Saturday, December 11, 2010

Musing on Misinformation & Morons.

The net is abuzz with a rumor claiming that the CIA is behind a Wikileaks mirror that was hosted at  This rumor lacked any real evidence, yet was reported by many in the hacker/hacktivist community as fact.

The rumor was started by a comment on On Thursday, December 9th 2010 at 08:28 PM PST Reddit user isoteemu commented:

"I was going thru WikiLeaks mirrors list, and noticed a small oddity; was on netblock which belonged Central Intelligence Agency. It has now changed, but 010-12-08 12:27:34 (EEST) was still registered for CIA."

Most users replied with more baseless speculation, while the few users asking for real evidence were drowned out by a beautiful circle-jerk of ignorance.

Lets pull up some historical data for the domain on netcraft:

  • The site has been hosted on 2 different IP address (sort of, see below).
  • Neither IP address belongs to a netblock allocated to the CIA.
  • Slicehost is a large VPS provider based in the US.
  • Hetzner Online AG is a large VPS provider based in Germany.
It looks like (which used to host a blog on cloud security) was hosted at slicehost, but is no longer up. Meanwhile the wikileaks subdomain has been redirecting to, a mirror hosted at Hetzner in Germany. This explains why is down, while gives the Apache "It Works!" message; no one at set up a VHOST for the domain name.

Update - 12/11/2010 2:35 AM PST: now hosts a wikileaks mirror  @ the slicehost IP.

Screenshot from the dig terminal utility. A tool so arcane that no one knows how to use it.

Where is the CIA connection? The user never posted any conclusive evidence (or any real evidence whatsoever).

On Thursday, December 9th 2010 at 11:27 PM PST Reddit user theghostofme commented that a google search for turned up as the third result.

"Google searching for brought up an interesting result."

Of course, the hive mind pounced on this, extolling it as further evidence of CIA involvement. Unfortunately, this search ranking was actually the result of the SEO keyword poisoning that resulted from the Reddit thread in question.

This didn't stop the rumor from spreading. On Friday, December 10th 2010 at 03:19 PM PST Len Sassaman, a longtime member of the Shmoo Group, posted a tweet that read:

 "Brilliant. CIA sets up a honeypot wikileaks mirror, but fucks up the anonymization, and is outed by Google: "

This was retweeted by hundreds of people, all using the Google search result as damning evidence of government wrongdoing.

More disturbingly, Jacob Appelbaum, a security researcher close to Wikileaks and sometimes seen as a public representative of the organization retweeted Len's information to his 5000+ followers.

It is beyond me how he could have simply passed on that information as fact without doing any investigating at all. 60 seconds with dig & whois would have revealed the truth to anyone with some level of technical competence.

Len further spread this faulty information by submitting it to boingboing (a popular destination for purveyors of yesterdays internet crap). At 5:15 PM PST Boing Boing posted it on their front page and twitter account, adding more fuel to the already burning fire.

I like the nicely editorialized in the status bar, adds authenticity.

It seems that after a few hours (6:01 PM PST), Len noticed that something might be a little bit fishy and tweeted the equivalent of a retraction:

Oops indeed. But unfortunately the damage has already been done, the information is now accepted as fact by thousands of people. Only 2 people noticed and retweeted the retraction, while his original tweet that started this was retweeted hundreds of times before the story went viral. Lets look at the stats:


Shortly after 10:15 PM PST (exact time unknown), boingboing issued a well written retraction explaining the facts to their readers. Wait, did I say that? It must be all the PCP I'm smoking. 

What boingboing actually did was simply remove the article from their servers. No retraction, no mention of it anywhere. All this did was raise cries of government censorship by tinfoil hat wearing Internet Detectives™. I've mirrored a screenshot of the article and comments as they were at 10:12 PM PST.

Now, some 8 hours later, boingboing still has the tweet up referencing the article, and have issued no retraction. Rather than 404 the article, they should have updated the page with the new information. Where is the accountability in online publishing? Jacob Appelbaum's twitter still lists the inaccurate information, and the rumor lives on as fact.

I don't believe that this was an intentional or malicious misinformation campaign. But I do believe that the poor judgment of Len Sassaman, Jacob Appelbaum, and the boingboing editorial team is responsible for this perversion of truth.
I know that some Wikileaks supporters may think that even if untrue, this misinformation is positive, as it makes the CIA look bad. I would argue that Wikileaks is a platform based on truth, not deception. Lets leave the lying to the government and focus on the real facts that are being disclosed in the cables.


boingboing issued a retraction (kind of). They didn't link here, but I suppose people don't like being called "a popular destination for purveyors of yesterdays internet crap". I wonder if using the same headline I used when I submitted the story to Reddit was tongue in cheek or just business as usual.
I outed Xeni Jardin, an editor at boingboing, as a covert CIA operative. THERE IS UNDENIABLE PROOF THAT THIS IS TRUE.