WikiLeaks nearly immune to takedown, says researcher
After DDOS attacks and the loss of its domain name, the WikiLeaks whistleblower site is as potent as ever
Computerworld - Massive network attacks and other punitive actions taken against WikiLeaks over the past few days only appear to have made the site and its contents far more resilient to takedown attempts, a security researcher said.
In the 10 days since WikiLeaks began releasing classified cables from the U.S Department of State, wikileaks.org was hit with massive denial of service attacks, the termination of its its domain hosting service, the loss of Amazon.com as a host, and the loss of PayPal, MasterCard and Visa Europe services.
Yet, in what's becoming an interesting case study in Internet resilience, WikiLeaks not only continues to serve up its controversial content, it appears to have bolstered its ability to do so, said James Cowie, chief technology officer at Renesys, an Internet monitoring firm.
Cowie has been tracking the WikiLeaks saga over the past few days and yesterday detailed the whistleblower Website's efforts to stay afloat in the face of growing adversity in a blog post.
Before WikiLeaks started releasing the classified State Department cables, its content was hosted by two Swedish ISPs and another based in France. WikiLeaks added Amazon.com's cloud server to the list earlier this month after it began releasing the documents, Cowie noted. Amazon quickly stopped hosting WikiLeaks, apparently over terms of service violations.
After Amazon's actions, WikiLeaks began hosting the wikileaks.org domain with two different ISPs one in France, and another in Sweden, Cowie said. Then a couple of days later, WikiLeaks' DNS provider, EveryDNS, terminated its domain name service.
In response, WikiLeaks established several new country-level domains, such as wikileaks.ch in Switzerland, wikileaks.at in Austria and wikileaks.cc in Cocos Islands. It then pointed the new domains back to existing IP addresses, or began having the new domains hosted with service providers in different countries.
The Swiss site (wikileaks.ch) itself has been heavily reinforced to avoid a repeat of what happened with EveryDNS, Cowie said. To mitigate the possibility of one DNS provider once again shutting off the domain as EveryDNS did, WikiLeaks this time has signed up with separate DNS service providers in eight different countries, including Switzerland, Canada and Malaysia.
A total of 14 different name servers across 11 different networks today provide authoritative name services for the wikileaks.ch domain, Cowie noted. "If you ask any of those 14 servers where to find wikileaks.ch, they'll point you to one of three differently routed IP blocks," in the Netherlands, Sweden and France, he added.
The geo-diversification makes it very hard to take WikiLeaks down, he said.
For the moment, the WikiLeaks content is hosted mostly on servers based in Europe. If WikiLeaks were to start hosting its content outside Europe as well, the challenge to those trying to stop the site will become even harder, Cowie said.
In addition to such moves, close to 1000 mirror sites serving up WikiLaks content have popped up around the globe over the last few days, he said.
"Within a couple days, the WikiLeaks web content has been spread across enough independent parts of the Internet's DNS and routing space that they are, for all intents and purposes, now immune to takedown by any single legal authority," Cowie wrote in his blog. "If pressure were applied, one imagines that the geographic diversity would simply double, and double again."
In an interview with Computerworld, Cowie added that even if WikiLeaks were taken down completely "bits and pieces of its content will probably be mirrored for ever," on the Internet, he said.
Just as important is the role that Google and Twitter played in making information available on WikiLeaks newly spawned sites and how to find them, he said,
"Even after the domain went away, people were Tweeting raw IP numbers" in order to let others know how to find WikiLeaks, Cowie said.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.
- Heartbleed bug can expose private server encryption keys
- FTC can sue companies hit with data breaches, court says
- 5-year-old hacks Xbox, now he's a Microsoft 'security researcher'
- State AGs probe Experian subsidiary's data breach
- NSA sniffing prompts Yahoo to encrypt traffic between its data centers
- Banks withdraw data breach claim against Target
- Bank abandons place in class-action suit against Target, Trustwave
- Banks' suit in Target breach a 'wake-up call' for companies hiring PCI auditors
- Gameover malware takes aim at Monster.com and CareerBuilder.com
- Security Manager's Journal: Stopping vendors from making us a Target
Read more about Security in Computerworld's Security Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts