Operation Payback - The Next Battles

Some of UK's official’s have warned that government websites could become the next target for pro-Wikileaks hackers particularly websites used to file tax returns or claim benefits could be the most vulnerable. So far attacks from the Anonymous group of hacktivists have concentrated on firms perceived to be anti-Wikileaks.

UK web attacks could be likely because Mr Assange, Wikileaks founder has appeared in court where he was granted bail but will remain in prison pending an appeal against the decision. He is wanted by authorities in Sweden for questioning over two sex crimes. He denies the crimes and will fight extradition, his lawyer said.

His mother Christine Assange, who has visited him in prison, said he remained committed to the ideals of Wikileaks. She also passed on his thoughts on the firms which have withdrawn services from the whistle-blowing site. "We now know that Visa, Mastercard, PayPal and others are instruments of US foreign policy. It's not something we knew before," Mr Assange said. The US government has denied that it wrote to individual firms, asking them to stop doing business with Wikileaks.


Some have described the fight between Anonymous, Wikileaks and the US government as the "first infowar" but security experts have downplayed the conflict has being just a demonstration, a protest, nothing more than political theatre - entertaining and influential but not war.

Some go as far as to say that this is not a cyberwar because if we are calling it war, we are devaluing what war is. It's a cyber mob. Nevertheless, mobs can be destructive but they tend not to have a long lasting impact.

Meanwhile the US government remains determined to bring Wikileaks and it’s founder to book by exploring a nearly century-old spy law as a way to prosecute Mr Assange.

Controversial documentary director Michael Moore has offered up his help to WikiLeaks founder Julian Assange, both in the form of cash and other resources. The offer came as Assange was finally granted bail from a UK prison—pending Sweden's appeal—on the condition that he obeys a nightly curfew and won't flee the country.

Moore said in an editorial posted to the Huffington Post that he had offered $20,000 of his own money to help bail out Assange. (The offer was made in a letter sent to the court before law enforcement granted Assange his quasi-freedom on Tuesday.) In addition to the money, Moore said that he also wants to offer up his website, servers, domain names, and "anything else I can do to keep WikiLeaks alive and thriving as it continues its work to expose the crimes that were concocted in secret and carried out in our name and with our tax dollars."

"I stand today in absentia with Julian Assange in London and I ask the judge to grant him his release," Moore wrote. "I am willing to guarantee his return to court with the bail money I have wired to said court. I will not allow this injustice to continue unchallenged."

In the cyber war front the main WikiLeaks Web site, WikiLeaks.org, is back up in the U.S. less than 10 days after domain name service provider EveryDNS terminated the whistleblower organization's domain name, citing stability concerns.

On Dec. 3, EveryDNS announced that it was terminating the WikiLeaks.org domain name because of repeated distributed denial-of-service (DDoS) attacks that were launched against the Web site soon after it started publishing classified cables from the U.S. Department of State. EveryDNS said it was deactivating WikiLeaks.org because of concerns that the DDoS attacks would cause problems for the nearly 500,000 other Web sites running on EveryDNS's infrastructure.

In response to EveryDNS's actions, WikiLeaks established several new country-level domains, such as WikiLeaks.ch in Switzerland, WikiLeaks.at in Austria and WikiLeaks.cc in Cocos Islands. It then pointed the new domains back to existing IP addresses, or began having the new domains hosted with service providers in different countries.

The restored site is now being hosted by Silicon Valley Web Hosting and is using Dynadot, a San Mateo, California based firm as its registrar and DNS provider, according to Netcraft, an Internet monitoring firm based in the U.K. The site has been up and running since Friday, according to Netcraft. For the moment, the U.S site does not appear to be serving up any content. Instead, it is redirecting users to a mirror site hosted by an Internet service provider in Russia.

But the internet security firm Spamhaus yesterday warned that the site's new incarnation could be riddled with malware run by "Russian cybercriminals". WikiLeaks.org redirects users to a mirror site – mirror.wikileaks.info – which sits within an IP range hosted by the Russian firm Webalta.The main concern is that any WikiLeaks archive posted on a site that is hosted in Webalta space might be infected with malware, since the main wikileaks.org website now transparently redirects visitors to mirror.wikileaks.info, and thus directly into Webalta's controlled IP address space, there is substantial risk that any malware infection would spread widely.

Even so, it is surprising to see WikiLeaks.org being hosted again in the U.S. considering the amount of opposition there has been to its recent actions.

WikiLeaks also heavily reinforced its WikiLeaks.ch domain to avoid a repeat of what happened with EveryDNS. To mitigate the possibility of one DNS provider once again shutting off the domain as EveryDNS had done, WikiLeaks signed up with separate DNS service providers in eight different countries, including Switzerland, Canada and Malaysia. The WikiLeaks.ch site today has a total of 14 different name servers across 11 different networks providing authoritative name services for the WikiLeaks.ch domain. In addition, analysts estimate there are more than 1,000 mirror sites around the world serving up WikiLeaks content so that it is technically almost impossible to entirely remove from the internet.



Agata said...

Just a couple of interesting bullet points...

- Metropolitan police is to investigate recent online attacks on companies – including Visa, MasterCard and PayPal – that have cut ties with WikiLeaks.

- Scotland Yard announced it has been examining a number of alleged criminal offences by Anonymous for several months .

- Downing Street is preparing to face a major attack on its sites from the group after Swedish prosecutors challenged the decision to grant bail to Julian Assange, over charges of alleged sex crimes.

- The Swedish prosecution office's website, was attacked for a number of hours overnight on Tuesday after it maintained it would demand for Assange to be extradited.

Trimegisto said...

According to Reuters, the U.S. Air Force has blocked employees from visiting media websites carrying leaked WikiLeaks documents, including The New York Times and the Guardian, a spokesman said on Tuesday.

Talk about the Land Of Freedom...