WikiLeaks nearly immune to takedown, says researcher
After DDOS attacks and the loss of its domain name, the WikiLeaks whistleblower site is as potent as ever
Computerworld - Massive network attacks and other punitive actions taken against WikiLeaks over the past few days only appear to have made the site and its contents far more resilient to takedown attempts, a security researcher said.
In the 10 days since WikiLeaks began releasing classified cables from the U.S Department of State, wikileaks.org was hit with massive denial of service attacks, the termination of its its domain hosting service, the loss of Amazon.com as a host, and the loss of PayPal, MasterCard and Visa Europe services.
Yet, in what's becoming an interesting case study in Internet resilience, WikiLeaks not only continues to serve up its controversial content, it appears to have bolstered its ability to do so, said James Cowie, chief technology officer at Renesys, an Internet monitoring firm.
Cowie has been tracking the WikiLeaks saga over the past few days and yesterday detailed the whistleblower Website's efforts to stay afloat in the face of growing adversity in a blog post.
Before WikiLeaks started releasing the classified State Department cables, its content was hosted by two Swedish ISPs and another based in France. WikiLeaks added Amazon.com's cloud server to the list earlier this month after it began releasing the documents, Cowie noted. Amazon quickly stopped hosting WikiLeaks, apparently over terms of service violations.
After Amazon's actions, WikiLeaks began hosting the wikileaks.org domain with two different ISPs one in France, and another in Sweden, Cowie said. Then a couple of days later, WikiLeaks' DNS provider, EveryDNS, terminated its domain name service.
In response, WikiLeaks established several new country-level domains, such as wikileaks.ch in Switzerland, wikileaks.at in Austria and wikileaks.cc in Cocos Islands. It then pointed the new domains back to existing IP addresses, or began having the new domains hosted with service providers in different countries.
The Swiss site (wikileaks.ch) itself has been heavily reinforced to avoid a repeat of what happened with EveryDNS, Cowie said. To mitigate the possibility of one DNS provider once again shutting off the domain as EveryDNS did, WikiLeaks this time has signed up with separate DNS service providers in eight different countries, including Switzerland, Canada and Malaysia.
A total of 14 different name servers across 11 different networks today provide authoritative name services for the wikileaks.ch domain, Cowie noted. "If you ask any of those 14 servers where to find wikileaks.ch, they'll point you to one of three differently routed IP blocks," in the Netherlands, Sweden and France, he added.
The geo-diversification makes it very hard to take WikiLeaks down, he said.
For the moment, the WikiLeaks content is hosted mostly on servers based in Europe. If WikiLeaks were to start hosting its content outside Europe as well, the challenge to those trying to stop the site will become even harder, Cowie said.
In addition to such moves, close to 1000 mirror sites serving up WikiLaks content have popped up around the globe over the last few days, he said.
"Within a couple days, the WikiLeaks web content has been spread across enough independent parts of the Internet's DNS and routing space that they are, for all intents and purposes, now immune to takedown by any single legal authority," Cowie wrote in his blog. "If pressure were applied, one imagines that the geographic diversity would simply double, and double again."
In an interview with Computerworld, Cowie added that even if WikiLeaks were taken down completely "bits and pieces of its content will probably be mirrored for ever," on the Internet, he said.
Just as important is the role that Google and Twitter played in making information available on WikiLeaks newly spawned sites and how to find them, he said,
"Even after the domain went away, people were Tweeting raw IP numbers" in order to let others know how to find WikiLeaks, Cowie said.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
- Snowden advocates at SXSW for improved data security
- Joomla receives patches for zero-day SQL injection vulnerability, other flaws
- NSA used 'European bazaar' to spy on EU citizens
- Target CIO resigns following breach
- Evan Schuman: Mobile IT Roach Motel: Data checks in, but it won't check out
- Sears finds no evidence of data breach -- yet
- Gameover malware is tougher to kill with new rootkit component
- Mobile app for RSA Conference exposes personal data
- UK man charged with hacking Federal Reserve
- Bloomberg clamps down with data-access policies after scandal
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts