Zeit Online briefkasten

From LeakDirectory

Jump to: navigation, search

Contents

General Notes

The German newspaper Die Zeit has launched a secure / anonymous dropbox system for sending information or files to their Zeit Online investigative journalism team.

They (or their technical team) have published the Python source code of the application on github, which could be adapted for use by other organisations.

via Google Translate:

http://blog.zeit.de/open-data/2012/07/30/daten/

What this site is not:

We are not WikiLeaks leaks or other platform. This means there is no guarantee that information you give us here will be published. We publish in doubt, nor any information or documents that we receive, either to protect or to the donor, or because we find that not all details are made public.

We edit the content of journalism. It is quite possible that your donation data is the beginning of a lengthy research and is ultimately just a puzzle piece in the mosaic then released.

N.B. this application does not actually provide much resistance to Communications Data Traffic Analysis, so they do recommend the use of Tor etc.

Contact Details

website:

Press Enquiries

No

General Enquiries

  • email:
  • telephone:
  • mobile phone / SMS text message:
  • fax:

Postal Address:

Social Media / Networks

Mainstream media print and broadcast journalists and politicians etc. i.e. influential people at which whistleblower leaks are targeted, are busy people, but can sometimes be enticed to read about whistleblower issues through Twitter or FaceBook or Blog RSS feeds etc.

Twitter

Yes c.f. individual journalist's profiles

FaceBook

No

Blog

Yes c.f. individual journalist's profiles

Google+

Yes c.f. individual journalist's profiles

Financial Donation methods

No

Currently accepting submissions of whistleblower leaks ?

Yes

Explicit promises about Anonymity, Privacy or Security

Yes

Restrictive legal Terms & Conditions

No, but Zeit Online is part of a big mainstream media group in Germany, so media & libel law etc. apply

Practical Advice on preserving Whistleblower Anonymity

Yes

via Google Translate

http://blog.zeit.de/open-data/2012/07/30/daten/

For your own safety, you should consider some points:

- Do not send information directly from your company computer and take it from this on to any contact from us. Should also get your personal computer at home do not use, because by its IP address you can be identified in doubt. Even if we save the mailbox no server logs, you can still reduce the risk further, that the donation data can be attributed to you. Take advantage of better equipment that you are not related, for example, in an Internet cafe or library.

- Pull data from an internal network, not on your own computer. Take advantage of external storage such as DVDs or USB sticks. If these are too obvious, for example, use an MP3 player. These devices can store any document type to see, but harmless than a blank DVD. In some systems, the storage of certain information is logged. It may therefore be useful to share data on paper or just photographing the screen.

- The circle of those who have access to internal information should not be too small to be a possible suspect, to guide you. He limited himself to a few people, you'd better take a distance of data before you make a donation or that the circle is larger. - If you want to call us, you buy an anonymous prepaid card and a used cell phone. Do not use your own device.

- If you want to email us, you never use one on your registered email address or an address with which you communicate otherwise. Use anonymous disposable addresses or get yourself an account under a false name with a free mail provider. Use this e-mail addresses of company computers or not your computer at home and use it also for other purposes than those intended. Use encryption techniques like PGP. The corresponding programs are free on the Internet.

- You can try your local IP address and therefore their identity in the network with services like TOR disguise. But anonymous email addresses and Internet cafes offer more security in doubt.

- Be patient and plan your donation information. About hasty or rash action could endanger you.

Leak Submission Encryption

Digital Certificate fingerprints published on their website:

No

However, the briefkasten open source application creates a web page which does advise you to check the SHA-1 and / or MD5 fingerprints of the SSl / TLS Digital Certificate of the website.

https://ssl.zeit.de/briefkasten/fingerprint

via Google Translate:

The integrity of the connection, you can use a so-called "fingerprints" check. Your browser can be found in the address bar a lock icon, hide behind the certificate information for this page. The "fingerprint", a long combination of numbers and letters that you find under the name "SHA1". Compare the displayed online "fingerprint" with the published in the print TIME combination. Both must agree. Only then is it guaranteed that the data upload takes place over a man of integrity, secure connection.

Since they seem to have forgotten to actually publish these fingerprints, here they are:

https://ssl.zeit.de/briefkasten/submit

https://ssl.zeit.de

Serial No: 7573 46AC 9F5C FCB3 8E2A 1F30 47C5 0526

Valid until: 15-Dec-2012 23:59:59 GMT

SHA-1: 8F:A6:19:69:0E:7E:D5:3B:9F:75:4B:09:6A:4E:35:4A:8C:54:CE:2F

MD5: 5B:43:49:6F:D6:2A:5F:0F:47:CB:8D:3C:CB:8C:63:B5

Qualsys SSLLabs SSL Server Test rating:

https://www.ssllabs.com/ssltest/analyze.html?d=ssl.zeit.de

Overall rating: **A [85]**

Certificate: 100

Protocol Support: 85

Key Exchange 80

Cipher Strength: 90

Not vulnerable to BEAST man in the middle attack e.g. at public WiFi hotspots


PGP Public Encryption Key

No specific Zeit Online briefkasten PGP key, even though the application claims to use PGP / GPG encrypted emails.

