Feeds

Wikileaks taunts Pentagon with server mirrors in USA

Iraq War Logs hosted by...Amazon

3 Big data security analytics techniques

WikiLeaks is using US-based servers run by Amazon.com to mirror its controversial data stash, including the classified "Iraq War Logs" released on Friday afternoon, according to internet records.

Since at least Friday night, the famous whistle-blowing site has been hosting data on Amazon's AWS infrastructure cloud, both in the US and Ireland, records collected by UK research outfit NetCraft show. WikiLeaks is also mirroring servers with French service provider Octopuce, according to NetCraft.

WikiLeaks has long maintained its central servers in Sweden with "bulletproof" hosting outfit PRQ. WikiLeaks founder Julian Assange has said that the servers are kept in Sweden because the country provides legal protection for disclosures on the site. To further guard against takedowns, PRQ keeps almost no information about its clientele and maintains few if any of its own logs.

Recently, the Swedish Pirate Party said that it's also hosting servers for WikiLeaks, and according to one report, some WikiLeaks servers are now inside a Cold War–era nuclear bunker that was carved out of a rock hill in downtown Stockholm.

But on Friday, after WikiLeaks defied warnings from the Pentagon and released nearly 400,000 classified US military documents involving the Iraq War, NetCraft showed that the site was mirroring these and other documents in the US, Ireland, and France, countries that don't offer the sort of protection provided by Sweden.

Wikileaks on Amazon

According to Santa Clara University law professor and tech law blogger Eric Goldman, Amazon may not be legally required to remove the content, but he says the company could be persuaded to do so.

"[Federal law] 47 USC 230 protects Amazon from being liable for WikiLeaks' content in most circumstances. The only relevant exception is that 230 does not protect Amazon if republishing the content constitutes a federal crime. I'm uncertain what crimes could apply to the content publication," Goldman told The Reg.

"However, even if Amazon is insulated from liability, I suspect Amazon will choose to remove the content 'voluntarily' (motivated by a little persuasion from the government), presumably citing a breach of its terms of service as a pretext.

"A more 'ideological' web host would probably fight more vigorously for its users' publishing rights than Amazon will."

The US, Ireland, and France mirrors were first noticed by technology consultant Alex Norcliffe. It's unclear why WikiLeaks is mirroring its servers in such unprotected locations. The move could be part of an effort to accommodate the added traffic expected following the release of the Iraq documents, and the organization may be trying to decentralize its data stash. But it's surprising that the whistle-blowers would use servers based in such countries.

We've contacted WikiLeaks through email addresses it has used in the past, and it has not responded. Presumably, the site's content is still hosted on "bulletproof" servers in Sweden, but these no longer show up in NetCraft's records.

We've also contacted Amazon, and it has yet to respond. Nor has the US Department of Defense, which condemned the release of the Iraq War Logs. The US government has long said that releasing such documents will endanger the lives of soldiers and civilians alike. "We deplore WikiLeaks for inducing individuals to break the law, leak classified documents and then cavalierly share that secret information with the world, including our enemies," the Defense Department press secretary said in a statement on Friday.

Some have speculated that WikiLeaks is now running US-based mirrors as some sort of publicity stunt. "They are waiting for the US to shut down those servers so that they can say 'Oh, look at the information the US doesn’t want you to know!'" said one commenter on Norcliffe's blog.

Norcliffe is less sure. "WikiLeaks has set a confusing new precedent for its approach to hosting; in the past much has been made of its reputation for putting its servers in bunkers in Sweden for apparent legal protection, and yet for this launch the primary websites are being served in some cases from US datacenters.

"I can't believe this is incompetence on WikiLeaks' part, but whatever their reason it also seems unlikely a US company like Amazon won't be under pressure soon from US authorities."

As Norcliffe points out, WikiLeaks doesn't appear to be using a CDN for global caching which might have otherwise accounted for an accidental or automatic mirror, but instead seems to be using "round-robin DNS" resolution targeted at definitive IP addresses chosen by the organization. This method is used on WikiLeaks.org, and WarLogs.wikileaks.org gives you a random IP from France, Ireland, or the US.

As recently as October 10, NetCraft records showed PRQ as WikiLeaks' hosting providers. But now, the only providers returned by the research outfit are Amazon and Octopuce. ®

3 Big data security analytics techniques

More from The Register

next story
Virgin Media so, so SORRY for turning spam fire-hose on its punters
Hundreds of emails flood inboxes thanks to gaffe
A black box for your SUITCASE: Now your lost luggage can phone home – quite literally
Breakfast in London, lunch in NYC, and your clothes in Peru
AT&T threatens to pull out of FCC wireless auctions over purchase limits
Company wants ability to buy more spectrum space in auction
Turnbull leaves Australia's broadband blackspots in the dark
New Statement of Expectations to NBN Co offers get-out clauses for blackspot builds
Facebook claims 100 MEEELLION active users in India
Who needs China when you've got the next billion in your sights?
Facebook splats in-app chat, whacks brats into crack yakety-yak app
Jibber-jabbering addicts turfed out just as Zuck warned
Google looks to LTE and Wi-Fi to help it lube YouTube tubes
Bandwidth hogger needs tube embiggenment if it's to succeed
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.