Author Topic: WikiLeaks Offer and Sarah Harrison Likely a Hoax  (Read 2221 times)

0 Members and 1 Guest are viewing this topic.

Offline mayya

  • Administrator
  • *****
  • Posts: 7874
WikiLeaks Offer and Sarah Harrison Likely a Hoax
« on: July 09, 2014, 14:14:53 PM »
WikiLeaks Offer and Sarah Harrison Likely a Hoax



29 June 2014. Correction of host offer initiation.


28 June 2014
WikiLeaks Offer and Sarah Harrison Likely a Hoax
Previous: http://cryptome.org/2014/06/wikileaks-fails/wikileaks-offer-fails.htm


On 25 January 2014, by Tweet and by Twitter Direct Message, "WikiLeaks" offered to host Cryptome on its servers. Cryptome by DM asked "WikiLeaks" for preferred means to transfer a USB of the Cryptome Archives, requesting an answer by encrypted email to assure "WikiLeaks" was not an imposter.
To assure the proposal was legitimate Cryptome sent an encrypted email to Jacob Appelbaum <jacob[at]appelbaum.net> asking if he could authenticate the offer. Appelbaum has not responded.
The next day an encrypted email arrived from "Sarah Harrison <sarah[at]wikileaks.org>"
Date: Thu, 26 Jun 2014 14:14:19 +0000
From: sarah[at]wikileaks.org
To: cryptome[at]earthlink.net
Subject: GPG Encrypted Message

The decrypted message:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

I am writing regarding collection details. I can confirm who can
do so later today. Can you please let me know where they should
go and timing possibilities?

Many thanks.

Best

Sarah
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCgAGBQJTrCTHAAoJEAG3uohTDKQYlAEP/0Xa8DldWfbIRpfqnudj4lRf
QQJCjwitC436rFV3gAvlV3Y+o+IqotXAhbhQija9+F6/sEnryhd4587kVAeYdF71
Bz/ATdiYxekR3PHWTEl4LiYqehlR1P4ruSp8V26w+q6su6IYDoivS9CcEEVoqsPk
i6uDKrghAq/GsCl1aOZLN0v5MX43KqjbMnDu1BcdLP3ijZPZLrjMCtB4xbUHii8u
MSyzbfXciuoHuetWVdZg2gBjNeIqDsSlnqFmLYFkRPyYTPY8xzpp8QxM9SleCO5M
7Hp9F51XXrf+qWWVUHPWjWaEtr6QMPFXCQorEn8DiDDLqlCV1gMT667nwaFQ94E3
RjKGAPqtQSj4u0gNV3PvHGhcAonzCl5OsHL4xlcj/X1P0hLVufnj+rCf0ZLuDRtV
juuzzaPIb1Zoa9H68d03lJdSiMderMdK6JbQhJKkfSvX5YJX+r4JOXWu+ydpuA3l
lbom3djeOTbVyYQqj62muVLASX3hnRNzYYkEJr4mJdDU9/K76LRIRdzJczaSglUl
Vkl/rsVPFLEIRCpt/yaEUwfz5JodkeqfgWF+nQb7QRKXBF5dysUX+fEhY8KF4kRZ
uMd56gQGXqYGGyA/XIXZD2DgxxoBzPOaBlYJD+e8i7GvWgKhjKvBDNzFZfclkygT
64c+EmjeGXoyZhux9xIH
=Q8AC
-----END PGP SIGNATURE-----

Attached: key.asc


The "key.asc" PK provided (this key was not found on keyservers) and a PGPdump analysis:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.10 (GNU/Linux)

