How Julian Assange Hacked the US Websites

How Julian Assange Hacked the US Websites
Image by Pete Linforth from Pixabay

The US government has released more information regarding its case against the WikiLeaks mastermind Julian Assange. The case is based on allegations that he, in cahoots with Chelsea Manning conspired to crack a password in a bid to access sensitive government files.

Details in an affidavit that was opened on Monday 16th 2019 claim that Assange and Manning conspired when they held comprehensive discussions aimed at finding a way to crack a password that would give them access to two computers that had classified national security information.

Apparently, the passwords were linked to two windows computers, and they belonged to the user known as FTP. They say that Manning had remote access to these computers from an Iraqi base.

In case Manning used the FTP account to steal the files, she could have easily outwitted the team investigating the leaks since this account (FTP) does not identify with any specific user. The affidavit reads in part “Although there is no evidence that the password to the FTP user was obtained, had Manning done so, she would have been able to take steps to procure classified information under a username that did not belong to her,” the affidavit read. “Such measures would have frustrated attempts to identify the source of the disclosures to WikiLeaks.”

The alleged scheme to compromise the password happened in March 2010, shortly after she had left the Iraq base with highly sensitive war reports from Afghanistan and Iraq. 

Manning was later convicted and condemned to a seven-year jail term for illegally obtaining thousands of US diplomatic cables and military documents.

Who is Julian Assange?

Initially Julian Paul Hawkins, Julian. P. Assange was born on July 3rd, 1971. He is a computer programmer, Australian Journalist and the main brains behind WikiLeaks. Assange is a self-proclaimed advocate of market libertarianism and information transparency. In 2006, he founded WikiLeaks, a controversial organization best known for exposing corruption, human rights abuses, war crimes, and other secrets.

The Swedish government in November 2010 issued an international arrest warrant for Assange over allegations of rape and sexual assault. He categorically denied the accusation saying they were trumped-up charges aimed at deporting him to the US because of the unique role he played in publishing the classified American documents.

Good for him, the Swedish prosecutors paused their investigation and in May 2017 initiated to revoke the European arrest warrant.

On December 7th, 2010, he surrendered to the UK police, but ten days later he was released on bail. His bid to challenge the extradition proceedings flopped after which he compromised his bail terms in June 2012 and sought asylum from Ecuador. Assange was holed up in Embassy of Ecuador in London for close to seven years.

How they cracked passwords

To prevent hackers who access remote computers from seeing and stealing passwords, the Microsoft Windows operating system does not store passwords in plain text. It makes the life of snoops and cybercriminals hard by converting the plain text into a jumbled code.  This string of letters also known as the “hash value” is created when an algorithm is applied to the password in plain text.

Hackers get access to the plain text by executing an action called “Brute force attack.”  This method is quite basic; the hacker compiles a long list of random passwords through a similar hashing algorithm that Windows use to find a matched hash value for the concealed password.

The password is found once the same hash value is calculated.

In some cases, the password is usually too intricate for guessing to yield results in a short period. In such a case, the hackers will resort to “rainbow tables” These hold a huge number of hash values for passwords that were calculated previously. Hackers use them to quickly compare the hash that they have against the ones in the table. This is all done in the hope that it has already been seen before and a match is existing.

Mr. Tom Wyat a senior penetration tester bulletproof cyber security says, “  “These tables can be calculated or downloaded from various online sources, and it simply boils down to paying for storage for it all; even in 2010 this was fairly cheap and entirely possible.”

But Microsoft tried to stay ahead of the game by splitting the hash values in two and then storing the parts in their individual files. Unfortunately, hackers are always burning the midnight oil to counter any attempts to foil their sinister maneuvers.

In the above case, a hacker can recover the two distinct pieces by using a CD with a Linux operating system to reboot a Windows PC. As far back as the year 2010, one could do that and restore the full hash value.

Speaking to Forbes, Ken Munro a penetration expert with Test Partners said the method works well provided there is no extra layer of security, i.e. full disc encryption.

Thankfully, it is rare to find systems without a full disc or related encryption.

According to the affidavit, Manning attempted using this hacking method and possibly flopped. In the affidavit footnote, the US government says Manning had given Assange only one half of the full hash.

Assange required the full hash.

It goes on to allege that Manning gave Assange what she thought was the full hash value. According to their chats over the Jabber E.C app, the WikiLeaks boss then confirmed that he would present it over to an expert for cracking. 

The investigators in the case claim there followed some confusion. Manning said that she was not even sure that what she passed on to Assange was the expected hash value.  In their communication, Assange wrote to her asking if there were “any more hints” about the hash. Along that thread he writes “I’ve had no luck so far “and from this point, even the government says it is not sure if the password was compromised or not.

Expulsion from the Ecuadorian Embassy

Where is Julian Assange today?

On Thursday, April 11th, 2019, the Ecuadorian Embassy changed its position on the fugitive and stripped him of his Ecuadorian citizenship and asylum status.

Following an extradition from the US Justice Dept, the WikiLeaks boss was arrested by the Metropolitan Police in London on the same date.

Justifying the move, the Ecuadorian president, Lenin Moreno, said Assange deserved to be handed over because he had been aggressive and discourteous. The head of state also claims that on several occasions, he willfully breached the condition underlying his asylum.

“He particularly violated the norm of not intervening in the internal affairs of other states,” he said

In January 2019, Vatican documents were leaked shortly after senior members his organization visited him. The president further claimed that Assange unlawfully installed distortion equipment in the embassy and also mistreated the guards

It remains to be seen what direction Assange tale of woe will take. Will he finally be extradited for prosecution in the US?