On The Collateral Murder Video

I’m sure everybody has seen the video of the Apache helicopter crew shooting a group of civilians and two reporters. I wasn’t there so I’m no going to comment on the even itself, I’ll leave that to people who want to argue about that. But an interesting point is brought up by Bruce Schneier. The following was stated on the WikiLeak Twitter stream:

Finally cracked the encryption to US military video in which journalists, among others, are shot. Thanks to all who donated $/CPUs.

Bruce’s question is simple:

Surely this isn’t NSA-level encryption. But what is it?

So WikiLeaks is saying the Collateral Murder video was encrypted upon receipt. They rented “super computer time” to break the video encryption. So what the Hell scheme was used to break the encryption? Although Wikipedia is far from a valid source of information I’m going to link to the article on AES encryption because it gives a good overview. Specifically this part:

The National Security Agency (NSA) reviewed all the AES finalists, including Rijndael, and stated that all of them were secure enough for US Government non-classified data. In June 2003, the US Government announced that AES may be used to protect classified information:

The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and 256) are sufficient to protect classified information up to the SECRET level. TOP SECRET information will require use of either the 192 or 256 key lengths. The implementation of AES in products intended to protect national security systems and/or information must be reviewed and certified by NSA prior to their acquisition and use.”[8]

So considering this video was classified it would most likely have been encrypted using AES. There are some attacks currently available against AES but none of them allow breaking in a reasonable amount of time (depending on the implementation of AES used of course). Of course there is the possibility that the video was encrypted using a poorly chosen key and the WikiLeaks people simply performed a brute force attack against the video. It would seem idiotic that somebody would both encrypting this video using a strong encryption algorithm but not both using a good key. Then again this is the government we’re talking about and they are known for incompetence.

I would like to hear from WikiLeaks what method was used to encrypted this video. It would be interesting to find out not only what algorithm was used but also if the video was encrypted by the military, other government personnel, or the person who leaked the video.