mQINBFOsIUgBEAC2sl6oY5Y/6f+RR5Ze6Bh3sCZafdBzuiU0SF0s/qOnoOPvoCuy
n60xZkQxBuIocwWy7beWyZmIaWtSh7Zflq+HbEBGw0gS7Mw/QCwgEhJkxq59QPrp
Zk4MI0v+8dmhHPXP+6BAi5FlBf5V0HW/YCHPW/L05bAgDfAkRNPUyyCQNj1lA6st
B+dYcsRkKpmvMfVlYEtpkOjjM8G14Pec2H+wmEPHEG57+7iVYfwPyxPVIN1GokJW
WuQZKXd8fTvwDx+72umDwxEGWxHhecY4jbtGvWqXA7lOAjRpaAssEyw60JrdCc1c
JGzDDXeSlIi3YLzYsozRli93W3OZOAL1fxJe0c5sTAvHrVVnSjF3bNqwWI+VBOPk
+dL/7Dx2SGCSVvwqx+V/MjTwoIgaXUZaU2FPRnQDNp0mGKDu/8GlPD+A+CU+RWGh
vgcqP/4dR/MMIZ+x6WhPKYCqf0/BFlHvjXmwGgJBKjU444szdyZknc9sc3YiIU6s
9ut6SvT0/4PqU7ErEx6DbspsL2fNkUeTs6BvI7GbzvM0os70PiMfL80TOXEQck3Y
jXVZ99LNpwveOEGOdfH4DxRTwZYC78W1NPFLx+n4VZnJWXKdD6tBSrImMq7eidu7
cYxvjTspqUYpzmSKVB0GpVGx9b2wKwsUx3AVbgHIR+0dlfYqUhVH4CQb9wARAQAB
tCRTYXJhaCBIYXJyaXNvbiA8c2FyYWhAd2lraWxlYWtzLm9yZz6JAjcEEwEIACEF
AlOsIUgCGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQAbe6iFMMpBjIKg//
XivxkJCpOdbmGA44tzWrI4dSe8CWvEONGZ7G+1Sv7AsDK+66cbgtocf0ZFv+zPgW
n5YBi5zdT3xaUCfOngT1SWUhuGzhkZUDpfu6v3hP2cInWBANcnlb/LhK9naYJwqp
d8yZECLjIbbWbnJ/UsW3m0IZCuY0Mt2xSOIelwOYyF/t3f6/+PbXl2RVnRkmXgXT
f0f8Bf4OzUj9KS7mdHUIjWYz8TJlGE6uBKGOV4t2g73I5GlU81FKi8dtlPrGsJTu
fV3BJ6E0Vgk9R9VaG3Z6ZlRoN5zRxA77fVvHkKApD+G9QPPHPjs0HzPenynyHzRx
PUEIra/Myn7y/KQO0QNEeIZUT7er+oh6ZKQeo90HV2hqPyODWW3O4/H0xwgpYE4l
KU0Sic/vGKzeK0yWmAeqc6ZpZPJhNOYjgr4bzNkIT52hQMyLr2+UMSnkwTiOvGGt
sf5YTX6et0Iy9YzFXnwGVTR+eqwCndHnWc78TmHNbDjY405YWFVxPZ3pvtUSlF2J
LLvkePwcfN+x6ENIg5RLXc2uCQoa8jT4K9yxIvkZggjAdgI+CZbgwTRT8z2FKaxI
M8lFE2yPF0QW4zePogHtOpJwhlxkvy2CM5FGU79h4IWb/oS6h0ZwHcOVP1BFB5BL
GEj9jptwjLdlJeTaTSaMUtPv3BpoC8+KIbLy/ufzPIS5Ag0EU6whSAEQAK/CZI15
MmTwy1hNtr0lK4NYXYBOBZXDpf04TpmKDIERDLTaPu4ucG+Bew3sJYcU647Qx5z2
vnsWbFfnfvU1wEz2g0Rzg6Kpm6h1E2pXl33ll9t/LWWswgKoRjsd3J0lWQajRI9I
bXNB2WWCUHV+8qvRnjXhqAGvKhZNSrjHUb12h73acAwo065z8IEUy3EKCP7P9mrO
OZVOoPnufPpbxL2Yy4R7L2I76mMrxHSDFWpMGUGkqr2c57kXMo+8Qg0GJjRbdM3X
6n92radow7LOFZsualoAB/L8PFfUYbt1S6tQNlXO7TR5RBRbQaLEYJUxIvisuwC5
ToVlkVtLQFf7J0PD9Ljbqid9Tp80vypvvwjJGjxfmQSllrjRhWn1PlVo4HdVmj1l
4AW7vwHFP0dLgw2a6fJMhYkQSFUVd7JJRylK8wj5KYwunYtqbwZ2wYcZFZE+vBtA
LwEUbYNKxY0YIerwBEYJCMNuL+7sUlqPwguTSs2qOzg5NzZEtXRvVKccaMnMYPfc
42crFUwGjell2aq0SUWzQ7btZSVNaMWUuBOG9xmeq11GTxCYbx3nvAm3dOltMYRJ
+iRdwdXw+fSV2+hydlLymbaf4pl33kHWqwMaN/uK1P714rtTiMC+K/pogJFeqTGI
3JAK3v2MLU0WJKRrj4IlHnFPZhFfRcj3rrq5ABEBAAGJAh8EGAEIAAkFAlOsIUgC
GwwACgkQAbe6iFMMpBjiYw//WwGoRFE79zw8H9LAPiEAnZZckvOMtcVeGO6hFt+p
NIuQffMJHPf1fGUVBnJJ0Qwyfr4dXtRUa5576TkF9gEdlXBzHdnytif91390XuCT
IDp2Puyowa9wu35UnLre/utRFgJzhA5Yy2ciHjd1SY3zz6VQ/cjOm8YJGEHFreQp
y9MAs6iwsbw1vVwmd1D+2KSg7tPjODYTH+D19yAPtYURI6RhHN4pe2UOuXOrmqBG
HiNdW/OkI32qUJfybuSewWgQMAdMat9CquIbS4Tl6QLV+zgZtWzF2zPGYYSDPYvz
AomJe284Dpimr97XKA/5bTMU1YtaPZy+SjVozqQr0nwnXX4iLU4UH1BbApch37OX
Qg4hN446ZKFcG7ZhJEcXoJldIbPntS2mhe/ibhPOj42M9MLRelggM0HfuxfsLhUY
riZ8vtIdEPCYthwqzyDiSxql6GRAFID32c7xGidV4dLckkJF09bFLEnlgNnWrr5x
5pRMhYMJ2rN0p15rE/hX/0JNyBdCf2XkOQXMTq8FQ7mQf8DBH024aZj9BTwcHOGD
8uKrUQeAJSQtd52jCbXaTyIq5HAu90aEAGolEg6s2m3kmbqVQzhOzXhVrEvCl+pf
A6E5wUqeoztBKz9iv2WJ/TgPuvDyjzI6eo1YbPy4dN4JBvfTw+DGnB4EC7FZFbes
j2o=
=cfop
-----END PGP PUBLIC KEY BLOCK-----


