Wednesday, December 22, 2010

Cyber attack forces Wikileaks to change web address


Whistle-blowing website Wikileaks has been forced to change its web address after the company providing its domain name cut off service.
EveryDNS.net said it had terminated services because Wikileaks.org had come under massive cyber attacks.
But Wikileaks has already reappeared using a Swiss web address.
Wikileaks has also used the micro-blogging site Twitter to urge its fans to redistribute its "raw" net address so it can be viewed at any time.
This numerical internet protocol (IP) address remains live and accessible even when web domains - the normal "www" addresses used to access most sites - are unavailable.
Experts say it is likely that Wikileaks has done deals with lots of web hosting companies, although many are likely to back away from dealing with the controversial site in the light of recent web attacks.
There is also a published list of mirror sites, which Wikileaks hopes will provide constant access to the site.

The Main Leaks So Far

  • Several Arab leaders urged attack on Iran over nuclear issue
  • US instructs spying on key UN officials
  • China's changing relationship with North Korea
  • Yemen approved US strikes on militants
  • Personal and embarrassing comments on world leaders
  • Fears over Pakistan's nuclear programme
  • Afghan leader Hamid Karzai freed dangerous detainees
Some of these sites have simply copied Wikileaks' content and put it on a different web server, while others are using different domain names to point at the original content.
The more of these sites there are, the more difficult it will be to shut Wikileaks down, security analyst Paul Mutton told the BBC.
In France, Industry Minister Eric Besson has called for a ban of Wikileaks on French servers.
One of the mirror sites, Wikileaks.ch, is currently hosted on servers in France.
Downtime
In a post on Twitter, Wikileaks acknowledged that its domain had been "killed" by EveryDNS.net.
It was not clear how long disruption to the wikileaks.org site would last.
In a statement on its website, EveryDNS.net said it had issued a 24-hour termination notice to Wikileaks which ended at 0300 GMT on 2 December.
It said the domain wikileaks.org had become the target of "multiple distributed denial of service (DDOS) attacks".

