Wikileaks Says Its Site Has Been 'Killed'
from the yeah-that'll-help dept
This is definitely a “developing” story, but apparently the entire Wikileaks.org site has gone down again and the Wikileaks folks are claiming that the domain was “killed by US everydns.net after claimed mass attacks.” That’s a bit cryptic and Wikileaks has not been above jumping to conclusions at times. It’s unclear, for example, if it was just the company EveryDNS who did something on their own, or if the US government was involved. It could be as simple as the sort of pressure Senator Lieberman is applying on US companies. Update: The EveryDNS website says they made the decision because the DDoS attacks on Wikileaks violated their terms of service in that it could interfere with other websites. I understand the fear that it could cause problems with other websites, but it seems weird to say that getting attacked by a DDoS violates your terms of service. It’s something totally out of the control of the website.
Either way, it is a bit silly to think that taking down Wikileaks’ website would actually do anything in this situation. The data that they’re releasing is out there and plenty of people can easily find it. It won’t take long for them to set up another website if they want to — and while it may be a bit harder for people to find them, to date, the organization hasn’t exactly had any problems getting everyone else to promote what they release for them. Whatever the reason is for taking the domain name offline, it’s difficult to think it would be effective in stopping Wikileaks in any way. If anything, it just calls that much more attention to the organization.
Filed Under: domain, wikileaks
Companies: everydns, wikileaks
Comments on “Wikileaks Says Its Site Has Been 'Killed'”
Check EasyDNS.net’s website Mike. They claim to have shut Wikileaks down because they violated ToS by getting DoSed.
Re: Re:
Check EasyDNS.net’s website Mike. They claim to have shut Wikileaks down because they violated ToS by getting DoSed.
Interesting. Had checked it before and didn’t see anything, but now I do see it… Updating the post (and it’s EveryDNS, not EasyDNS)
Re: Re: Re:
Slip of the keyboard, I suppose. It’s hard to keep all the different but similarly named DNS companies straight.
Re: Re: Re: Re:
I would look up the past history For any corrections to the TOS.
Re: Re: Re:
FYI:
Wikileaks is now back up.
http://yro.slashdot.org/story/10/12/03/1232248/WikiLeaks-Moves-To-Swiss-Domain-After-DNS-Takedown
Re: Re: Thanks Mike
Thanks for the correction Mike. If you feel like making that a larger font, that would be great. *wry grin* a LOT of people have been disseminating the wrong name.
See http://blog.easydns.org for details.
Re: Re:
You mean it’s possible to shut down any website run by an EveryDNS customer simply by engaging in a denial of service attack against them? That’s pretty fucked up.
Also, can a denial of service attack against a website really affect the DNS system to such a degree that EveryDNS would little choice but to shut them down? I thought DNS requests were cached by ISPs, thus limiting the registrar’s exposure to excessive requests. Isn’t that the case here?
I suspect government pressure is involved and wonder how long until we see one of those Homeland Security notices on the Wikileaks domain.
Re: Re: Re:
You can DoS a dns provider by issuing dns-lookups for a given domain on that provider. It’s not really different from other DoS attacks against a website itself only that dns queries are issued.
Usually your system will cache the dns information according to the TTL specified in the domain – which is for “static ip addresses” usually in the range of 48h. By issuing a custom dns query you can circumvent that cache.
Re: Re: Re: Re:
Makes sense. In that case I can understand EveryDNS’s desire to protect itself against such attacks, but I still think it sucks you can have somebody’s domain name shut down by engaging in a DoS attack against the registrar.
Assuming Wikileaks is able to recover its domain name and transfer it elsewhere, hopefully they can find a registrar who wouldn’t break so easily under the pressure.
Re: Re: Re:2 Re:
EveryDNS does not provide domain registration. All they do is host DNS information.
Basically at your domain registrar you tell that the nameservers of EveryDNS are the master zone files pointing the IPs of your mail, web, what-ever servers.
I actually like EveryDNS because up to a while ago (before they were bought by no-ip.com) the offered to host the DNS for free – also if you are on a dynamic ip. They offered clients to update your dns automagically.
So don’t worry about recovering the domain name.