PGPdump Results
Old: Public Key Packet(tag 6)(525 bytes)
 Ver 4 - new
 Public key creation time - Thu Jun 26 13:34:00 UTC 2014
 Pub alg - RSA Encrypt or Sign(pub 1)
 RSA n(4096 bits) - ...
 RSA e(17 bits) - ...
Old: User ID Packet(tag 13)(36 bytes)
 User ID - Sarah Harrison <sarah[at]wikileaks.org>
Old: Signature Packet(tag 2)(567 bytes)
 Ver 4 - new
 Sig type - Positive certification of a User ID and Public Key packet(0x13).
 Pub alg - RSA Encrypt or Sign(pub 1)
 Hash alg - SHA256(hash 8)
 Hashed Sub: signature creation time(sub 2)(4 bytes)
 Time - Thu Jun 26 13:34:00 UTC 2014
 Hashed Sub: key flags(sub 27)(1 bytes)
 Flag - This key may be used to certify other keys
 Flag - This key may be used to sign data
 Hashed Sub: preferred symmetric algorithms(sub 11)(4 bytes)
 Sym alg - AES with 256-bit key(sym 9)
 Sym alg - AES with 192-bit key(sym 8)
 Sym alg - AES with 128-bit key(sym 7)
 Sym alg - CAST5(sym 3)
 Hashed Sub: preferred hash algorithms(sub 21)(4 bytes)
 Hash alg - SHA512(hash 10)
 Hash alg - SHA384(hash 9)
 Hash alg - SHA256(hash 8)
 Hash alg - SHA224(hash 11)
 Hashed Sub: preferred compression algorithms(sub 22)(4 bytes)
 Comp alg - ZLIB <RFC1950>(comp 2)
 Comp alg - BZip2(comp 3)
 Comp alg - ZIP <RFC1951>(comp 1)
 Comp alg - Uncompressed(comp 0)
 Hashed Sub: features(sub 30)(1 bytes)
 Flag - Modification detection (packets 18 and 19)
 Hashed Sub: key server preferences(sub 23)(1 bytes)
 Flag - No-modify
 Sub: issuer key ID(sub 16)(8 bytes)
 Key ID - 0x01B7BA88530CA418
 Hash left 2 bytes - c8 2a
 RSA m^d mod n(4095 bits) - ...
 -> PKCS-1
Old: Public Subkey Packet(tag 14)(525 bytes)
 Ver 4 - new
 Public key creation time - Thu Jun 26 13:34:00 UTC 2014
 Pub alg - RSA Encrypt or Sign(pub 1)
 RSA n(4096 bits) - ...
 RSA e(17 bits) - ...
Old: Signature Packet(tag 2)(543 bytes)
 Ver 4 - new
 Sig type - Subkey Binding Signature(0x18).
 Pub alg - RSA Encrypt or Sign(pub 1)
 Hash alg - SHA256(hash 8)
 Hashed Sub: signature creation time(sub 2)(4 bytes)
 Time - Thu Jun 26 13:34:00 UTC 2014
 Hashed Sub: key flags(sub 27)(1 bytes)
 Flag - This key may be used to encrypt communications
 Flag - This key may be used to encrypt storage
 Sub: issuer key ID(sub 16)(8 bytes)
 Key ID - 0x01B7BA88530CA418
 Hash left 2 bytes - e2 63
 RSA m^d mod n(4095 bits) - ...
 -> PKCS-1


