WikiLeaks persists. In general, the organization encrypts its data and keeps the source of its whistle-blower submissions anonymous. " data-pin-do="buttonBookmark">
PERSISTENCE OF INFORMATION By keeping copies of its Web site hosted at 507 different locations, or "mirror sites," worldwide, WikiLeaks persists. In general, the organization encrypts its data and keeps the source of its whistle-blower submissions anonymous. Image: iStockphoto
The arrest of WikiLeaks founder Julian Assange in London Tuesday may have brought an end to the standoff between the 39-year-old Australian and European law enforcement, but the organization he leads has vowed to continue releasing sensitive documents. Just how WikiLeaks has been able to continue posting classified material from U.S. and other nations' diplomats and officials—despite numerous cyber attacks against the Web site and the defection of key service providers—is a bit of Internet trickery commonly deployed by legitimate and criminal online organizations alike to protect themselves from traffic spikes and from being shut down. Such is the persistence of information in the Internet Age.
PRQ.se, the Swedish Internet service provider hosting the original wikiLeaks.org Web site, has reported denial-of-service (DOS) attacks against its servers hosting WikiLeaks material. In a DOS attack computers are programmed to flood Internet servers with requests for data to the extent that those servers cannot function. WikiLeaks has since moved its Web site to the wikiLeaks.ch address. The organization last week was cut off from its provider of domain name system (DNS) service, which is used to route Internet traffic from a Web address, such as wikiLeaks.org, to the actual Internet Protocol (IP) address where WikiLeaks's data resides. EveryDNS.net dropped wikiLeaks.org as a client on December 2, citing the danger that the cyber attacks aimed at that site poses to the service's 500,000 other clients.
The U.S. government has spent the past week sticking its fingers in the dike that Wikileaks breached. The Library of Congress on December 3 confirmed that it is blocking access to the WikiLeaks site across its computer systems, including those for use by patrons in the reading rooms. "The Library decided to block Wikileaks because applicable law obligates federal agencies to protect classified information. Unauthorized disclosures of classified documents do not alter the documents' classified status or automatically result in declassification of the documents," according to a statement on the Library of Congress Web site. Many, but not all, of the documents published as part of "cablegate" contain classified information.
Yet, by keeping copies of its Web site hosted at 507 different locations, or "mirror sites," worldwide, WikiLeaks persists. In general, the organization encrypts its data and keeps the source of its whistle-blower submissions anonymous. In addition, at any given time WikiLeaks computers are feeding hundreds of thousands of fake submissions throughout its network to obscure the real documents, their points of origin and their destinations, The New Yorker reported in June.
A posting on the WikiLeaks Twitter feed Tuesday morning read: "Today's actions against our editor-in-chief, Julian Assange, won't affect our operations: We will release more cables tonight as normal." Meanwhile, Assange fights extradition to Sweden, where he is accused of one count of rape, one charge of unlawful coercion and two allegations of sexual molestation stemming from a trip to that country in August.
To better understand how WikiLeaks has been able to keep its Web site functioning despite having incurred the ire of the U.S. government and many of its allies, Scientific American spoke with Hemanshu Nigam, a former U.S. Department of Justice prosecutor of child and computer crimes who has also held high-level cyber security positions at Microsoft and News Corp. Nigam, who in May founded his own online safety, security and privacy firm called SSP Blue, points out that WikiLeaks's resilience is an important reminder of the care that must be taken by governments and individuals alike with important information, that once shared, rarely ever goes away completely.
[An edited transcript of the interview follows.]
The cat-and-mouse game that WikiLeaks is playing with authorities worldwide is a prime example of the persistence of information on the Internet. Of course, the cat is fully out of the bag now that media outlets are reporting extensively on the contents of the leaked files, but why couldn't the U.S. government or some other entity simply shut down direct access to WikiLeaks's cablegate files?
You can shut down a Web site, but there's no question an individual intent on distributing that information will already have thought about keeping a copy of it in multiple other locations, either online or offline. When you run a Web site, if you're worried about an attack on that Web site, whether it's a distributed denial-of-service attack or some sort of virus attack, the best solution to those worries is to create backup plans. There could be a copy of that information sitting on a thumb drive that everyone buys at Costco for really cheap nowadays. It could be backed up on a CD. It could be stored with a cloud network storage company that can be accessed from anywhere. That's why this is a pretty significant challenge for the government to try to shut down a site—the task is, frankly, impossible.
What can be done to stem the tide of information?
If you think [Assange] has done something criminal in nature and against national security, then focus on the arrest and prosecution, and focus on recovering the diplomatic damage that's already been done.
Over the past week, the WikiLeaks Web site has been brought down due to distributed denial-of-service [DOS] attacks, and then subsequently brought back online. What tools and techniques are available to Web sites to enable them to route and re-route access?
One tool is redirection, where you could have 10 different Web site addresses set up that send you to a particular location. [For example, readers who visit SciAm.com will automatically be redirected to ScientificAmerican.com.] Another option is to set up mirror sites—if the core Web server goes down, there's another Web server at a different location that will have the exact same look, feel and content. Redirects and mirror sites are common and they're necessary in order to run a legitimate business online.
Beyond the proactive steps that can be taken, the Web keeps a cache of data even after it has been taken offline. Google is a perfect example of a data cache—it doesn't actually go out on the Internet and crawl with its crawling capabilities to go find what you're looking for and bring it back to you each time you do a search. It's already done that; it's spent hours and hours of background computing time crawling the Web, sorting it and organizing it, putting it in a way that when you search for something, Google goes into its own cached data set to find it. The history maintained by your Web browser is another example of a data cache. In addition, some Web searches will return listings containing a "cached" hyperlink. When you click on that link, the original site may not exist, but the cache may still be there. It can take anywhere from three months to a year for Web browsers to re-crawl the Internet and update their cache to shed deleted Web pages.