Re: Re: Re:
Maybe Gene Simmons can offer some insight on DDOS…
Re: Re:
Wikileaks are with everyDNS.net NOT EasyDNS.net
Re: not easyDNS!
It’s actually easyDNS, it’s everydns.net
Re: Re: not easyDNS!
Wow…I have been typing too much today.
My bad.
It is actually NOT easyDNS who was hosting wikileaks.org and shut them down. It was everydns. A different company and unrelated. But we’ve sure been taking the rap for their decision today.
Wikileaks
Taking down the site will not stop the leak. What a stupid idea.They will create a new site or some other organisation will take over.
Reverse Streisand Effect?
Hmmm… More publicity for Wikileaks. Just what the US government wants.
Am I the only one trying to come up with how they must word letters like this?
‘Dear Customer;
We have been alerted that your website has come under attack by a DDOS attack. We realize this is an illegal attack upon your site in order to remove you from the internet.
As such, we are going to cancel your account, preventing your website from being accessed. This is to counter the crime of DDOS attacks.
We WILL NOT stand for our members coming under attack by criminals, and WILL cancel your account permanently upon being attacked.
Thank you for your support.’
… Actually that was kind of fun to write in a sort of sick and twisted way. I do get where they are coming from, the needs of the many and all, but it still seems like a sort of a… well, disgusting move. ‘You violated the terms of services by being attacked.’ And then of course, the effective ‘it is your fault if you experience any downtime’ there at the end.
(None of the preceeding is accurately quoted, but paraphrased and come from the mind.)
Re: Re:
Hey AC,
If you’re curious about the realities behind dealing with DOS attacks, there’s a good article at
http://blog.easydns.org/2010/08/19/dos-attacks-and-dns-how-to-stay-up-if-your-dns-provider-goes-down/
Re: Re: Re:
That was actually an interesting read, but, I do have a question. If I read the article correctly (and I very well may have not) it speaks about dealing with a DOS Attack on the DNS itself, and not a website that goes through the DNS?
I noticed above that SJ mentioned that you can attack the DNS by doing a DNS Lookup, is that the case here, or is it just a possibility? (I assume doing an attack of that nature posts which website is being looked up, so that there is a way to know who drew the ire of the attacker(s)).
And with the above, does the attack do double damage, hitting both the website and DNS provider, or is it basically an attack on just the provider with a link to why?
I also wonder that if it is an attack on the DNS provider itself, how do you track which website drew the ire? Or, does the fact that they do have one website to blame indicate that it was not an attack on the provider directly?
I am admittedly ignorant on how much of this works, and always glad to learn a bit more. Thank you for your time.
Re: Re:
We WILL NOT stand for our members coming under attack by criminals, and WILL cancel your account permanently upon being attacked.
Sometimes you have to wipe out an entire village in order to save it.
Re: customer letter
Actually it’s not quite like that …
Dear Customer:
Your website has come under a Distributed Denial of Service Attack (DDOS). This is an attack by multiple systems across the Internet against your DNS service, designed to make it impossible for anyone to reach your website.
Unfortunately the attack has the collateral affect of making it impossible for anyone to reach the websites of all our clients, not just you.
We have the unfortunate choice between shutting down your DNS until the attack subsides, or having all our DNS services shut down for all our clients. To avoid loss of service to all our clients, we’ve had to make the choice to shut down your DNS service. Doing this is not something we take lightly, but unfortunately there’s no other choice; ir we don’t take this step your site goes down anyone, and so does everyone else’s.
If this is a random DDOS attack it will subside in time, and we’ll start hosting your DNS again, and of course we’ll let you know. However if you’re suffering a continuous DDOS attack it’s unlikely we’ll be able to continue serving your DNS. In that case we’ll be happy to consult with you in setting up a DNS solution just for you (no other clients sharing the same servers) which could be more robust in the event of such an attack.
However, we should warn you that this solution could be significantly more expensive than shared DNS hosting.
Please feel free to contact me by email or by telephone to discuss the issues involved and how to best remedy them.
Of course we’d include some links to our terms of service, some excellent articles on preserving DNS services in the face of DDOS attacks, and the like.
In response to your last paragraph, I can only admit that yes, our TOS allows us to shut you down for DDOS. If we had to build the kind of infrastructure that would uphold any DDOS attack, and pay for all the traffic in a DDOS attack, then we’d have to charge 100 times more for our DNS services than we do now.
And then we most likely wouldn’t get your business, you’d go elsewhere and risk getting caught up in exactly the DDOS mitigation we do.
Re: customer letter
Actually it’s not quite like that …
Dear Customer:
Your website has come under a Distributed Denial of Service Attack (DDOS). This is an attack by multiple systems across the Internet against your DNS service, designed to make it impossible for anyone to reach your website.
Unfortunately the attack has the collateral affect of making it impossible for anyone to reach the websites of all our clients, not just you.
We have the unfortunate choice between shutting down your DNS until the attack subsides, or having all our DNS services shut down for all our clients. To avoid loss of service to all our clients, we’ve had to make the choice to shut down your DNS service. Doing this is not something we take lightly, but unfortunately there’s no other choice; ir we don’t take this step your site goes down anyone, and so does everyone else’s.
If this is a random DDOS attack it will subside in time, and we’ll start hosting your DNS again, and of course we’ll let you know. However if you’re suffering a continuous DDOS attack it’s unlikely we’ll be able to continue serving your DNS. In that case we’ll be happy to consult with you in setting up a DNS solution just for you (no other clients sharing the same servers) which could be more robust in the event of such an attack.
However, we should warn you that this solution could be significantly more expensive than shared DNS hosting.
Please feel free to contact me by email or by telephone to discuss the issues involved and how to best remedy them.
Of course we’d include some links to our terms of service, some excellent articles on preserving DNS services in the face of DDOS attacks, and the like.
In response to your last paragraph, I can only admit that yes, our TOS allows us to shut you down for DDOS. If we had to build the kind of infrastructure that would uphold any DDOS attack, and pay for all the traffic in a DDOS attack, then we’d have to charge 100 times more for our DNS services than we do now.
And then we most likely wouldn’t get your business, you’d go elsewhere and risk getting caught up in exactly the DDOS mitigation we do.
Re: customer letter
Actually it’s not quite like that …
Dear Customer:
Your website has come under a Distributed Denial of Service Attack (DDOS). This is an attack by multiple systems across the Internet against your DNS service, designed to make it impossible for anyone to reach your website.
Unfortunately the attack has the collateral affect of making it impossible for anyone to reach the websites of all our clients, not just you.
We have the unfortunate choice between shutting down your DNS until the attack subsides, or having all our DNS services shut down for all our clients. To avoid loss of service to all our clients, we’ve had to make the choice to shut down your DNS service. Doing this is not something we take lightly, but unfortunately there’s no other choice; ir we don’t take this step your site goes down anyone, and so does everyone else’s.
If this is a random DDOS attack it will subside in time, and we’ll start hosting your DNS again, and of course we’ll let you know. However if you’re suffering a continuous DDOS attack it’s unlikely we’ll be able to continue serving your DNS. In that case we’ll be happy to consult with you in setting up a DNS solution just for you (no other clients sharing the same servers) which could be more robust in the event of such an attack.
However, we should warn you that this solution could be significantly more expensive than shared DNS hosting.
Please feel free to contact me by email or by telephone to discuss the issues involved and how to best remedy them.
Of course we’d include some links to our terms of service, some excellent articles on preserving DNS services in the face of DDOS attacks, and the like.
In response to your last paragraph, I can only admit that yes, our TOS allows us to shut you down for DDOS. If we had to build the kind of infrastructure that would uphold any DDOS attack, and pay for all the traffic in a DDOS attack, then we’d have to charge 100 times more for our DNS services than we do now.
And then we most likely wouldn’t get your business, you’d go elsewhere and risk getting caught up in exactly the DDOS mitigation we do.
Betting on the banks
If I was a betting man, I’d put my money on a bank being behind this, under cover of all the noise over the latest release, so as not to draw any suspicion. Some large U.S. bank knows they’re next on the Wikileaks release schedule in early 2011, so they’re probably trying to thwart this early 😉
Re: Betting on the banks
I’d put a quatloo or two on the bank myself. They had better get that one out as soon as possible.
Re: Betting on the banks
Are you thinking Bilderberg group banks / stuff or something in a smaller scale?
Re: Betting on the banks
Are you talking Bilderberg group size banks / other ??