The PGP Dump shows the key was generated a few hours before the message was sent.
Cryptome provided a location and time frame by encrypted email to "Sarah Harrison" using a public key provided by "Harrison." The decrypted message:


Hi Sarah,

Anytime today, 11AM to 5PM, the parcel can be picked up at
our front desk. No need for face to face with us. However we
would appreciate the person leaving a simple sign of receipt.
Any kind will do that indicates legitimacy. Let me know what
form that sign will be. This will help us avoid being spoofed
by an imposter, all too common these days as you know.

Address:

251 West 89th Street
Northwest corner of Broadway, No. 1 subway, 86th Street stop

Will be in grey envelope with material inside. Name on envelope:

Margaret Mead Foundation

Our tel: 212-873-8700

Regards,

John

There was no answer to this email and nobody came for the pick-up. Cryptome then sent an encrypted email to "Harrison" stating the handover did not occur. The decrypted message:
Dear Sarah,

The collection is canceled due to not receiving confirmation by encrypted
email within proposed time frame. Concerned about being spoofed by an
imposter. And cannot authenticate your PK.

Regards,

John 



This email was not answered.
Yesterday Cryptome sent an encrypted email to Trevor Timm <trevor[at]pressfreedomfoundation.org> asking if he could request Sarah Harrision to authenticate the "Harrison" public key. He emailed he would attempt to do so. No answer has been provided by Timm.
Yesterday Cryptome sent an encrypted email to Sarah Harrison <sarah.harrison[at]couragefound.org> describing the receipt of an encrypted email from a party claiming to be her, provided details of the public key provided -- email used, key ID, date and time of generation -- and asked if she could verify the key. No response has been received. The decrypted message:
*** PGP SIGNATURE VERIFICATION ***
*** Status: Good Signature
*** Signer: Cryptome <cryptome[at]earthlink.net> (0x8B3BF75C)
*** Signed: 6/27/2014 1:23:46 PM
*** Verified: 6/28/2014 12:37:52 PM
*** BEGIN PGP DECRYPTED/VERIFIED MESSAGE ***

Dear Ms. Harrison,

Yesterday we received an encrypted email from a party
identified as Sarah Harrison <sarah[at]wikileaks.org>

We were able to decrypt the message.

However sent an encrypted response to the email address
but have not received an answer.

We have been unable to verify the public key provided
as an attachment for responding to the email.

