The Hourglass Turneth
- WikiLeaks always knew it would make many powerful enemies. Its Swedish servers are housed in a bomb shelter, it helped redraft the freedom of speech laws in Iceland to allow it to release controversial data and all its employees to engage in encrypted chat.
- But days before the release of the US diplomatic cables on November 28, WikiLeaks faced an unprecedented and crippling denial-of-service attack that brought down its server with billions of hits.
- The site then moved to Amazon’s server that features a capacity to accommodate growing hits.
- But on December 1, Amazon booted out WikiLeaks. It then moved to multiple servers in Europe.
- The day after, EveryDNS, which linked wikileaks.org to the numerical IP address, stopped its service.
- WikiLeaks tweets its IP address, it’s retweeted around the world. Thousands of mirror sites of WikiLeaks come up, each with a separate IP address to prevent any effective ban.
- PayPal, Visa and MasterCard, which allowed the site to receive online donations, pull back services
- Hackers supporting WikiLeaks bring down the sites of PayPal, Visa and MasterCard. Also targeted successfully is PostFinance that freezes Assange’s legal defence fund.
- The legal noose around Assange tightens too. WikiLeak’s servers continue to be attacked but it keeps releasing cables valiantly.
As WikiLeaks sparks off a furious debate on the limits of free speech and redefines journalism, it has also split the shadowy world of ‘hacktivists’, or those who infiltrate websites for an avowed goal, into two warring camps. On one side is a brigade of hackers like ‘Jester’, a former soldier who’s a veteran of umpteen cyber attacks on Islamist websites. Keeping aside his pet hate, this time he joined the troops arrayed against WikiLeaks because he believes the site has endangered the lives of real, presumably American, soldiers in Afghanistan and Iraq. He can partly claim the credit for the WikiLeaks site temporarily crashing as it prepared to release US diplomatic cables on November 28.
Opposing the forces that include Jester is Anonymous, an indefatigable group of hackers who not only want to avenge the attacks on WikiLeaks but also ensure that the American diplomatic cables and other secret data continue to surface on the internet. The credo of Anonymous is as radical as it gets: “To move to censor content on the internet based on your own prejudice is, at best, laughably impossible. The unjust restrictions you impose on us will meet with disaster, and only strengthen our resolve to disobey and rebel against your tyranny.” The rhetoric testifies to Anonymous’s certitude about the hacking skills of its members, who brought down the websites of PayPal, Visa and MasterCard that stopped facilitating online donations to WikiLeaks. “We do not forgive; we do not forget. Expect us,” they said chillingly, savouring their gains in the ongoing internet war.
It was actually the anti-WikiLeaks hackers, some of whom probably enjoy the backing of the US and other governments, who first donned their battle fatigues and began to deploy their cyber arsenals as soon as word got around about the imminent release of cables starting November 28. Earlier that week, Jester and his comrades fired their first volley against the WikiLeaks site—through worm-infected files that spread on the internet, they took control over hundreds of thousands of computers worldwide. They then got these machines to log on to WikiLeaks en masse and weighed down its server, creating the hacking equivalent of carpet-bombing the enemy territory. Called a DDOS (distributed denial-of-service) attack, it reduced WikiLeaks to a badly ravaged, inoperable site.
Varun Srivastava of Delhi’s APPIN Technologies, a company that trains ‘ethical hackers’, explains: “Any server has a maximum limit of how many access requests it can process at any given time. Because of the DDOS attack, WikiLeaks was getting as many as 10 billion hits per second, way beyond its server’s capacity.” The sheer ferocity of the attack can be gleaned from the fact that, in contrast, Google.com, which presumably has far more powerful servers, handled about 3.2 billion hits through all of October this year. James Lewis of the Centre for Strategic and International Studies, Washington, feels WikiLeaks shouldn’t complain about the attack: “It’s their own medicine—they may not like the taste.”
A resilient WikiLeaks swiftly opened a new front, moving to Amazon’s advanced Elastic Cloud Computing server, the capacity of which expands to accommodate the increase in hits on all the websites it hosts. The shift enabled WikiLeaks to recover from the saturation bombing it had been subjected to. But Amazon, most likely under pressure from the US government, suddenly snapped its ties with WikiLeaks on December 1, claiming it had violated two essential clauses of the hosting contract. First, WikiLeaks couldn’t guarantee that it owned the copyright to all the information it was placing online. Second, it couldn’t assure that its actions wouldn’t lead to any injuries to individuals.
On December 2, the anti-WikiLeaks camp won a new, invaluable ally in EveryDNS, a firm which helps route traffic on the internet, when it discontinued its service to WikiLeaks, claiming that DDOS attacks were threatening its infrastructure. DNS (or domain name server) is a technology that allows the alphabetical internet address that we key in for any site (like www.wikileaks.org) to be connected with the numerically encrypted IP address of the same website. Domain names are used because humans naturally tend to remember meaningful alphabetical combinations more easily than numerical ones. So without Everydns’s help, anyone who punched in www.wikileaks.org couldn’t access the site. (The .org address for WikiLeaks was still unavailable at the time of writing this report.) Then came the ultimate betrayal: several big financial services, like PayPal, Visa and MasterCard, announced they would not accept donations for WikiLeaks.