Wikileaks: So, this is what cyberwar looks like

A couple of days ago we wrote a small post thinking about ways in which Wikileaks could be taken off the Web. The conclusion was that Wikileaks might survive almost any type of concerted effort to remove it from the Internet. I was not really expecting the strength with which those words would be tested in the last few days.

It is important to explain how Wikileaks works in the wide scheme of things. To do that, I may have to explain a bit about how information gets around the Internet (those of you who know all of this stuff may move to the next paragraph). In its most basic form, the Internet is made up of two types of computers, clients and hosts. A client is simply any computer connected to the Internet. There are two types of hosts, a server, which is a computer that have software designed to deliver content on demand; and at the receiving end we have terminals and workstations; these are computers (or mobile devices) that have an Internet connection, but also software capable of receiving content, known as a client (e.g. browsers, mail clients, instant messaging). In between these types of hosts there is a vast array of intervening gateways (or routers), whose main function is to route the information from the servers to clients. One of the most important element in this architecture is the Domain Name System and the Internet Protocol. These are what allow a computer to know where to go when the address “www.google.com” is entered into a browser.  Every computer connected to the Internet has a numerical Internet Protocol address. Web servers are no exception, these are computers which store and serve files, and have domain names assigned to that address. As well as connecting to an Internet service provider, a computer has access to a domain name server (DNS) which stores information of which domain name is assigned to each address, allowing people to type these domains in their browser.  If you knew a server’s address, it would possible to connect directly without having to type its domain name, but this would make the entire system unwieldy. The Domain Name System allows ease of use because it assigns specific IP addresses to a domain name, and the DNS servers hold the information and route communication requests accordingly. ICANN controls the DNS system, and only recognised domain name registrars can issue domain names, that is, they can tie the IP address with its domain name, much like a person wearing a mask.

What does this have to do with Wikileaks? Wikileaks operates as a website that is hosted in a web server. This server has specific IP address assigned by the host, and as long as that computer is connected to the Internet, it will remain there. Before Wednesday, Wikileaks employed a few hosting services, mostly in Europe (main servers found in Sweden and France), but they had also bought hosting space in the cloud computing web services offered by Amazon. The Wikileaks domain name (wikileaks.org) was assigned by California domain name registrar EveryDNS.net, which also provided free DNS services.

The first hint that there would be a concerted attack on the way came on Wednesday when Amazon removed the Wikileaks content from its cloud computing servers alleging that Wikileaks placed innocent lives at risk, which contravenes their terms of use. Let us ignore the fact that there has not been a single documented case that none of the leaks have endangered any lives. Amazon’s agreement specifies that any breach of its Acceptable Use Policy will result in termination of the service. The AWP reads in the relevant section:

No Illegal, Harmful, or Offensive Use or Content.

You may not use the Services or AWS Site for any illegal, harmful or offensive use, or to transmit, store, display, distribute or otherwise make available content that is illegal, harmful, or offensive. Prohibited activities or content include:

  • Illegal Activities. Any illegal activities, including advertising, transmitting, or otherwise making available gambling sites or services or disseminating, promoting or facilitating child pornography.
  • Harmful or Fraudulent Activities. Activities that may be harmful to our users, operations, or reputation, including offering or disseminating fraudulent goods, services, schemes, or promotions (e.g., make-money-fast schemes, ponzi and pyramid schemes, phishing, or pharming), or engaging in other deceptive practices.
  • Infringing Content. Content that infringes or misappropriates the intellectual property or proprietary rights of others.
  • Offensive Content. Content that is defamatory, obscene, abusive, invasive of privacy, or otherwise objectionable, including content that constitutes child pornography, relates to bestiality, or depicts non-consensual sex acts.
  • Harmful Content. Content or other computer technology that may damage, interfere with, surreptitiously intercept, or expropriate any system, program, or data, including viruses, Trojan horses, worms, time bombs, or cancelbots.”

