WikiLeaks web address killed after week of attacks

 Everydns.net says attack against leaks site endangered other customers' service – effectively pushing site off the web

by Charles Arthur and Josh Halliday
Guardian in UK

(December 03, London, Sri Lanka Guardian) The US was today accused of opening up a dramatic new front against WikiLeaks, effectively "killing" its web address just days after Amazon pulled the site from its servers following political pressure.

The whistleblowers' website went offline for the third time in a week this morning, in the biggest threat to its online presence yet.

Joe Lieberman, chairman of the Senate's committee on homeland security, earlier this week called for any organisation helping sustain WikiLeaks to "immediately terminate" its relationship with them.

On Friday morning, WikiLeaks and the cache of secret diplomatic documents that have proved to be a scourge for governments around the world were only accessible through a string of digits known as a DNS address. The site later re-emerged with a Swiss domain, WikiLeaks.ch.

Julian Assange this morning said the development is an example of the "privatisation of state censorship" in the US and is a "serious problem."

"These attacks will not stop our mission, but should be setting off alarm bells about the rule of law in the United States," he warned.

The California-based internet hosting provider that dropped WikiLeaks at 3am GMT on Friday (10PM EST Thursday), Everydns, says it did so to prevent its other 500,000 customers of being affected by the intense cyber attacks targeted at WikiLeaks.

The site this morning said it had "move[d] to Switzerland", announcing a new domain name – wikileaks.ch, with the Swiss suffix. However, the new address still only points to a DNS address, suggesting WikiLeaks has been unable to quickly find a new hosting provider.

A new Germany-based WikiLeaks domain – wikileaks.dd19.de – also appeared on Friday morning, with its data apparently hosted in California. People have also taken to setting up alternative domain names that point to the WikiLeaks address. Robin Fenwick, a UK-based web services director, this morning launched Wikileeks.org.uk – a "joke domain" that points to the WikiLeaks DNS address.

In a statement on its website, the free everydns.net service said that the "distributed denial of service" (DDOS) attacks by unknown hackers – who are trying to knock WikiLeaks off the net – meant that the leaks site was interfering with the service being provided to other users. That in turn meant that WikiLeaks had broken everydns.net's terms of service, and it cut the site off at 3am GMT on Friday (10PM EST Thursday).

DNS services translate a website name, such as guardian.co.uk, into machine-readable "IP quads" – in that case 77.91.249.30, so that http://77.91.249.30 will show the Guardian site. If the DNS fails, the site is only reachable via IP address – but WikiLeaks has not yet provided one via Twitter or other means.

Everydns.net said that the attacks – which have been going on all week, and led the site to temporarily host its services on Amazon's more resilient EC2 "cloud computing" service – "threaten the stability of the EveryDNS.net infrastructure, which enables access to almost 500,000 other websites".

WikiLeaks was given 24 hours' notice of the termination, and everydns said: "Any downtime of the wikileaks.org website has resulted from its failure to use another hosted DNS service provider."

The move comes after several days of WikiLeaks coming under a determined DDOS attack, apparently from hackers friendly to the point of view of the US government, which has disparaged the site's leaking of thousands of US diplomatic cables.

US companies have also come under intense political pressure to remove any connection to, or support for, WikiLeaks. Amazon ended its hosting of the cables on its EC2 cloud computer service earlier this week, but last night insisted in a blogpost that its decision was not due to pressure from Senator Joe Lieberman, who has called for the removal of the data – and who has influenced at least one other US company to withdraw support for WikiLeaks data.

In a blogpost late on Thursday, Amazon said reports that government inquiries prompted it to remove the data were "inaccurate".

Amazon said:

"[Amazon Web Services] does not pre-screen its customers, but it does have terms of service that must be followed. WikiLeaks was not following them. There were several parts they were violating. For example, our terms of service state that "you represent and warrant that you own or otherwise control all of the rights to the content… that use of the content you supply does not violate this policy and will not cause injury to any person or entity". It's clear that WikiLeaks doesn't own or otherwise control all the rights to this classified content. Further, it is not credible that the extraordinary volume of 250,000 classified documents that WikiLeaks is publishing could have been carefully redacted in such a way as to ensure that they weren't putting innocent people in jeopardy."

It noted that:

"When companies or people go about securing and storing large quantities of data that isn't rightfully theirs, and publishing this data without ensuring it won't injure others, it's a violation of our terms of service, and folks need to go operate elsewhere."

But as commentators have pointed out, that stance is contradicted by the fact that Amazon has previously hosted the "war logs" from WikiLeaks which contained data about the US wars in Afghanistan and Iraq.

Connecting to WikiLeaks is presently not possible until it gets a new DNS service. WikiLeaks itself said on Twitter that the ending of DNS services was allegedly due to "claimed mass attacks" and called for further donations to "keep us strong".

Tell a Friend