Has the Wikileaks saga changed our perspective on cloud computing
December 9, 2010
I wondered the other day how the WikiLeaks scandal would impact cloud computing. It now seems that we’ve witnessed the first large scale attack against a raft of corporate websites so how did this happen.
In the beginning…
The Wikileaks saga has been going on for quite some time but came to a head recently when the site began to publish US Embassy diplomatic cables on 28 November.
This predictably led to WIkileaks upsetting the US government so, in retaliation, they began to shut down constituent elements required to maintain the site.
The first casualty was Amazon. On the 1 December, Senator Joe Lieberman asked Amazon to stop hosting the mirror of the site; which they duly did. Amazon claimed it was because of policy violation but given the material sold on their website I’m sure we could isolate many other examples of policy violation.
In response to this closure, the DNS entries for the US were updated to point to the Swedish ISP Bahnhof, which has hosted the site for some time.
So the next target was the DNS for Wikileaks who gave them 24 hours notice on the 1 December effectively closing the site on the 2 December. The DNS, hosted by EveryDNS, was pulled in reaction to claims that the Terms and Conditions had been violated after a Distributed Denial of Service (DDoS) against the site.
A number of DDoS attacks had preceded the release of the US Embassy Cables and the conspiracy theorists will claim this was instigated by China and Russia to frame the US. But the Great Firewall of China already blocks access to Wikileaks so it’s an unlikely story.
On the 4 December the third nail in the Wikileaks saga was driven home by PayPal suspending any donations made to Wikileaks after intervention from the US State Department. Visa and Mastercard followed by suspended services to Wikileaks but interestingly both still allow payments to the Klu Klux Klan.
This is where it starts to get interesting. Payback time…or “operation payback” to give its official name.
The wonderful thing about the internet is that it’s global. And in a global community you can’t expect to please everyone all the time. However, this saga touched a really big nerve. Why should the US be able to exert such power given its constitutional right to free speech?
Yes these are leaked documents but they don’t really tell us anything we didn’t already know in conversation. The rumours have simply been confirmed. And anyway, isn’t most journalism based on inside information?
Either way it seems that a number of people worldwide are so against what has happened that they have launched an all out attack on the main contributors to Wikileaks attempted assassination. Oops, assassination is probably the wrong word because Sarah Palin wants Julian Assange (wikileaks’ founder) tracked down like a terrorist. As does the US-born aid to the Canadian PM, Tom Flanagan, who suggested in a live TV in an interview with Canadian state broadcaster CBC that “Assange should be assassinated".
The attacks began on the 8 December with Mastercard being the most high-profile. Whilst the site was technically working it was rendered pointless by the large volume of traffic making requests.
Whilst Mastercard said the service was still processing transactions, Ian Cushion of SecureTrading posted a note to say "MasterCard has now confirmed that they have an issue with their SecureCode service".
Other DDoS attacks have been targeted to PayPal, Sarah Palin’s site, Senator Joe Lieberman site and now it’s Visas turn with tweets from Anon_Operation encouraging action.
It’s Global Thermo-Technical War
But back the crux of this article. This whole story has certainly demonstrated in no uncertain terms two key issues:
- The US government can apply sufficient pressure to close down services it feels compromises its position.
- Can we rely on the cloud as viable business service given the ease at which it can cripple large sites?
Now I fully appreciate that this is an extreme example of a largely politically motivated campaign but the game changes when large clearing houses such as PayPal, Visa and Mastercard get attacked to the extent that payments cannot be cleared.
On Monday the 6 December, "Mega Monday", £1million was spent in a single minute. Imagine the lost revenue if these attacks had been coordinated earlier in the week.
What about Amazon? How would businesses have coped if the DDoS attacks had taken out the S3 (Simple Storage Service) servers? Or Microsoft’s Azure Cloud Solution?
The Wild West Globe
Either way this fiasco has demonstrated one of the problems with our reliance on the internet. It is the best resource in the world but with the evitable loss of net neutrality will the net shrink into micro internets?
At present the internet is unregulated, unpoliced and unreliable.
It’s all well and good outsourcing your infrastructure but you also outsource you responsibility.