IP, Technology & Data

Hollywood Hacking” is the trusty cinema cliche whereby a geek with a laptop hits lots of buttons on his keyboard very quickly, says “we’re in” (or something similarly breezy), and gains access to the military system/bank account of his choosing. While Hollywood Hacking is usually very silly and completely unrealistic, the current Wikileaks saga is actually happening right now, in real life, and there’s more than a touch of unbelievable Hollywood Hacking about the whole tale.

As you’ll probably be aware, Wikileaks is the whistleblowing website that last week made available for download more than 250,000 confidential U.S. diplomatic cables. The cables contain correspondence between American embassies throughout the world and the U.S. State Department, and their contents are proving to be highly embarrassing for the U.S. Government and its allies.

Wikileaks founder Julian Assange has been placed on Interpol’s Most Wanted list (for “sex crimes” being investigated by the Swedish authorities, although the US government is also investigating if espionage laws were broken), and the Wikileaks website is under continuous heavy attack from unidentified and mysterious “internet hackers”.

These hackers are bombarding the site, or more accurately, the computer servers which hold or “host” its content, with “Distributed Denial of Service” (“DDoS”) attacks of unprecedented ferocity. (In DDoS attacks incoming messages flood the target system and force it to shut down, thereby denying service to the system to legitimate users).

In an attempt to defend itself, Wikileaks moved last week from smaller internet providers to a larger one whose servers would be more likely to withstand a DDoS assault. Wikileaks provider of choice was Amazon.com and its’ much-vaunted EC2 cloud computing system, which operates on vast banks of computers, meaning that network capacity can be quickly scaled up or down to meet surges in traffic. The tactic was working well for Wikileaks until Amazon.com decided on Thursday to kick them out.

In a blogpost, Amazon.com denied that it was acting under pressure from politicians, saying WikiLeaks had breached its terms by not owning the rights to the content it was publishing. (I imagine Amazon.com might also have been a bit nervous about potential liability for the illegally sourced cables.)

The wikileaks.org web address was then withdrawn from Wikileaks because its domain name service provider EveryDNS.net claimed that WikiLeaks had violated part of its Acceptable Use Policy, which requires members not to “interfere with another member’s use and enjoyment of the service or another entity’s use and enjoyment of similar services. WikiLeaks had interfered with other members’ service because, said EveryDNS, “wikileaks.org has become the target of multiple DDoS attacks. These attacks have, and future attacks would, threaten the stability of the EveryDNS.net infrastructure, which enables access to almost 500,000 other websites.”

Wikileaks solution has been to move to Switzerland, with a new domain wikileaks.ch. The domain name is registered by the Pirate Party of Switzerland, associated with an IP address in Sweden, and points to a web address in France (where the Wikileaks documents are actually believed to be hosted). If wikileaks.ch is also withdrawn, Wikileaks has announced that content will still be accessible by bypassing the DNS look-up and typing in Wikileaks’ actual IP address:

Over the weekend online payment service provider PayPal cut off the WikiLeaks account, eliminating one of the easiest means for donors to send money to the organisation. It’s simply impossible to tell what’s going to happen next! The latest development is that Julian Assange is under arrest, having voluntarily reported to a police station in central London this morning.

Who said Tech Law was boring? Hopefully in the inevitable Hollywood dramatisation of the saga there will at least be a cheeky cameo of yours truly writing this blog.

Follow me

Martin Sloan

Partner at Brodies LLP
Martin is a partner in Brodies Technology, Information and Outsourcing group and has wide experience of advising clients on technology procurement and IT and business process outsourcing projects. Martin also advises on data protection (including the GDPR), and general technology and intellectual property law, and has a particular interest in the laws applying to social media and new technology such as mobile apps, contactless/mobile payments, and smart metering.
Follow me