Very unusually for a mainstream media publication, the entire team of investigative journalists and editors appear to have published PGP Key Server links to their PGP Encryption / Signing keys

Wolfgang Blau
Chefredakteur von ZEIT ONLINE
http://community.zeit.de/user/wolfgang-blau
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE79EE24BA9E991D3
wolfgang.blau@zeit.de
Domenika Ahlrichs
Stellvertretende Chefredakteurin, ZEIT ONLINE
http://community.zeit.de/user/domenika-ahlrichs
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x6D92E32D20D8B4EC
dominika.arlichs@seit.de
Karsten Polke-Majewski
Stellvertretender Chefredakteur, ZEIT ONLINE
http://community.zeit.de/user/polkemajewski
N.B. no PGP key link on his profile page, but there is this PGP Key on the Keyservers
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x18F9EAB53894CC62
polke-majewski@zeit.de
Kai Biermann
Redakteur im Ressort Digital, ZEIT ONLINE
http://community.zeit.de/user/kai-biermann
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x38161797D4518B42
kai.berman@zeit.de
Martin Kotynek
Investigativ-Ressort, DIE ZEIT
http://community.zeit.de/user/martink-0
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC054E132F7576DCD
martin.kotynek@zeit.de 
Yassin Musharbash
Investigativ-Ressort, DIE ZEIT
http://community.zeit.de/user/yassin-musharbash
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB9303F5890129231
yassin.musharbash@zeit.de
Daniel Müller
Investigativ-Ressort, DIE ZEIT
http://community.zeit.de/user/daniemul
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC5EC44E1FBD6D12E
daniel.müller@zeit.de

TOR Hidden Service

No

I2P eepsite

No

PrivacyBox.de

No

Hushmail Secure Form

No

Content Delivery Network

Content Delivery Networks can provide scalable multimedia bandwidth and resistance to Denial of Service attacks, but sometimes this comes at the price of extra tracking and reduced anonymity for whisteblower sources.

Akamai

No

CloudFlare

No

Leak Submission Anonymity

Some of these techniques are appropriate for a normal website like this wiki, but not for whistleblower or tipoff websites, where potential whistleblower source anonymity protection should be paramount:

TOR users blocked from access

No

3rd Party or persistent tracking cookies or graphics

No

CAPTCHA graphics generated from another website e.g. GoogleRe-Captcha

No

Mixed mode non-SSL graphics or style sheets

No

Embedded video clips or deep linked graphics etc. from another website e.g. YouTube

No

Flash file uploader class

No

Communications / Acknowledgement back to the whistleblower via the website

Yes

A unique submission ID is randomly generated, which can be used to access a dropbox for two way messaging / feedback from the journalists

Acknowledgement of receipt of information

e.g. file upload success indicator - has the leak message or upload actually been received successfully ?

Yes


Leak analysis work flow status reporting

e.g. Has anyone actually looked at what the whistleblower has submitted ?

No

Private message box

e.g for 2 way communications back to the anonymous whistleblower, asking for clarification, offering advice etc.

Yes

Domain Name Resilience

The threats of legal court proceedings against Domain Name Registrars and Domain Name Service providers are lessons which WikiLeaks.org emulators should take note of:

Domain Name Registrar

IP address: 217.13.68.185

Host name: ssl.zeit.de

directly with denic.de

Multiple Internet Service Providers, in different legal jurisdictions ?

No

Domain Name Server(s) & jurisdiction(s)

ns1.zeit.de [194.77.156.199]

ns2.zeit.de [194.77.157.198]

ns7.zeit.de [217.13.68.132]

Germany

Alternate Domain Name aliases

No

Actual Physical Mirrors of the website:

No

Content available via BitTorrent etc P2P etc.

No

Hosting of Mirrors of other whistleblowing websites

No

Open Source software published

Yes !

https://github.com/ZeitOnline/briefkasten

briefkasten is a reasonably secure web application for submitting content anonymously. It allows to upload attachments which are then sanitized of a number of meta-data which could compromise the submitters identity. Next, the sanitized files are encrypted via GPG and sent via email to a pre-configured list of recipients. The original (potentially 'dirty') files are then deleted from the file system of the server. Thus, neither should admins with access to the server be able to access any submissions, nor should any of the recipients have access to the unsanitized raw material.

Upon successful upload the submitter receives a unique URL with a token that he or she can use to access any replies the recipients may post. That reply is the only data persisted on the server.

The current implementation should be ready for general use on a functional level, the only part that is (currently) hard-coded for the specific deployment at ZEIT ONLINE is the HTML markup in the templates and static assets such as logos and CSS, but these are easily modified, so in theory anybody should be able to host their own secure briefkasten with minimal setup pain.

A future release may contain more configurable options, but for now the main goal of publishing the code is transparency with re-usability coming in second.

This application could do with a random and / or user configurable delay between uploading a file and emailing it from the web server to the target email addresses.

Ideally there should also be regular dummy encrypted "cover traffic" streams (with randomly sized or padded attachments) into which the real emails can be hidden.

Personal tools