The arrest of WikiLeaks founder Julian Assange in London Tuesday may have brought an end to the standoff between the 39-year-old Australian and European law enforcement, but the organization he leads has vowed to continue releasing sensitive documents. Just how WikiLeaks has been able to continue posting classified material from U.S. and other nations' diplomats and officials—despite numerous cyber attacks against the Web site and the defection of key service providers—is a bit of Internet trickery commonly deployed by legitimate and criminal online organizations alike to protect themselves from traffic spikes and from being shut down. Such is the persistence of information in the Internet Age.

PRQ.se, the Swedish Internet service provider hosting the original wikiLeaks.org Web site, has reported denial-of-service (DOS) attacks against its servers hosting WikiLeaks material. In a DOS attack computers are programmed to flood Internet servers with requests for data to the extent that those servers cannot function. WikiLeaks has since moved its Web site to the wikiLeaks.ch address. The organization last week was cut off from its provider of domain name system (DNS) service, which is used to route Internet traffic from a Web address, such as wikiLeaks.org, to the actual Internet Protocol (IP) address where WikiLeaks's data resides. EveryDNS.net dropped wikiLeaks.org as a client on December 2, citing the danger that the cyber attacks aimed at that site poses to the service's 500,000 other clients.

The U.S. government has spent the past week sticking its fingers in the dike that Wikileaks breached. The Library of Congress on December 3 confirmed that it is blocking access to the WikiLeaks site across its computer systems, including those for use by patrons in the reading rooms. "The Library decided to block Wikileaks because applicable law obligates federal agencies to protect classified information. Unauthorized disclosures of classified documents do not alter the documents' classified status or automatically result in declassification of the documents," according to a statement on the Library of Congress Web site. Many, but not all, of the documents published as part of "cablegate" contain classified information.

Yet, by keeping copies of its Web site hosted at 507 different locations, or "mirror sites," worldwide, WikiLeaks persists. In general, the organization encrypts its data and keeps the source of its whistle-blower submissions anonymous. In addition, at any given time WikiLeaks computers are feeding hundreds of thousands of fake submissions throughout its network to obscure the real documents, their points of origin and their destinations, The New Yorker reported in June.

A posting on the WikiLeaks Twitter feed Tuesday morning read: "Today's actions against our editor-in-chief, Julian Assange, won't affect our operations: We will release more cables tonight as normal." Meanwhile, Assange fights extradition to Sweden, where he is accused of one count of rape, one charge of unlawful coercion and two allegations of sexual molestation stemming from a trip to that country in August.

To better understand how WikiLeaks has been able to keep its Web site functioning despite having incurred the ire of the U.S. government and many of its allies, Scientific American spoke with Hemanshu Nigam, a former U.S. Department of Justice prosecutor of child and computer crimes who has also held high-level cyber security positions at Microsoft and News Corp. Nigam, who in May founded his own online safety, security and privacy firm called SSP Blue, points out that WikiLeaks's resilience is an important reminder of the care that must be taken by governments and individuals alike with important information, that once shared, rarely ever goes away completely.

[An edited transcript of the interview follows.]

The cat-and-mouse game that WikiLeaks is playing with authorities worldwide is a prime example of the persistence of information on the Internet. Of course, the cat is fully out of the bag now that media outlets are reporting extensively on the contents of the leaked files, but why couldn't the U.S. government or some other entity simply shut down direct access to WikiLeaks's cablegate files?
You can shut down a Web site, but there's no question an individual intent on distributing that information will already have thought about keeping a copy of it in multiple other locations, either online or offline. When you run a Web site, if you're worried about an attack on that Web site, whether it's a distributed denial-of-service attack or some sort of virus attack, the best solution to those worries is to create backup plans. There could be a copy of that information sitting on a thumb drive that everyone buys at Costco for really cheap nowadays. It could be backed up on a CD. It could be stored with a cloud network storage company that can be accessed from anywhere. That's why this is a pretty significant challenge for the government to try to shut down a site—the task is, frankly, impossible.

What can be done to stem the tide of information?
If you think [Assange] has done something criminal in nature and against national security, then focus on the arrest and prosecution, and focus on recovering the diplomatic damage that's already been done.

Over the past week, the WikiLeaks Web site has been brought down due to distributed denial-of-service [DOS] attacks, and then subsequently brought back online. What tools and techniques are available to Web sites to enable them to route and re-route access?
One tool is redirection, where you could have 10 different Web site addresses set up that send you to a particular location. [For example, readers who visit SciAm.com will automatically be redirected to ScientificAmerican.com.] Another option is to set up mirror sites—if the core Web server goes down, there's another Web server at a different location that will have the exact same look, feel and content. Redirects and mirror sites are common and they're necessary in order to run a legitimate business online.

Beyond the proactive steps that can be taken, the Web keeps a cache of data even after it has been taken offline. Google is a perfect example of a data cache—it doesn't actually go out on the Internet and crawl with its crawling capabilities to go find what you're looking for and bring it back to you each time you do a search. It's already done that; it's spent hours and hours of background computing time crawling the Web, sorting it and organizing it, putting it in a way that when you search for something, Google goes into its own cached data set to find it. The history maintained by your Web browser is another example of a data cache. In addition, some Web searches will return listings containing a "cached" hyperlink. When you click on that link, the original site may not exist, but the cache may still be there. It can take anywhere from three months to a year for Web browsers to re-crawl the Internet and update their cache to shed deleted Web pages.

5 Comments

1. 1. bernardo 03:00 PM 12/8/10

   WE always learn after war. In this issue, we must learn to prevent the "overduty" of whom leads politics. Are they governing for us?

   Reply | Report Abuse | Link to this

2. 2. Venomlust 06:33 PM 12/8/10

   In my humble opinion they never were, and never will.

   Reply | Report Abuse | Link to this

3. 3. mo98 06:32 PM 12/15/10

   I believe I have the right to be intolerant about disinformation. I also believe that covert efforts at monopolizing information leads to the masking of inompetence and related intolerance at higher levels of authority. Human nature is not perfect and diplomacy seeks to address these issues. But if the huge collections of stolen passwords and numbers of credit cards and bank accounts ever becomes public, how much of it is going to be our own fault if we didn't seek to change them? The same applies to our attitudes and keeping access to historical facts open, so that we can remain tolerant to change.
   
   

   Reply | Report Abuse | Link to this

4. 4. IsaacW 01:45 AM 12/17/10

   I think your comment on the encrypted "poison pill" shows a failure to understand what actually may be a very clever plan. Of course a file encrypted with a *properly chosen* 256-bit key cannot be "cracked", but that's not the intention at all.
   
   I suggest that the "poison pill" file has already been distributed, probably to a large number of places, perhaps to sites that don't even know what it is they have copies of (e.g. public sharing sites). The robust encryption ensures that the contents cannot possibly be revealed until desired.
   
   If that circumstance ever occurs (possibly as detailed in some previously issued instructions), the *key* and the filename will be supplied, very possibly in a very public way, and in a way that no amount of "censoring" could prevent.
   
   At that point, the file will be decrypted by hundreds of individuals in hundreds of locations all over the world, almost simultaneously.

   Reply | Report Abuse | Link to this

5. 5. Shenonymous 12:20 PM 12/17/10

   Perhaps not written yet, but isn't there a worm that can follow web crawlers to defuse military related WikiLeaked documents, then banks and other state sensitive documents? These surely have certain document signatures that can be hunted then summarily destroyed? Maybe that is too sci-fi.
   

   Reply | Report Abuse | Link to this