As governments around the world moved to shut down WikiLeaks, the site struggled to remain online, as its American-based domain name service provider pulled the plug on the site on Dec 2 and Dec. 3.
WikiLeaks also was hit by another DoS (Denial of Service) attack late Dec. 2, the third such incident since Nov 29. The site’s DNS provider, everyDNS.net, stopped directing traffic to the WikiLeaks site shortly after the attack began. The company defended its decision, saying the attacks have, and would, “threaten the stability” of its infrastructure, which serves “almost 500,000 other Websites.”
“WikiLeaks,org domain killed by US everydns.net after claimed mass attacks,” tweeted WikiLeaks, and then moved to a Swiss domain name, WikiLeaks.ch. As Internet security firm Netcraft noted, strangely enough, WikiLeaks changed the domain name but stayed with the same DNS provider.
The Domain Name System is a phone book for the Internet, and providers translate domain names to the IP address of the server hosting the content. Even if DNS is not working, users can go to the site by entering the IP address.
Around noon on Dec. 3, everyDNS disabled services for WikiLeaks’ secondary hosted domains and the new WikiLeaks.ch domain.
“EveryDNS.net is not taking a position on the content hosted on the WikiLeaks.org or wikiLeaks.ch website,” but “following established policies,” the company said in a statement. EveryDNS is based in the United States.
WikiLeaks promptly switched to three top-level domains located in Germany, the Netherlands, and Finland, according to its Twitter account. The name servers for the new domains, according to the latest WHOIS info, are Rollernet, another US-based provider, and a free service based in Denmark.
Several early reports had incorrectly named easyDNS as the WikiLeaks DNS provider, prompting easyDNS CEO Mark Jeftovic, to deny in his blog that easyDNS was WikiLeaks service provider in response to angry posts and comments.
Web Service Providers Facing Increasing Government Pressure
However, Jeftovic didn’t say his service would refuse to do business with WikiLeaks. When asked if easyDNS would take on WikiLeaks as a customer, he wrote that as a Canadian company, they were not subject to U.S. laws “with respect to takedown requests.” But easyDNS would want an “open channel of communication” with WikiLeaks’ IT team and “prefer” to also be the domain registrar as well to deal with future DoS attacks.
WikiLeaks supporters posted IP addresses, 46.59.1.2 and 213.251.145.96, on Twitter and pointed their own Websites for mirroring and backup purposes. The latter IP address belongs to French-host OVH, said Netcraft.
Considering that on Dec. 3 France’s Industry Minister Eric Besson called for banning the whistle-blowing site from French servers, it’s unclear how long WikiLeaks will be able to stay on that IP address.
According to the French news magazine Le Point, Industry Minister Eric Besson said it was “unacceptable” for French servers to host the site, which “violates the secret of diplomatic relations and puts people protected by diplomatic secret in danger” in a letter to CGIET, the government body that oversees information technology as part of the Finance Ministry. Besson asked what legal steps were available to ban WikiLeaks.
The French government is one of many countries embarrassed by the thousands of U.S. diplomatic messages published by the site.
“We have decided to ask a judge to rule on the legality or not of this site being on French territory,” OVH managing director Octave Klaba said in a statement. “It’s neither for the political world nor for OVH to call for or to decide on a site’s closure, but for the justice system. That’s how it should work under the rule of law.” Klaba said OVH was obligated to fulfill the duration of the contract.
Besson warned that French servers which have hosted the site must first be made to understand the “consequences of their acts and secondly be made to take responsibility for them.”
Prior to OVH, Octopuce, another French company, hosted WikiLeaks, according to Netcraft. WikiLeaks is also using Swedish hosting company Bahnhof, based on the latest wHOIS and dig data.