Maybe we’ll get to see the first big use of a .p2p domain, which might even help pave the way for further use.
Of course, at the rate things are going, Lieberman might very well write an anti-P2PDNS bill.
Spoiler alert!
The butler did it! In the hall, with the subpoena.
Hidden Services Wikileaks
http://cx4vwijytopjvedi.onion/
Now this is a bit strange maybe not all servers got synched yet but I can still access Wikileaks.
http://wikileaks.org/
Re: Hidden Services Wikileaks
The hidden service shouldn’t be affected, they work differently, see http://www.torproject.org/docs/tor-hidden-service.html for details on how a hidden service can be set up.
If you still can resolve wikileaks.org, it just means you have a cached result somewhere in your resolve chain. because EveryDNS’ DNS servers don’t answer if you ask for “wikileaks.org”, check it yourself with “dig @ns1.everydns.net wikileaks.org” (according to the WhoIs entry for wikileaks.org you can also try ns2, ns3 and ns4 but that doesn’t change the result).
Cheers,
Drizzt
as of 3:30am, no access period. i’ve been able to read a lot of the cables. some of the other commentator’s on stories are right. maybe this will open a new way for governments to actual deal with each other.
or our govt will get behind the 8ball by themselves o much, they’ll fold.
Honestly though, I don’t get it. What’s the point of trying to kill WikiLeaks or any other whistleblower site? It’s just convenience really. Once the leaker is able to extract the information from a classified network, there’s pretty much a billion different ways he can leak it out to the world.
Killing WikiLeaks doesn’t do crap.
They need a better server company
Taken down for GETTING DoSed, not launching one.
“Sir, you’re under arrest for being shot.”
Those 2 things make roughly the same amount of sense. 😛
Re: They need a better server company
The U.S. government is not trying to hide it anymore.
Wikileaks LIVES!
And like the phoenix from the ashes, Wikileaks rises. It can now be found at the following addresses:
Main site: http://46.59.1.2/
Access to all releases: http://88.80.13.160
Re: Wikileaks LIVES!
Dammit You stole my idea…
Lose the DNS and go straight to the IP address! http://46.59.1.2/
Apparently the WikiLeaks domains are down too.
(At lest the ones I know about.)
Re: Re: Wikileaks LIVES!
D’oh — that was supposed to read ‘WikiLeaks Cover Domains’
Re: Re: Wikileaks LIVES!
collateralmurder.com was up a few minutes ago (didn’t check again for this post).
Cheers,
Drizzt
Re: Wikileaks LIVES!
Thank you, know I will get the leak from the banks(when they come out)
Re: Wikileaks LIVES!
these work fine.
So who is going to man up and offer them a new DNS hosting service?
Re: Re:
The Swiss.
Thank god it wasn’t the French. That would be embarrassing.
Wikileaks moves to Switzerland
New address in addition to http://46.59.1.2/, is http://88.80.13.160 or http://wikileaks.ch
Re: Wikileaks moves to Switzerland
or
http://213.251.145.96/ The main home page
http://213.251.145.96/cablegate.html The CableGate Transcripts
http://213.251.145.96/support.html – SUPPORT THEM AND DONATE
WikiLeaks is still available through it’s IP address:
http://46.59.1.2/
They might kill the domain name, but taking down that server is a completely different challenge…
Just wondering
If someone DDosed EasyDNS.net’s own site, would they take it out too in order to “protect their customers”?
Doesn’t what these companies say just sound like the kind of propaganda you could have expected from the Soviet Union? I.e. saying exactly the opposite of the truth. In this case clearly EveryDNS’s customers can’t have any trust that EveryDNS will try keep their sites up.
Re: Just wondering
This is probably being perpetrated by the
Office of Open Internet Dept.
DNS issues
First, to all people who are posting IP addresses: the reason we have DNS is not that it is easier to type, it is that IP addresses *change*. As soon as the site is moved to a new network, the IP address will change, and given the current situation, this is probably going to happen often with Wikileaks. Posting IP addresses can be very useful for the moment, but they are not a permanent solution.
Second, the root of their DNS is not EveryDNS, it is the .org registry, where they can simply point to another set of DNS servers. They can even host the DNS themselves (it is very easy to do, you just need a couple of servers). Thus, unless the .org registry is involved, that domain name is not permanently down.
