WikiLeaks recently published a mysterious 1.4GB file entitled “insurance.aes256″ on their Afghan War Logs page, with no explanation. While much speculation has been going on as to the origins and purpose of the file, I have not been able to find any evidence for any of these theories. Many sources are saying that it is an encrypted file. Some are saying that the file could be garbage or some kind of hoax. Others are saying that it is ‘insurance’ against WikiLeaks being taken down by the United States government.
You can download the insurance.aes256 file yourself using a BitTorrent client via this magnet link. If you don’t have a BitTorrent client, or can’t/don’t want to install one, you can use this BitLet link (requires Java.)
Because of the file’s name, many media sources such as Wired that are picking up this story are saying that the file is encrypted with the AES256 algorithm. This may not be true, as Wikileaks has not said anything about the file itself. Even if it really is an encrypted file, there would be no way to tell if it really is AES256 or some other algorithm.
Most good encryption algorithms produce output that is statistically random, meaning that the output of the encryption algorithm is indistinguishable from true random number sources (such as white noise, quantum effects, or nuclear radiation). This also means that output from one encryption algorithm is indistinguishable from another algorithm.
What this means for WikiLeaks is that the file could be just random numbers designed to fool everyone into thinking that it is something big, or it could be encrypted with a different algorithm than the file says (plausible deniability.)
The AES algorithm is used by some United States military intelligence systems. It is believed by some that AES has a secret backdoor put in place by the NSA. See this, this, this, and especially this, for starters! Several attacks have been discovered in the past on AES, such as the related-key and XSL attacks, that lower the number of operations it would require to brute-force an encrypted piece of information. If the NSA really does have a backdoor, and the file is what everyone is saying it is, someone in the government with sufficient security clearance may already know what is in the file without even having the encryption key. But enough with speculation, let’s move on to the analysis…
Using a small program written by John Walker, I ran a simple probability analysis to see if there were any statistical anomalies in the file. I wanted to see whether or not the file was statistically random. This might give us clues about the file.
The chart below shows the probability of each 8-bit byte, and some general statistics at the end.