Analysis

The net appears to be closing in on Wikileaks as more and more companies it relies on distance themselves from it.
Shutting down the main .org site will cause problems but it is by no means the end.
Its Twitter feed remains defiant, urging fans to log on via its IP address with the tweet "Free speech has a number: http://88.80.13.160".
In some ways, any attempts to cut off Wikileaks could be a case of too little, too late.
The thousands of secret US diplomatic cables at the heart of the controversy are already with media outlets.
A site as controversial and savvy as Wikileaks has plenty up its sleeve, like the mysterious encrypted file labelled 'insurance', which is believed to have been posted on Bit Torrent and is rumoured to contain all the leaks.
"These attacks have, and future attacks would, threaten the stability of the EveryDNS.net infrastructure, which enables access to almost 500,000 other websites," it said.
"Any downtime of the wikileaks.org website has resulted from its failure to use another hosted DNS service provider," it added.
Websites use hosting firms such as EveryDNS.net to translate their raw IP addresses to a more memorable web address such as Wikileaks.org.
But the IP address of a website will also direct users to the site.
One web expert explained that Wikileaks had managed to re-establish web access via a different address.
"Users visiting the www.wikileaks.ch website appear to be directed via a Swedish website on to a server in France which is now hosting their main website," explained Sebastien Lahtinen, director of web hosting firm NetConnex.
In a surprising twist, the .ch address is also hosted by EveryDNS.
"It seems a strange choice given that they pulled the plug on the .org address just a few hours ago," said Paul Mutton, a security analyst at internet services firm Netcraft. "It could be that Wikileaks is quite happy to play a cat and mouse game with them," he added.
'Death threats'
Using a Swiss domain could be Wikileaks anticipating the next line of attack - having its IP address de-registered, thinks Mr Mutton.
"Moving to a non-US domain makes sense. Its previous domain was registered with a US company and as such has to work within US laws, with potential for the government to lean on it and get it suspended," said Mr Mutton.
branding for Open Secrets programme
Stephen Sackur will be hosting a special programme debating the effect of the leaks - Wikileaks: Open Secret at 1630GMT on BBC World News & 1930GMT on the BBC World Service
Wikileaks founder Julian Assange is currently reported to be staying at a secret address in the UK.
In a question-and-answer session on the website of the Guardian newspaper, he said there had been threats against his life.
"We are taking the appropriate precautions to the degree that we are able when dealing with a super power," Mr Assange wrote.
He also called for criminal charges to be brought against Tom Flanagan, a former adviser to Canada's prime minister Stephen Harper.
Mr Assange was referring to Mr Flanagan's comments that "Assange should be assassinated... I think Obama should put out a contract ... I wouldn't feel unhappy if Assange does disappear".
When asked about the alternatives for Wikileaks' cache of material if it were to be "taken out" technically, Mr Assange said: "The Cable Gate archive has been spread, along with significant material from the US and other countries to over 100,000 people in encrypted form.
"If something happens to us, the key parts will be released automatically. Further, the Cable Gate archives is in the hands of multiple news organisations. History will win. The world will be elevated to a better place. Will we survive? That depends on you."
Wikileaks says its website has been under attack since it began publishing more than 250,000 classified US diplomatic cables.
The memos, which discuss US diplomatic relations and military activities, have been causing controversy across the world.
It turned to the online store Amazon to host its site but the company ended the agreement on Wednesday - a move welcomed by US officials.
Amazon said that it had not removed Wikileaks because of a government inquiry. Instead it said Wikileaks had failed to adhere to its terms of service.
"It's clear that Wikileaks doesn't own or otherwise control all the rights to this classified content. Further it is not credible that the extraordinary volume of 250,000 classified documents that Wikileaks is publishing could have been carefully redacted in such a way as to ensure that they weren't putting innocent people in jeopardy," Amazon said on its website.
But freedom-of-speech campaigners remain defiant.
"The first serious info war is now engaged. The field of battle is Wikileaks. You are troops," tweeted John Perry Barlow, founder of the Electronic Frontier Foundation.
Inception (Three-Disc Blu-ray/DVD Combo + Digital Copy)The Adventures of Sherlock HolmesKindle Wireless Reading Device, Wi-Fi, Graphite, 6" Display with New E Ink Pearl TechnologyDecision Points

Web attacks target human rights sites


Human rights groups and campaigners are being hit hard by huge web attacks launched by those opposed to their views, finds research.
Many web-based campaigning groups are being knocked offline for weeks by the attacks, it found.
The researchers expect the tempo of attacks to increase as the tools and techniques become more widespread.
It urged human rights groups and independent media groups to beef up their defences to avoid falling victim.
Flash flood
The research by the Berkman Center for Internet and Society at Harvard University tried to get a sense of how often human rights groups and independent media organisations are hit by what is known as Distributed Denial of Service (DDoS) attacks.
DDoS attacks try to knock a site offline by overwhelming it with data.
In the 12 months between August 2009 and September 2010 the research found evidence of 140 attacks against more than 280 different sites. The report acknowledged that these were likely to be the most high profile attacks and that many more had probably gone unreported.
"These attacks do seem to be increasingly common," said Ethan Zuckerman, one of the authors of the report.
While some attacks were triggered by specific incidents such as elections, others had no obvious cause, he said.

What is a DDoS attack?

  • A Distributed Denial of Service (DDoS) attack aims to make websites inaccessible
  • The attackers commonly use networks of compromised computers - called a botnet - that they control to launch the attacks
  • By overwhelming the target site with requests, the attackers can ensure that genuine visitors cannot reach the site
  • These requests look like genuine web traffic so can be hard to filter out
  • Typically, such attacks have been aimed at high-profile websites, such as those belonging to government departments, banks and political organisations
The report cites a sustained DDoS attack on Novaya Gazeta, the website of Russia's most liberal indepedent newspaper.
Deputy executive editor Sergey Sokolov is not certain who attacked his website but suspects government-sponsored Kremlin Youth organisations.
The report finds that DDoS is increasingly being used as a political tool and as a form of protest.
Attacks that recruit participants in so-called volunteer DDoS are proving popular
The report gives the example of the organisation 'Help Israel Win' which recently invited individuals to install a software package, dubbed Patriot DDos, on their computers so the machine could be used to launch attacks, on what the authors assume would be Palestinian targets.
The most recent example of a volunteer DDoS comes from Anonymous, a loose-knit group of activisits, who used the method to launch attacks on the websites of firms it perceived to be anti-Wikileaks.
DDoS attacks could hit small media groups and campaigners hard because the organisations have such limited resources, said Mr Zuckerman.
"If you are a human rights organisation or independent media organisation you might be using an account you are paying £20 a month for and its very hard at that level of hosting to fend off DDoS," he told the BBC.
The attacks did not have to be prolonged, he said, to cause real problems for small campaigning groups.