Third, to those posting tor addresses (.onion): you can use tor2web to view them without installing tor. However, the site given does not appear to be the official Wikileaks site, but a mirror by someone else, which is probably a bit outdated.
Re: DNS issues
http://kpvz7ki2v5agwt35.onion/wiki/index.php/Main_Page
The other onion addresses don’t work here but maybe you have more luck.
Don’t agree with this at all.
But maybe now you understand how the sleeping giant was awakened.
And I hope you know that if you guys could have only kept your fingers out of the cookie jar, this sort of thing never would have been tolerated.
You enabled this.
It’s on you.
Re: Re:
The sleeping giant bureaucracy.
Doesn’t really matter, this helps keep the government on its toes and honest.
Re: Who needs domains anyway?
Yeah, right. So what does the sleeping giant do once he shut down all options of Wikileaks hosting their stuff which provokes them to upload their new stories under “Britney.Spears.naked.jpg” (or whoever is hip right now, I’m not up to date) to any hoster, forum, p2p net and so on?
Re: Re:
Say it – dont spray it.
Spooling up ye-old pc now. Time to get ze server running, ill host some files temporarily 🙂
Next step, build torrents of all the latest backups *sigh* there go’s my saturday haha.
It’s undoubtedly the government at it’s best. There’s probably a section at the NSA that’s doing nothing but tracking where the domain and website pops up, and launches millions of hits on it to take it down.
Not an easy job, but someone has to do it. Don’t want the sheep to see how stupid our diplomacy has become.
I’m not surprised at all, given that the TSA and Homeland Security have been hard at work taking down sights without notice on the pretext that they were counterfeiting merchandise.
Remember one thing-the internet was based on the governments’ backbone infrastructure. Still is, for the most part, even though we believe otherwise.
The government for the most part owns all of the pipes, and if they don’t like the stuff you give out, they can and will take a site down.
DNS services shut down you for DDOS since when?
This is pretty effy bizare.
How to enter wikileaks
BTW, since it is only a DNS thing, the site is still pretty accessible:
http://213.251.145.96/reldate/2010-12-03_0.html
All of 6 hours later, wikileaks is now @ wikileaks.ch …
script-kiddie hacker claims responsibility
a script kiddie hacker called th3j35t3r has been claiming responsibility.
http://twitter.com/th3j35t3r
does anyone know where we can access old releases? they seem to only have the big headline things on the sites i’ve seen.
Make a (local) copy of the content at this URL
http://etherpad.mozilla.org:9000/wikileaks
This story says Amazon.com is the host and they shut them down. Another reason to hate Amazon who is putting independent software developers out of work by patenting source code instead of copyrighting it like most of us do.
Link here
“Wikileaks Says Its Site Has Been ‘Killed'”
Notice this happened after they threatened to leak info on China and Russia?
New Domain is Down....
The new Wikileaks domain wikileaks.ch is no longer resolving, so you can’t get to Wikileaks via that any more either. Use the IPs.
Well, I could understand being arrested for being shot, I mean, its not your bullet and you probably should give it back.
What has happened in the past isn’t what this shutdown is about, media centers already have every document that has been posted. Makes for nice new articles every day.
Why did it get taken down now? What was coming up? It sure wasn’t taken down to close the barn door after the horses got out, so just what was coming up to be released? Answer that and you might answer the question of who took it down.
wikileaks FTW
The Government can’t handle the truth…
EveryDNS rationale makes no sense
EveryDNS does not say if there is a DDOS attack on their nameservers or just on the Wikilieaks site. If their response to a DDOS attack on a customer is to delete their listing on the nameserver then this would only encourage DDOS attacks as this makes the attack, essentially, more effective. Also, since EveryDNS does not do domain hosting how are other customers affected by a DDOS attack on one customer? If EveryDNS itself is undergoing a DDOS attack, de-listing Wikileaks.org will not directly stop that attack. They are just hoping that de-listing will placate the attackers who will then gratefully cease their attack. A strategy that, again, makes DDOS attacks more effective and so encourages them. This also assumes that the DDOS attack comprises repeated queries for only the Wikileak domain(s). Their rationale is not believable and stinks of unspoken outside pressures.