On Thursday morning, the Justice Department unsealed an indictment against WikiLeaks founder Julian Assange that was obtained March 8, 2018. (It has been under seal since then, although its existence was revealed accidentally late last year.) The indictment includes one criminal count: conspiracy to commit computer intrusion.
What does that actually mean? What is Assange alleged to have done? Allow us.
What the conspiracy charge means
In July 2018, we spoke by phone with Robert Weisberg, a Stanford law professor, about criminal conspiracy charges. (The context was the overlap between “conspiracy” and “collusion.")
“Conspiracy is an agreement to do a crime plus some overt act in that direction. It’s really that simple,” he explained. A crime doesn’t need to be committed, he noted, just an agreement to try to commit a crime and making an overt attempt to commit it.
“You can punish the agreement and the overt act even if no one comes very, very close to committing the crime,” Weisberg said.
So: Agreement to commit a crime and an overt act.
The indictment identifies each of these explicitly. In this case, the crime to which Assange and former Army specialist Chelsea Manning agreed was “computer intrusion” — or, colloquially, hacking.
The two, the indictment states, attempted “to knowingly access a computer, without authorization and exceeding authorized access, to obtain [classified] information” and to “willfully communicate, deliver, transmit, and cause to be communicated, delivered, or transmitted the same, to any person not entitled to receive it” — Assange and WikiLeaks.
The indictment also includes three overt acts.
- Manning allegedly booted a computer from a CD containing the Linux operating system, allowing her to access a file that otherwise required higher-level security access.
- Manning provided part of a password to Assange for him to try to decrypt.
- Assange asked Manning for more information about the password to help him and his team do that.
If you’re wondering what “decrypt” means, keep reading.
What Assange is alleged to have done
The indictment apparently centers on messages Manning and Assange exchanged in March 2010. Full transcripts of those conversations have been published online.
The following exchange occurred March 8, 2010. (All spelling and punctuation are from the original.)
MANNING: any good at lm hash cracking?
we have rainbow tables for lm
MANNING: [sends a string of letters and characters]
i think its lm + lmnt
need sleep >yawn>
not even sure if thats the hash... i had to hexdump a SAM file, since i dont have the system file...
ASSANGE: what makes you think it’s lm?
its from a SAM?
ASSANGE: passed it onto our lm guy
The following exchange occurred March 10, 2010.
ASSANGE: any more hints about this lm hash?
no luck so far
This is going to look like Greek to most people, understandably.
What’s important to know here is what a hash is. When you create a password for a website or an operating system, that password isn’t usually saved in the system as the same string of characters you entered (what’s called “cleartext”). If it were and someone accessed the database of users, they’d immediately have access to everyone’s password. Instead, passwords are usually hashed, or converted into a string of seeming gibberish like what Manning sent Assange. They’re encrypted, in other words — and would then need to be decrypted.
Here’s how it works. If you enter “rocket,” it might come out as “fjdj2jf0agh2l6hs.” If you enter “Now is the winter of our discontent,” it might come out as “wldm6903nf90shg5.” Those values — all the same length for any system — are what’s stored in the database. When you come back to the site and enter “rocket,” the word is rehashed as “fjdj2jf0agh2l6hs” and compared to the database — a match. If you accidentally enter “ricket,” the hash would be different — say, “kvnbm4h1o59dso73.” The system compares that to “fjdj2jf0agh2l6hs” — no match.
What Manning offered Assange was an LM hash, a password encrypted with the hashing function used by Windows. (She later said it might be LMNT, a more recent Windows hashing function.) Assange offers to help, saying that his team has “rainbow tables” for LM.
A rainbow table is essentially a giant database of which words will result in which hash strings. In other words, if you were to search the table for “fjdj2jf0agh2l6hs,” it would return “rocket.”
Well, maybe. First, it would return “rocket” only if the rainbow table matched the hashing function that was used in the first place. That’s why Assange notes that he has a rainbow table for LM. If Manning’s password weren’t an LM hash, an LM rainbow table wouldn’t work. Interestingly, it might also not return “rocket” because multiple words can return the same hash. Maybe it returns “NewYorkKnicks,” which happens to generate the same hash. From the hacker’s perspective, that doesn’t matter: If another password generates the same hash, it will still allow access to the system.
Manning says she isn’t sure that’s the hash because she had to “hexdump a SAM file.” Presumably logged in to a computer with Linux, she accessed the Windows Security Account Manager, which stores hashed passwords in Windows, as raw data. As it turns out, it probably wasn’t the right hash for the password, both because Assange couldn’t find it in the rainbow table (“no luck so far”) and because the indictment says that Manning provided “part” of a password.
Again: That Assange couldn’t provide the password that generated the right hash, allowing Manning to access the computer, doesn’t matter. A conspiracy charge simply means that they allegedly wanted to hack the computer and allegedly took the above steps to do so.
The government presented a grand jury with an overt act aimed at committing a crime. Regardless of the merits of the case, it was enough to obtain an indictment and, therefore, Assange faces extradition to the United States.