Start Quote

There are certain attacks that seem to work if you have only one or two machines”
Ethan Zuckerman
"They just have to do it long enough to annoy their ISP and they will kick them off and then they have to find another place to host," said Mr Zuckerman.
Easy tools
The work of some groups only appears on the web, said Mr Zuckerman, so knocking them offline effectively silences the campaigners. It can take a long time for some to find a new host, upload content and re-build a site.
He said: "We see sites that do not come back online for two to three weeks."
The report also found that DDoS attacks are often only the most visible element of a much broader attack against a site or group.
"There's a very good chance that if you are experiencing DDoS you are being filtered, sent targeted e-mail to get access to your system or to snatch your passwords," he said.
Mr Zuckerman said some DDoS attacks logged in the report used hundreds or thousands of PCs in a botnet - networks of hijacked home computers - but others had just as big an effect with far fewer resources.
"There are certain attacks that seem to work if you have only one or two machines," he said.
What might cause problems in the future, he suggested, would be easy-to-use tools like those employed by Anonymous activists in support of Wikileaks.
"It seems like DDoS has become easier for more people to engage in," he said. "The threats do seem to be increasing."
In response, he said, rights groups needed to work hard to understand the threats and prepare in case they were hit.
"This community needs to get much, much smarter and much more knowledgeable," he said.
By following this main site :your favourite site BBC news Main site
Christmas Eve and Other StoriesNoelThe Cherry Tree - Songs, Carols & Ballads for ChristmasThe Nutcracker / Baryshnikov, Kirkland, Charmoli

Skype apologises for losing half of daily call traffic


Millions of people around the globe have been hit by an outage at the popular internet phone service Skype.
Users as far afield as Japan, Europe and the US have all reported problems.
The company which prides itself on providing relatively reliable service last suffered a major outage in 2007.
"We take outages like this really seriously and apologise for the inconvenience users are having," Tony Bates, Skype chief executive officer told BBC News.
"Right now it looks like clients are coming on and offline and sometimes they are crashing in the middle of calls. We are deep in the middle of investigating the cause of the problem and have teams working hard to remedy the situation," Mr Bates said.
On Skype's Twitter account, the company said their "engineers and site operations team are working non-stop to get things back to normal".
The news blog ReadWriteWeb said they have monitored complaints from users who reported that they are unable to log into the service and that the programme is crashing across all platforms, whether on their mobile device or PC.
Mr Bates did not rule in or rule out the possibility of a malicious attack and said "all avenues" were being explored.
He estimated that as a result of the outage, Skype has lost around 10 million calls.
Mr Bates told the BBC that normal call volume for the time of day would be 20m.
Om Malik, an industry commentator and editor of the Gigaom.com website, is not impressed.
"Skype is one of the key applications of the modern web," he said.
"It is already a hit with consumers, and over the past few years it has become part of the economic fabric for startups and small businesses around the world. I am not sure we can comprehend the productivity cost of this outage.
"The outage comes at a time when Skype is starting to ask larger corporations for their business. If I am a big business, I would be extremely cautious about adopting Skype for business, especially in light of this current outage," added Mr Malik.
Decision PointsKindle Wireless Reading Device, Wi-Fi, Graphite, 6" Display with New E Ink Pearl TechnologyThe Adventures of Sherlock HolmesCoffee People, Donut Shop K-Cups for Keurig Brewers (Pack of 50)