Public key creation time - Thu Jun 26 13:34:00 UTC 2014
User ID - Sarah Harrison <sarah[at]wikileaks.org>
Key ID - 0x01B7BA88530CA418

Do you recognize this email address and public key?

We are concerned that the email may be a forgery.

Thanks very much,

John Young
Cryptome.org
New York, NY
212-873-8700

*** END PGP DECRYPTED/VERIFIED MESSAGE ***



Today, 28 June 2014, appeared unsubstantiated allegation that Sarah Harrison has had a falling out with Julian Assange, and that she was preparing a book on the Snowden affair.


 http://www.wikileaks-forum.com/the-critics/632/another-assange-foot-soldier-sarah-
harrison-missing-in-action/30393/



Another Assange Foot Soldier (Sarah Harrison) Missing In Action

We just love Assange gossip, its the stuff that makes the world go round: Back in 2010 we had a pretty good incite into just what was going on within [at]wikileaks. Some of the leaked "Insiders"stuff was questionable, however, with the passage of time some of it was absolutely spot on. Remember this was 2010 when Assange was being treated as some sort of Messiah by an adoring and unquestioning media. In a series of "Wikileaks Insider" messages that were run at www.cryptome.org forwarded by PGPBOARD Assange was exposed as an untrustworthy and arch manipulator, and [at]Wikileaks a virtual one man band.


Over the years we have maintained casual contact with the source of these 2010 Insiders leaks, who I might add has nothing to do with Wikileaks any more, and has a professional career in Germany.

SARAH HARRISON

OK having set the scene; let's continue. The parting of the ways between Assange and Sarah Harrison WAS NOT as amicable as Wikileaks aka Julian Assange would have one believe. Firstly Assange was intensely jealous of firstly Snowden for effectively freezing him out of the NSA leaks and his collaboration with Greenwald, and even more so with Sarah Harrison, who he suspected of becoming more of a personal advisor to Snowden than he anticipated!!


True to his colours, Assange's paranoia got the better of him, the relationship turned toxic and they eventually broke up. This was prior to Harrison leaving Russia.


Her next stop was Berlin, this was not by accident or fear of arrest in the UK, or anywhere else for that matter. This was yet another smoke screen. Sarah had something else on her mind, and that was the writing and publication of a kiss and tell book about her tenure at Wikileaks. Berlin would be prime choice, since many of the characters that were actively involved in Wikleaks early days, and subsequent schism were resident in Germany. Sarah needed no help concerning the later developments in the Swedish sex case issues, she was front and centre here.


We have been told that Sarah found or was contacted by the Berg's; they met in Berlin and was extensively briefed in detail about Assange and his early engagement of Wikileaks and donor funding irregularities.

Finally; as far we are concerned, this will be the DEFINITIVE tome about Assange and the disaster that became Wikileaks. I cannot wait for its publication, or details about who will publish...
Regards
AT

« Last Edit: Today at 12:32:14 AM by Alan Taylor »





(Cryptome is familiar with Alan Taylor's skeptical views of Assange and WikiLeaks.)
Based on the lack of response to our emails to "Harrison" and Harrison and if the allegations are credible, it suggests the true Sarah Harrison did not send the encrypted email to Cryptome, that instead her identity was forged as hoax. This may also suggest the "WikiLeaks" offer to host Cryptome was forged or a hoax.
A reader has warned that the hoax may have been perpetuated by Robert David Graham [at]ErrataRob (and associates) who first taunted WikiLeaks to host Cryptome (it is easy to forge Twitter Direct Messages as well as public keys):



The reader's warning message:


I just read "June 26, 2014 2014-0923.htm WikiLeaks Offer to Host
Cryptome Fails"

http://cryptome.org/2014/06/wikileaks-fails/wikileaks-offer-fails.htm

You refer to a trusted third party [Appelbaum]? I hope this is not:
Robert David Graham [at]ErrataRob.

I'm certain that he has very very close links with GCHQ. If you remember
Full-Disclosure.pdf, he was basically the mouth piece of
GCHQ at the time. I addressed his comments and opposition in the last
update of Full-disclosure.

http://cryptome.org/2013/12/Full-Disclosure.pdf



To be continued, or not.