Wikileaks emails: how do we know they're authentic?
February 23, 2017 6:58 AM   Subscribe

When Wikileaks releases emails, how do we know they're authentic? Apart from Wikileaks saying they are, or the purported authors of the emails confirming they are?
posted by Mechitar to Computers & Internet (7 answers total) 1 user marked this as a favorite
I think the unspoken consensus view (at least during the election) was that if the stuff from the Clinton campaign was forged, that would have been the defense. Thus, if your response is not, "Those are fake!" then they are probably not fake.

Not satisfactory by any means, but I think this is the reason nobody on CNN was like, "We need to know whether these are real."
posted by radicalawyer at 7:02 AM on February 23, 2017 [5 favorites]

In general, it varies. It might be through information in a leak being something that could only be known by those people at that time, or it could be digital signatures.

In specific, if you're referring to the DNC hack, cryptography provides authentication.
posted by so fucking future at 7:04 AM on February 23, 2017 [2 favorites]

In the case of the Podesta emails they described how they did it - resetting his gmail password and taking over his account. The IT guy for the DNC sort of corroborated it by by saying 'we told him to use two factor authentication.'
posted by fixedgear at 7:05 AM on February 23, 2017 [1 favorite]

In the case of US government emails, you could FOIL for them and see if they come up in the FOIL even if they are fully redacted. With private or corporate emails, the only way to know for sure is if one of the parties (preferably both) to the email confirms it. The absence of denial or the absence of a claim of fakery, while a good indication is not absolute proof.

Your question leads to the question, how do we know anything is ever real? What should we believe when CNN or Fox tells us something is real? At some point you have to consider the source of the material and determine if you think they have credibility.
posted by AugustWest at 7:25 AM on February 23, 2017 [1 favorite]

SFF, it's funny, and in keeping with August's answer--but if you had linked directly to Graham's website, I probably would have bought it, but the fact that you linked to Zero Hedge automatically made me highly suspicious. Given what passes for "proof" on that site that, say, Apple stock is 48 hours from tanking (generally, two dozen graphs created in Excel with arrows pointing at stuff), I automatically assume that anything they link to is technobabble.
posted by radicalawyer at 11:29 AM on February 23, 2017

Great. The digital signature/authentication explanation had been the most useful to me, until I saw radicalawyer's comment on it. I'll have to dig more into that topic, but in the meantime if other people can shed more light on it I'd appreciate it.

August: Given that the source of the material in this case is Wikileaks (and actually the original source is ???), I absolutely can't rely on the credibility of the source. I would trust CNN and FOX a lot more.
posted by Mechitar at 12:06 PM on February 23, 2017

You can validate signatures yourself with: one of many tools. I validated a few of the DNC mails out of curiosity. You of course, don't have to take my word for it, either.

The gist of DKIM is actually pretty simple: publish a public key, keep a secret key hidden. When someone sends an email through an account on your server, create a hash of some of the fields, create a signature of that hash with your private key and include that signature in an email header. Because of the properties of public key cryptography, you can use the publicly available public key to verify that the corresponding secret key was used to sign it. It's slightly non-trivial to put in a extremely legible script, if only for the fact that you need to parse ugly bits of text -- the cryptography part is rather simple.

Re: linking to ZeroHedge: it was a higher Google result.
posted by so fucking future at 2:28 PM on February 23, 2017

« Older Care package for teen in hospital?   |   Hellp me plan a safe backyard play area for... Newer »
This thread is closed to new comments.