December 8, 2010
The Internet Society wants a legal solution to the WikiLeaks debacle, not DoS attacks and DNS alterations
The Internet Society has waded into the WikiLeaks debate, stating that the Internet needs free expression. Legal challenges, not DoS attacks, are the best way to deal with the whistleblowing site, said ISOC.
WikiLeaks sparked a diplomatic crisis at the end of November by releasing more than 250,000 confidential cables from its embassies round the world. Along with Arab leaders urging strikes on Iran’s nuclear plants, and embarrassing assessments of foreign leaders, the massive leak shed new light on the incident in January, when Google was subject to hacking from within China.
The site was subsequently hit with a giant denial-of-service (DoS) attack and cut off the Internet by domain name service provider EveryDNS. The site’s administrators sought refuge in various locations around Europe – including the Swiss Pirate Party – and users can reach the wikileaks.org and cablegate.org sites if they bypass the DNS lookup, and type in their respective IP addresses.
Undermining integrity of the Internet
Despite the political outcry over the exposure of highly sensitive communications, the Internet Society says that attacks against WikiLeaks threaten free expression and non-discrimination, which are the founding principles of the Internet.
“Recognising the content of the wikileaks.org website is the subject of concern to a variety of individuals and nations, we nevertheless believe it must be subject to the same laws and policies of availability as all Internet sites,” said the Internet Society in a statement. “Free expression should not be restricted by governmental or private controls over computer hardware or software, telecommunications infrastructure, or other essential components of the Internet.”
ISOC said the continued availability of WikiLeaks shows the resilience of the Internet, and demonstrated that EveryDNS’ removal of a domain listing is an ineffective tool to suppress communication, merely serving to “undermine the integrity of the global Internet and its operation”.
“Unless and until appropriate laws are brought to bear to take the wikileaks.org domain down legally, technical solutions should be sought to re-establish its proper presence, and appropriate actions taken to pursue and prosecute entities (if any) that acted maliciously to take it off the air,” it said.
Amid all the controversy, it was reported yesterday that the ‘Anonymous’ group of hackers are targeting companies perceived to be anti-WikiLeaks – such as PayPal and the Swiss bank PostFinance, which froze assets belonging to Julian Assange.
The group has an ongoing “Operation Payback” campaign against “anti-piracy groups” and have targeted Motion Picture Association of America and the Recording Industry Association of America in the past, as well as the UK’s Intellectual Property Office.
According to security firm Imperva, supporters of the WikiLeaks campaign are knowingly infecting their machines to enable themselves to become part of the DDoS botnet.
“Operation Payback’s goal is not hacking for profit. In the classical external hacker case we see hackers grab information from wherever they can and monetise on it. In this case though, the hackers’ goal is to cripple a service, disrupt services, protest their cause and cause humiliation,” said Noa Bar Yosef, Senior Security Startegist at Imperva.
“The Operation Payback is recruiting people from within their own network. They are actually asking supporters to download the piece of code, the DDoSing malware itself that upon wake-up call the computer engages in the DoS. There is no victimised machine as the participants knowingly engage in what they call an act of defiance.”
Anonymous itself is now also suffering a DDoS attack for supporting the whistleblowing site.