Home > Security

Computerworld - Massive network attacks and other punitive actions taken against WikiLeaks over the past few days only appear to have made the site and its contents far more resilient to takedown attempts, a security researcher said.

In the 10 days since WikiLeaks began releasing classified cables from the U.S Department of State, wikileaks.org was hit with massive denial of service attacks, the termination of its its domain hosting service, the loss of Amazon.com as a host, and the loss of PayPal, MasterCard and Visa Europe services.

Yet, in what's becoming an interesting case study in Internet resilience, WikiLeaks not only continues to serve up its controversial content, it appears to have bolstered its ability to do so, said James Cowie, chief technology officer at Renesys, an Internet monitoring firm.

Cowie has been tracking the WikiLeaks saga over the past few days and yesterday detailed the whistleblower Website's efforts to stay afloat in the face of growing adversity in a blog post.

Before WikiLeaks started releasing the classified State Department cables, its content was hosted by two Swedish ISPs and another based in France. WikiLeaks added Amazon.com's cloud server to the list earlier this month after it began releasing the documents, Cowie noted. Amazon quickly stopped hosting WikiLeaks, apparently over terms of service violations.

After Amazon's actions, WikiLeaks began hosting the wikileaks.org domain with two different ISPs one in France, and another in Sweden, Cowie said. Then a couple of days later, WikiLeaks' DNS provider, EveryDNS, terminated its domain name service.

In response, WikiLeaks established several new country-level domains, such as wikileaks.ch in Switzerland, wikileaks.at in Austria and wikileaks.cc in Cocos Islands. It then pointed the new domains back to existing IP addresses, or began having the new domains hosted with service providers in different countries.

The Swiss site (wikileaks.ch) itself has been heavily reinforced to avoid a repeat of what happened with EveryDNS, Cowie said. To mitigate the possibility of one DNS provider once again shutting off the domain as EveryDNS did, WikiLeaks this time has signed up with separate DNS service providers in eight different countries, including Switzerland, Canada and Malaysia.

A total of 14 different name servers across 11 different networks today provide authoritative name services for the wikileaks.ch domain, Cowie noted. "If you ask any of those 14 servers where to find wikileaks.ch, they'll point you to one of three differently routed IP blocks," in the Netherlands, Sweden and France, he added.

The geo-diversification makes it very hard to take WikiLeaks down, he said.

For the moment, the WikiLeaks content is hosted mostly on servers based in Europe. If WikiLeaks were to start hosting its content outside Europe as well, the challenge to those trying to stop the site will become even harder, Cowie said.

In addition to such moves, close to 1000 mirror sites serving up WikiLaks content have popped up around the globe over the last few days, he said.

"Within a couple days, the WikiLeaks web content has been spread across enough independent parts of the Internet's DNS and routing space that they are, for all intents and purposes, now immune to takedown by any single legal authority," Cowie wrote in his blog. "If pressure were applied, one imagines that the geographic diversity would simply double, and double again."

In an interview with Computerworld, Cowie added that even if WikiLeaks were taken down completely "bits and pieces of its content will probably be mirrored for ever," on the Internet, he said.

Just as important is the role that Google and Twitter played in making information available on WikiLeaks newly spawned sites and how to find them, he said,

"Even after the domain went away, people were Tweeting raw IP numbers" in order to let others know how to find WikiLeaks, Cowie said.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com.

Read more about Security in Computerworld's Security Topic Center.