By Nidhi Shah, Research Scientist
Wikileaks, an information disclosure site, continues to top the headlines with the disclosure of some ~250,000 confidential U.S. government embassy cables. Since then, the site has been struggling to stay alive. While not getting into the politics of it, it’s truly fascinating to see an attack/counter attack game of keeping a site up against all adversaries.
Let’s take a look at the timeline* of events that have been kicked off since Wikileaks first announced the disclosure.
Nov 28, 2010
– Wikileaks started releasing ~250,000 U.S. embassy cables
Dec 1, 2010
– Amazon removed Wikileaks contents from its EC2 cloud
– Data visualization service Tableau Software (company that provided visualization for navigation into leaked cables) withdraws its support for Wikileaks
Dec 3, 2010
– EveryDNS.com experiences DoS attempts and withdraws its support for Wikileaks
– Wikileaks shifts to backup domain hosted in Switzerland (Wikileaks.ch)
Dec 4, 2010
– Paypal stops processing donations for Wikileaks
Dec 5, 2010
– French company OVH (hosted contents for Wikileaks) goes offline
– Pirate Party of Sweden takes over
Dec 6, 2010
– Mastercard stops processing payments for Wikileaks
– Wikileaks' server in Sweden gets DDoSed.
– Postfinance closes Wikileaks founder Julian Assange's account
Dec 7, 2010
– Visa stops processing payments for Wikileaks
– Wikileaks mirrors start to show up
Dec 8, 2010
– DDos against Mastercard services takes it down briefly
Dec 9, 2010
– Amazon survives DDos attacks
Tech View:
Wikileaks.org is down after its hosting providers kicked it out. However, in order to take it down, authorities had to go beyond the normal fare of DDos attacks and such. Instead, they had to use a power play to ensure that servers are not hosting it. The reason authorities had to use this power play is because cloud hosting services typically have better resilience toward such DoS attempts.
Regardless of how Wikileaks.org went down, the digital nature of the contents is still keeping it alive. Wikileaks.ch is now hosting the contents. Plus, there are some ~1100 mirrors of Wikileaks.org already available (and counting).
Warning for Users:
1. While Paypal and Mastercard have withdrawn their support for Wikileaks donations, other relatively unknown agencies have popped up to show their support. It is conceivable that attackers would try to take advantage of this situation to phish out those donations, so be on the look out for these sites.
2. There are many anonymous retaliation groups that are setting up botnets for facilitating DDoS attacks against organizations withdrawing their support for Wikileaks. They are recruiting into their bot army by requesting people to download an executable that will let their machine become part of the botnet. However, getting involved in any such activity would a) be illegal and b) potentially compromise the machine with some virus/spyware or other malicious program. Downloading these executables might open up a user’s system for further malicious gateways. In short, don't download these executables.
3. While most mirrors are claiming to host the original contents, there is no assurance that the material is legitimate. Further, mirrors are not vetted and it is very much possible that malicious groups can later use them to achieve their malicious intentions. Contents distributed as torrents are signed with a public key; however, Web sites are not. That said, be on the watch for these.
*NOTE: Most of the time line data is from
http://www.guardian.co.uk/media/2010/dec/07/wikileaks-under-attack-definitive-timeline.
