Server geeks and conspiracy theorists wanting to own a little piece of history have a shot at owning the actual server that was at the center of a political firestorm after WikiLeaks used it to release more than 250,000 secret U.S. embassy cables in 2011.
The cables, leaked by U.S. Army Pvt. Bradley (now Chelsea) Manning, included video of U.S. airstrikes in Iraq and Afghanistan and 500,000 Dept. of Defense reports about the fighting that came to be known as the Iraq War logs and Afghan War logs. The leak, which led to an ongoing prosecution of WikiLeaks’ chief Julian Assange and a 35-year prison sentence under the Espionage Act for Manning, was the largest leak of restricted documents in U.S. history.
The actual server used to post and distribute all those secrets went on sale on eBay yesterday, after being put up for auction by the Swedish ISP WikiLeaks hired to host the server.
Until yesterday, the server was on display in a museum within the Thule Brunkow Ridge data center owned by Swedish hosting company Bahnhof, from which WikiLeaks rented the Dell pizza-box server in 2010.
Bahnhof – which refers to itself as a Free Speech ISP – doesn’t say why it took the server down from its pedestal and put it up for sale, but does promise the money will go to non-profit free-speech organizations Reporters Without Borders and the 5th of July Foundation.
“We burn for those causes, so I invite high bidders,” Bahnhof CEO Jon Karlung is quoted as saying in the company’s announcement.
The server comes with the hosting contract signed by Julian Assange, on which the identification number of the particular server is included.
The WikiLeaks version is currently bid up to $3,050. Non-politically affiliated versions sell on eBay for between $400 and $2,770, depending on condition and configuration.
The server includes the original hard drives and other hardware. The contents, once the subject of international scandal and intrigue, have been completely erased according to U.S. military security specification DoD 5220.22-M,(96-pp PDF) which requires every bit be overwritten several times and that each overwrite has to remain in memory longer than the classified data it replaces.
“The original information cannot be recreated, not even by the NSA,” according to the Bahnhof announcement.
That may not be accurate, however. In the same section that describes the proper technique to erase, overwrite or destroy classified data, the DoD 5220.22-M manual shouts “THIS METHOD IS NOT APPROVED FOR SANITIZING MEDIA THAT CONTAINS TOP SECRET INFORMATION.”
Security and data-destruction experts have been critical of the requirements. (Critique of DoD 5220.22-M posted here.)
It also constitutes an unauthorized exploitation of WikiLeaks’ name for marketing and fund-raising purposes, according to a snippy post on the WikiLeaks Twitter account.
Nevertheless, the server “constitutes a unique collector’s item,” according to Bahnhof, which always owned the physical server rented by WikiLeaks as part of a hosting contract, though it was never used for any other customer, according to the announcement.
“This is indeed the physical web server from which the leaked cablegate material was released, complete with hard drives, motherboard and everything! It can be plugged in and used immediately,” according to the announcement, which includes photos of Karlung holding the server in various action-movie-poster poses and includes Karlung’s own email address as a contact.