WikiLeaks: The State of the InfoWar

At the time of this writing, Wikileaks.org is no longer resolvable. A simple dig trace query on wikileaks.org returns a connection timeout for all 4 name servers(ns1.everydns.net,ns2.everydns.net,ns3.everydns.net,ns4.everydns.net) listed as authoritative for the wikileaks domain. From this press release by EveryDNS , it’s quite evident that the explanation for the connection timeouts is that EveryDNS has removed it’s zone file for the wikileaks.org domain from it’s DNS servers. The auspices of this action taken by EveryDNS is that DDoS attacks against it’s network constituted an effective violation by Wikileaks of EveryDNS.net Acceptable Use Policy. In general, this would be a bit of bullshit. Network providers, in response to attacks, don’t kick off clients/members. They fix/patch the vulnerability, if the attack is the result of exploiting a vulnerability in a server daemon(in which case, it would be a simple DoS attack), or, if the attack is an actual DDoS attack, the network engineers take steps to mitigate or thwart the attack. Any Network/Data Center worth it’s salt should have the architecture/redundancy/policies in place to defend against DDoS attacks. It’s not like EveryDNS hasn’t experienced these types of attacks in the past and haven’t implemented measures to defend against them. They have. However, without knowing the log file data of the volume of traffic (in gigabytes), it’s mere speculation whether EveryDNS was actually experiencing DDoS attacks and who might be behind them. One thing to note, however, is that so-called “White Hat Hactivists” are not behind any DDoS attacks. They may engage in DoS attacks by using an automated software tool to attack vulnerabilities/flaws in server daemons such as httpd, but to execute an actual DDoS attack requires control over a shitload of compromised nodes/hosts/devices acting in unison. This would make thusly make them “blackhats” and criminals. “Law Enforcement” is always called in to investigate when any of these attacks succeed in threatening the integrity of an attacked network. So, at this point, there should be pressure put on EveryDNS to provide updated status on the joint investigation with “Law Enforcement” vis a vis the culprits and methods behind these attacks.

Now, all that being said, it should be pointed that Wikileaks could restore the wikileaks.org domain by merely updating the authoritative name servers data with Dynadot, which is the Registrar. As of yet, the have not done this. And dig queries of wikileaks.ch,wikileaks.de and wikileaks.nl suggests WikiLeaks may be playing a bit of game. Let’s look at wikileaks.ch. The press is reporting that the Swiss Pirate Party, which is the registrant for this domain, has secured hosting through Switch, a non-profit registrar set up by the Swiss government. But that’s not actually the case. A dig trace query of wikileaks.ch reveals that the name servers for the .ch TLD pointing to the following name servers for wikileaks.ch:

dns1.syshack.org
dns2.syshack.org
ns1.buzzernet.net
ns1.pcdog.ch
ns1.swebflex.ch
ns2.pcdog.ch
ns2.swebflex.ch
ns3.pcdog.ch
ns4.pcdog.ch
s2.s3cr3t.de

As of Saturday, these name servers were returning a A Host Record for the website with IP 213.251.145.96. This is actually being hosted by ICONEWEB MULTIMEDIA in France. However, as of Saturday evening, this host has been down for some time.

If we do a Dig trace on wikileaks.nl, we get back name servers:
ns1-auth.rollernet.us
ns2-auth.rollernet.us

which return a A host record with IP Address: 46.59.1.2. This is being hosted in Sweden. This is up and running.

If we do a Dig trace on wikileaks.de, we find that the address translation is actually being handled by the .de TLD servers. This returns a A host record with IP Address: 88.80.13.160. This is being hosted by PRQ INET – ACCESS in Sweden as well. This is up and running.

To me, it’s fairly clear that WikiLeaks is playing a demonstrative game testing which countries are protecting free speech and which are not. Pointing the wikileals.ch domain to a web host in France was not meant to serve as a reliable “mirror” for Wikileaks but rather to demonstrate the state of political economy in France. The DDoS attacks against EveryDNS, apparently, haven’t made their way to disrupting the functioning DNS resolutions of wikileaks under country code TLDs. Surely,a motivated Black Hat hacker group who controls a zombie list of compromised nodes/hosts can figure who next to attack. Not to mention that the authoritative name servers for wikileaks.nl, auth.rollernet.us. are actually located in Texas. My suggestion is that the only DDoS when it comes to wikileaks is DPDoS, which is “Distributed Political Denial of Service.”

Another point that is important to keep in mind is that the actual technical heart of Wikileaks is it’s “secure document network” which has nothing to do with the website. This is the network from which Assange and his editorial team access the “raw documents” over a secure VPN connection. In terms of any intelligence “info war” by the US government against Wikileaks, this would be the actual target. The website itself has ceased being a front end for document submissions for some time due to “document overload” in the queue; and document distribution of “editorially reviewed” documents from wikileaks itself has become more reliant on p2p torrent distribution, while much of the public awareness of these documents is coming from traditional media releases, given that Wikileaks has changed it’s editorial policy to rely to some extent on certain segments of traditional western media to supply the expertise and manpower in analyzing these documents for release.

Now I do expect WikiLeaks in the near future to handle restoring the wikileaks.org domain. They could do it now; but the “unavailability” of the domain, for now, serves a political propaganda purpose. For those who continue to maintain that WikiLeaks is merely “Ho-Hum” are utterly brain dead. These leaks expose new damning information, confirm speculations, and, in the end, most of all, document the “entrails of US Empire.” However, even greater, the most damning information is the reaction of the US political class to WikiLeaks. At this point the idea of the internet under US Political control should be as frightening as if it were controlled by China. The Political Class/Corporate nexus of American Power has been laid bare for all to see. And it’s a sorry sight watching Silicon Valley Techno optimism, in the end, subsumed by Corporatism.

George Lucas gave us Padmé Amidala declaring “liberty ends with thunderous applause.” Not quite…In America it ends with Eula and Acceptable Policy Use Agreements…

About these ads

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s