WikiLeaks Emerging as Hydra-Like Web Entity That's Hard to Kill

By Fahmida Y. Rashid  |  Posted 2010-12-08

WikiLeaks Emerging as Hydra-Like Web Entity That's Hard to Kill

WikiLeaks keeps finding ways to stay online even as it gets hit with repeated denial-of-service attacks aimed at keeping people from accessing the site and despite decisions by technology and financial companies to terminate essential services. 

With each passing day it's getting harder to shut WeakiLeaks down, according to technology experts. "The harder you hit them, the bigger they get," wrote James Cowie, CTO at Internet monitoring firm Renesys. 

In the past 10 days since WikiLeaks began publishing thousands of leaked U.S. diplomatic messages, Amazon has canceled its hosting service, everyDNS terminated its domain name server services, and PayPal, PostFinance, MasterCard and Visa Europe have frozen its accounts.  

WikiLeaks continues to be hit by DOS attacks to shut down the site, with the first attack hitting hours before it published the first batch of diplomatic messages. Instead of relying on just one domain name service provider, the site currently has 14 name servers from 11 different providers in eight different countries, including Switzerland, Germany, Canada and Malaysia, listed in its WHOIS information.  

WikiLeaks has a number of other top-level domains in case gets knocked off line, including France, Germany, the Netherlands, Norway and Iceland. The geo-diversification makes it very hard to take WikiLeaks down, wrote Cowie. 

Shortly after U.S.-based DNS provider everyDNS terminated service, easyDNS' CEO said the company would be willing to work with WikiLeaks provided certain conditions were met. As the company is based in Toronto, easyDNS would not be subject to U.S. laws "with respect to takedown requests," said Mark Jeftovic.

As of Dec. 8, listed two easyDNS name servers. EasyDNS is also serving other WikiLeaks domains, according to Jeftovic. Last week, listed Nevada-based Rollernut for DNS, which has been replaced by EasyDNS. 

The DNS for WikiLeaks is "confined" to the Prolexic anycast name server, said Jeftovic. The four servers, deployed in "London, Hong Kong and on the east and west coasts of North America," were selected because Prolexic specializes in "soaking up DOS attacks" and they do that "very well," he wrote. Even anticipating that WikiLeaks will be attacked, easyDNS is "confident" that there will be "little effect" on other customer domains or even on WikiLeaks, Jeftovic said. 

Now that WikiLeaks is "spreading in a multi-mirrored fashion, it's really gone hydra now," he wrote. "There's no center of gravity" for attackers to take out, he said. 

WikiLeaks Servers Beyond U.S. Government Reach


Having multiple DNS providers ensures redundancy. So that even if some providers fall, the site remains up. "If you ask any of those 14 servers where to find, they'll point you to one of three differently routed IP blocks," in the Netherlands, Sweden and France, said Cowie. 

It appears that WikiLeaks has weaned itself off United States-based companies for most of its infrastructure needs as governments act against the site. The main homepage currently is a Swiss top-level domain and has the support of the Swedish Pirate Party, a political party in Sweden. 

Back in August, the party had promised to house the site's servers inside Sweden's Parliament building, which would protect the servers from legal action, if it won the election in September. Even though the party did not win any seats in Parliament, the party is providing bandwidth and hosting on its PirateISP service to WikiLeaks for free, "as part of its political mission," according a statement on the party's site. 

WikiLeaks still has its original host, Bahnhof, which operates in a Cold War-era nuclear bunker carved out of a rocky hill in downtown Stockholm. 

Cowie noted that WikiLeaks is still hosting content in Europe. If the site moves its content outside of Europe, it becomes even more of a challenge to stop the site, he said. Supporters have rallied to WikiLeaks, with mirror sites popping up each day. The list is currently over 1,000 sites, so even if the hosts go down, the mirrors will still have the content. 

United States officials and politicians have called on companies to sever ties with WikiLeaks and have tried to shut down or restrict access to the whistle-blowing site. "No responsible company-whether American or foreign-should assist WikiLeaks in its efforts to disseminate these stolen materials," said Sen. Joseph Lieberman of Connecticut, who heads the Homeland Security Committee, last week. 

The providers claimed to cut WikiLeaks off because of violations in their usage policies. claimed WikiLeaks violated its terms of services for hosting content it doesn't own. PayPal originally said in a statement that WikiLeaks violated its usage policy, although Osama Bedier, PayPal's vice president, told BBC on Dec. 8 that the company made the decision after receiving a letter from the State Department. Swiss bank PostFinance froze accounts because WikiLeaks founder Julian Assange was not a resident of Switzerland. 


Rocket Fuel