One could possibly claim that Wikileaks could fall under some of these categories, but no court has yet ruled on such thing. Similarly, Amazon’s Agreement allows for the removal of content that is “otherwise illegal or promotes illegal activities, including, without limitation, in a manner that might be libelous or defamatory or otherwise malicious or harmful to any person or entity, or discriminatory based on race, sex, religion, nationality, disability, sexual orientation, or age.” In my opinion, this sets a bad precedent for cloud computing services. All sorts of content is illegal in one jurisdiction or another, so what has happened with Amazon is not so much that Wikileaks acted against its terms of use, but that it was pressured politically to remove the content.

This attack did not bring down the site, Wikileaks was also hosted in other servers. What has been happening is that Wikileaks has been in constant cyberatttack since the cables were released. Undisclosed individuals have undertaken a massive Denial of Service attack against servers hosting Wikileaks. It is not possible to know who is behind such attacks, given the nature of the cables, anyone, from Russia to the United States, would probably have their secret cyberwar experts going after the site. Still, Wikileaks remained afloat despite the attacks.

Today we have witnessed the latest in a series of attacks against Wikileaks. EveryDNS announced that it would be cancelling Wikileaks.org DNS services it provided due to the burden it was causing to other users. They claimed:

“EveryDNS.net provided domain name system (DNS) services to the wikileaks.org domain name until 10PM EST, December 2, 2010, when such services were terminated. As with other users of the EveryDNS.net network, this service was provided for free. The termination of services was effected pursuant to, and in accordance with, the EveryDNS.net Acceptable Use Policy.

More specifically, the services were terminated for violation of the provision which states that “Member shall not interfere with another Member’s use and enjoyment of the Service or another entity’s use and enjoyment of similar services.” The interference at issues arises from the fact that wikileaks.org has become the target of multiple distributed denial of service (DDOS) attacks. These attacks have, and future attacks would, threaten the stability of the EveryDNS.net infrastructure, which enables access to almost 500,000 other websites.

Thus, last night, at approximately 10PM EST, December 1, 2010 a 24 hour termination notification email was sent to the email address associated with the wikileaks.org account. In addition to this email, notices were sent to Wikileaks via Twitter and the chat function available through the wikileaks.org website. Any downtime of the wikileaks.org website has resulted from its failure to use another hosted DNS service provider.”

Ah, the Tyranny of the Terms of Use again! It seems like Wikileaks will continue to be pursued in this manner. Because of the constant DDoS attacks, few commercial services will want to host it. Similarly, given the political pressure from the United States, it is also likely that large providers like Amazon will get involved. Moreover, strictly speaking, the cables ARE illegal, at the very least, they are infringing copyright, not to mention potential libel laws, government secret acts, and all sorts of other types of legislation.

So, is this the end of Wikileaks? Ha! You must be joking. There is something at which the Internet is really good at, it takes censorship as an attack to its infrastructure, and reroutes services to avoid the affected area. Just a few minutes after Wikileaks had its DNS services removed, the fact was advertised to the world via Twitter and Facebook. Because the site is still hosted somewhere, it is still possible to access the content via an IP address (at the time of writing, it was hosted at http://213.251.145.96 and http://46.59.1.2). Similarly, several mirrors and new DNS registrations started popping up everywhere, and Twitter has been reacting madly by tweeting and retweeting the latest IP address. Wikileaks managed to get a Swiss domain at http://wikileaks.ch, and another site has been created to keep track of the latest mirrors (http://wikileaks.info).

John Perry Barlow, in his trademark grandiose language, commented this morning the following:

The first serious infowar is now engaged. The field of battle is WikiLeaks. You are the troops.

This may be more true than what we might suspect. The Wikileaks affair has not only proved to be a diplomatic and political bomb, but it has unearthed the very important questions that lie at the heart of Internet governance. Here is a situation where the world’s biggest superpower wants to have a website erased from the face of the Web. Who will prevail? Given the distributed nature of the Internet, I know where my money is.

ETA: JFK on secrecy, “without debate, without criticism, no administration and no country can succeed, and no Republic can survive”.

ETA 2: The French government are now trying to remove Wikileaks from a server located in France.

ETA 3: And now PayPal has frozen donation accounts due to Terms of Use breach.

19 comments to Wikileaks: So, this is what cyberwar looks like

Leave a Reply