stands for The Onion Router, a communications network embedded within the Internet, staffed and run by volunteers, that, like an onion, has layer upon layer that hide what's inside. In this case the layers are random communication paths: Messages that enter TOR are encrypted and bounced around many times among the thousands of nodes of the TOR network around the world, finally emerging from TOR to reach its destination from a remote node in a way that makes it near-impossible to correlate what went it with what came out.
TOR also strips off much of the identifying information that would normally allow messages on the Internet to be traced back to their source. So even if the data transfer was detected in real time, it could not have been traced back to the source. And because the data sent to Wikileaks was encrypted, even if it had been intercepted it would have been very, very difficult to tell what was being sent.
So what does this tell us? That despite efforts by many governments to increase their monitoring and control of the Internet, it's still possible for the motivated and mildly tech-savvy to get around such control and surveillance, even in very regimented environments such as the U.S. Army. Such capabilities can be a great force for good, such as allowing dissidents under repressive regimes to communicate with each other and the outside world, but they can also be abused.
Where to draw the line is not only the subject of ongoing public debate, but also of an ongoing technical battle between those who want to spy on others and those who do not want to be spied on.