WikiLeaks Mirror Sites Lose Web Hosting Services

Web host SiteGround has suspended the accounts of at least two WikiLeaks mirror sites claiming the presence of the files put the host at risk for a DDOS attack.

First it was WikiLeaks. Now, several mirror sites appear to be in the crosshairs, as another Web host, this time SiteGround, suspended accounts claiming the sites violated the Terms of Service, engaged in illegal activity and were at risk for potential DDoS attacks.

According to a post by Electronic Frontier Foundation's Marcia Hofmann on Dec. 22, a WikiLeaks mirror was shut down by its host, SiteGround, as result of pressure from its upstream provider, SoftLayer. SoftLayer claimed the mirror Wikileaks site violated the company's Acceptable Use Policy and ToS, wrote Hofmann.

A Google search turned up at least two users who claimed their WikiLeaks mirrors had been shut down by SiteGround. While the EFF post didn't identify the mirror's owner by name, the stories were identical.

One user, Mark McCoy, a self-professed anarchist, posted on his blog the entire e-mail thread between him, SiteGround and SoftLayer. SiteGround initially informed McCoy that "some illegal activity" had been performed through his site which "severely" violated SiteGround's Terms of Use and Acceptable Use Policy. The letter indicated the complaint came from SoftLayer.

SiteGround said in the letter that when "illegal activity" is detected, the company had to "take immediate actions to stop that activity," or risk having the entire server "unplugged." SiteGround said McCoy needed to scan his computer with an antivirus software, change his account's password and delete all the infringing files in the directory. The infringing files, according to the list, were the WikiLeaks cables that had been uploaded to his account.

"Before I delete the 'evidence,' could you tell me what the exact violation is?" wrote McCoy, noting that the initial e-mail had implied he had malware or an exploit on the site, not HTML and Javascript files.

McCoy pressed SiteGround for actual details on the violation, but the host declined to do so, noting that since the order to suspend his account came from SoftLayer, "We had to comply."

According to the chain of letters posted on the blog, McCoy then wrote to SoftLayer to discover the exact violation. As there were no further updates, it appears SoftLayer never responded, but McCoy does not maintain a mirror at this time.

According to Hofmann, a customer who had been shut down by SiteGround was told SoftLayer wanted the mirror taken down because it was worried about the potential for distributed denial of service attacks. The user pointed out that no attack had happened and this rationale would allow the company to "use hypothetical future events" to take down any site, Hofmann wrote.

"It's incredibly disappointing to see more service providers cutting off customers simply because they decide (or fear) that content is too volatile or unpopular to host," wrote Hofmann.

Internet intermediaries need to stick up for their customers, not undermine their freedom to speak online, according to Hofmann.

She said censorship was a "slippery slope," with the first victim as WikiLeaks, followed by a mirror. She wondered whether a news organization that posted cables or analysis of the documents could be knocked offline. "If intermediaries are willing to use the potential for future DDoS attacks as a reason to cut off users, they can cut off anyone for anything," said Hofmann.

WikiLeaks lost its Web and DNS services shortly after it began posting the leaked cables. Since then, it has moved to non-U.S.-based providers and relies on more than 1,000 mirror sites to stay online.