Feeds

Wikileaks taunts Pentagon with server mirrors in USA

Iraq War Logs hosted by...Amazon

Build a business case: developing custom apps

WikiLeaks is using US-based servers run by Amazon.com to mirror its controversial data stash, including the classified "Iraq War Logs" released on Friday afternoon, according to internet records.

Since at least Friday night, the famous whistle-blowing site has been hosting data on Amazon's AWS infrastructure cloud, both in the US and Ireland, records collected by UK research outfit NetCraft show. WikiLeaks is also mirroring servers with French service provider Octopuce, according to NetCraft.

WikiLeaks has long maintained its central servers in Sweden with "bulletproof" hosting outfit PRQ. WikiLeaks founder Julian Assange has said that the servers are kept in Sweden because the country provides legal protection for disclosures on the site. To further guard against takedowns, PRQ keeps almost no information about its clientele and maintains few if any of its own logs.

Recently, the Swedish Pirate Party said that it's also hosting servers for WikiLeaks, and according to one report, some WikiLeaks servers are now inside a Cold War–era nuclear bunker that was carved out of a rock hill in downtown Stockholm.

But on Friday, after WikiLeaks defied warnings from the Pentagon and released nearly 400,000 classified US military documents involving the Iraq War, NetCraft showed that the site was mirroring these and other documents in the US, Ireland, and France, countries that don't offer the sort of protection provided by Sweden.

Wikileaks on Amazon

According to Santa Clara University law professor and tech law blogger Eric Goldman, Amazon may not be legally required to remove the content, but he says the company could be persuaded to do so.

"[Federal law] 47 USC 230 protects Amazon from being liable for WikiLeaks' content in most circumstances. The only relevant exception is that 230 does not protect Amazon if republishing the content constitutes a federal crime. I'm uncertain what crimes could apply to the content publication," Goldman told The Reg.

"However, even if Amazon is insulated from liability, I suspect Amazon will choose to remove the content 'voluntarily' (motivated by a little persuasion from the government), presumably citing a breach of its terms of service as a pretext.

"A more 'ideological' web host would probably fight more vigorously for its users' publishing rights than Amazon will."

The US, Ireland, and France mirrors were first noticed by technology consultant Alex Norcliffe. It's unclear why WikiLeaks is mirroring its servers in such unprotected locations. The move could be part of an effort to accommodate the added traffic expected following the release of the Iraq documents, and the organization may be trying to decentralize its data stash. But it's surprising that the whistle-blowers would use servers based in such countries.

We've contacted WikiLeaks through email addresses it has used in the past, and it has not responded. Presumably, the site's content is still hosted on "bulletproof" servers in Sweden, but these no longer show up in NetCraft's records.

We've also contacted Amazon, and it has yet to respond. Nor has the US Department of Defense, which condemned the release of the Iraq War Logs. The US government has long said that releasing such documents will endanger the lives of soldiers and civilians alike. "We deplore WikiLeaks for inducing individuals to break the law, leak classified documents and then cavalierly share that secret information with the world, including our enemies," the Defense Department press secretary said in a statement on Friday.

Some have speculated that WikiLeaks is now running US-based mirrors as some sort of publicity stunt. "They are waiting for the US to shut down those servers so that they can say 'Oh, look at the information the US doesn’t want you to know!'" said one commenter on Norcliffe's blog.

Norcliffe is less sure. "WikiLeaks has set a confusing new precedent for its approach to hosting; in the past much has been made of its reputation for putting its servers in bunkers in Sweden for apparent legal protection, and yet for this launch the primary websites are being served in some cases from US datacenters.

"I can't believe this is incompetence on WikiLeaks' part, but whatever their reason it also seems unlikely a US company like Amazon won't be under pressure soon from US authorities."

As Norcliffe points out, WikiLeaks doesn't appear to be using a CDN for global caching which might have otherwise accounted for an accidental or automatic mirror, but instead seems to be using "round-robin DNS" resolution targeted at definitive IP addresses chosen by the organization. This method is used on WikiLeaks.org, and WarLogs.wikileaks.org gives you a random IP from France, Ireland, or the US.

As recently as October 10, NetCraft records showed PRQ as WikiLeaks' hosting providers. But now, the only providers returned by the research outfit are Amazon and Octopuce. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
UK fuzz want PINCODES on ALL mobile phones
Met Police calls for mandatory passwords on all new mobes
Canadian ISP Shaw falls over with 'routing' sickness
How sure are you of cloud computing now?
Don't call it throttling: Ericsson 'priority' tech gives users their own slice of spectrum
Actually it's a nifty trick - at least you'll pay for what you get
Three floats Jolla in Hong Kong: Says Sailfish is '3rd option'
Network throws hat into ring with Linux-powered handsets
Fifteen zero days found in hacker router comp romp
Four routers rooted in SOHOpelessly Broken challenge
New Sprint CEO says he will lower axe on staff – but prices come first
'Very disruptive' new rates to be revealed next week
PwC says US biz lagging in Internet of Things
Grass is greener in Asia, say the sensors
Ofcom sees RISE OF THE MACHINE-to-machine cell comms
Study spots 9% growth in IoT m2m mobile data connections
O2 vs Vodafone: Mobe firms grab for GCHQ, gov.uk security badge
No, the spooks love US best, say rival firms
Ancient pager tech SMS: It works, it's fab, but wow, get a load of that incoming SPAM
Networks' main issue: they don't know how it works, says expert
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.