knowledgeempire.org

We were wrong. It was too soon. They criminalized knowledge. Now what?

Wikileaks

WikiLeaks’ Annoying Vulnerabilities

Posted by KnowledgeEmpire on December 5, 2010 0 Comments

Read Next →

Assange in Court

The Mother of all Arguments against #WikiLeaks, #Assange
A recent accusation to hit the media deserves some attention. We are not, after all, blind followers. Our mission is the pursuit of truth and that means looking at both sides of the argument.

 

Facts

  • WikiLeaks was using the services of EveryDNS.net. EveryDNS.net provides the free service linking ip addresses to domain names. (Properly speaking, it routes Internet traffic from domain names to IP addresses, thus resolving a hostname (like “Wikileaks.org”) to the IP address assigned by an ISP.) 

     

  • EveryDNS.net did not “take down WikiLeaks”. It was forced to terminate the services it was providing to Wikileaks because Wikileaks.org was targetted by multiple DDOS (multiple distributed denial of service) attacks. 

     

  • The DDOS attacks threatened the stability of the EveryDNS.net infrastructure itself, and this instability directly affects approximately 500,000 other websites that use EveryDNS’s services. 

     

  • So EveryDNS attempted to contact WikiLeaks on Wednesday December 1st to inform them that it was going to have to drop WikiLeaks within in 24 hours. “It reached out to WikiLeaks on the e-mail address associated with the account, on Twitter, and visited the group’s encrypted chat room to try and pass word to the staff” (Source)

     

  • 24 hours isn’t much notice, but EveryDNS did allegedly try to make contact. Let’s assume they did. 

These facts raised a few questions.

Arguments

Suspicions about WikiLeaks

(Some of these are explicitly found in the much-circulated article, “WikiLeaks Attacks Reveal Surprising, Avoidable Vulnerabilities” from Wired magazine.)

Replies

 
It’s unclear why WikiLeaks went with a free provider, instead of paying for bulletproof DNS that could withstand attack. It’s free. That’s incentive enough for anyone, and especially for an organization trying to keep its overhead low. Don’t pay for a service unless you have to.
But if anyone should want to go with a robust, “bulletproof” DNS service, WikiLeaks should! Having its domain name remain temporarily unresolved isn’t exactly disastrous. It just means you have to use the IP address to get to the site while its hostname is not associated with it. 

As Stephen Shankland of CNET tells us, “anyone with Wikileaks’s numeric internet address can get to the site without using the DNS, and Wikileaks offered instructions in a tweet: WIKILEAKS: Free speech has a number: http://88.80.13.160.” (source)

The real issue lies in the question of who was performing the DDOS attacks. This is what most of us were busy worrying about.
“If they wanted to help users get past their DNS problems, they could tweet for assistance, tweet their IP addy and ask to be re-tweeted…” observed one poster to the mailing list for the North American Network Operating Group. “So at the very least, they are guilty of not being imaginative.” WikiLeaks did tweet: WIKILEAKS: Free speech has a number: http://88.80.13.160.” (source

WikiLeaks doesn’t needs to ask for retweets.

Again, having to use a number (as opposed to a name) in order to access the site isn’t exactly disastrous. Moreover, the WikiLeaks staff has been somewhat busy lately, as you might have heard–not too busy, however, to arrange for the setup of Wikileaks at http://wikileaks.piratenpartei.de (thanks to The Swiss Pirate Party) and at over 20 additional locations.

The only accusation you might bring forth against WikiLeaks that’s more ludicrous than lack of imagination is lack of bravery.

Thank you for your voicing your opinion.

Warmest regards,

K E

KnowledgeEmpire

Read Next →

Assange in Court

The Mother of all Arguments against #WikiLeaks, #Assange

Leave a Reply