Want CNET to notify you of price drops and the latest stories?
CNET logo Why You Can Trust CNET

Our expert, award-winning staff selects the products we cover and rigorously researches and tests our top picks. If you buy through our links, we may get a commission. Reviews ethics statement

Has WikiLeaks landed in cyberattack crosshairs?

Conservative commentators call for WikiLeaks' Iraq files, actually hosted on Amazon.com servers in California, to be electronically "assaulted."

Declan McCullagh Former Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
Declan McCullagh
5 min read

Forget China or Al Qaeda. In a twist that would have been inconceivable even a few months ago, the WikiLeaks.org Web site is being proposed as the first public target for a U.S. government cyberattack.

After the shadowy, document-leaking organization distributed nearly 400,000 classified documents from the Iraq war on Friday, Washington officialdom responded with a torrent of denunciations alleging violations of national security and endangering U.S. military operations.


In a rare point of congruence, The Washington Post and The Washington Times both criticized the release, with the smaller paper arguing that WikiLeaks' offshore Web site should be attacked and rendered "inoperable" by the U.S. government. Some hawkish conservatives followed suit, including Christian Whiton, a State Department adviser under President George W. Bush, who wrote a column calling on the U.S. military to "electronically assault WikiLeaks and any telecommunications company offering its services to this organization."

Their target's actually not that far away. WikiLeaks' Web site is now hosted on Amazon.com servers on United States soil near San Jose, Calif.

The tech-savvy activists are taking advantages of the popular Amazon Web Services platform, described as offering "massive compute capacity and storage" that is automatically ramped up as more and more people connect to a Web site--a perfect fit for a group that had anticipated a deluge of traffic.

To be precise, the WikiLeaks.org domain name has been configured to point to three different Internet Protocol (IP) addresses: Amazon in the United States, Amazon in Ireland, and an address owned by Octopuce in France. Octopuce provides hosting for free-software enthusiasts and France's Big Brother Awards. (Netcraft's toolbar explains the situation well.)

An Amazon spokeswoman contacted yesterday morning did not respond to multiple inquiries. A Pentagon representative said yesterday he had no immediate response, and Justice Department spokesman Dean Boyd said only: "We continue to assist the Defense Department in its investigation into the leak of classified information to WikiLeaks."

To be sure, calls for the forcible muzzling of WikiLeaks also happened in July, when WikiLeaks posted secret military dispatches from the Afghanistan war. Conservative commentator Liz Cheney, for instance, said: "I would really like to see President Obama move to ask the government of Iceland to shut that Web site down. I'd like to see him move to shut it down ourselves if Iceland won't do it." At the time, WikiLeaks.org was hosted on a server in Sweden.

After the release of the Iraq files, though, the suggestions for an electronic offensive against the organization and its public face, Julian Assange, have become more pointed.

'Waging war on WikiLeaks'
The Washington Times said in an editorial that WikiLeaks is now a "threat to U.S. national security" and "should be treated accordingly." The U.S. government "should be waging war on the WikiLeaks Web presence," it advised.

"The WikiLeaks folks seem to have done a good job of distributing and encrypting their data, so cyberattacks would be pointless. They'd have no effect. We'd have better luck making fun of the WikiLeaks messiah, who seems a bit strange."
--James Lewis, senior fellow, Center for Strategic and International Studies

Marc Thiessen, a President George W. Bush speechwriter and visiting fellow at the American Enterprise Institute, suggested that: "Because Assange is a non-U.S. citizen operating outside the territory of the United States, the government could employ not only law enforcement but also intelligence and military assets--such as U.S. Cyber Command--to put his criminal syndicate out of business and bring Assange to justice."

James Lewis, a senior fellow at the Center for Strategic and International Studies, says that a cyberattack against WikiLeaks would be futile and that Assange personally would be a better target.

"The WikiLeaks folks seem to have done a good job of distributing and encrypting their data, so cyberattacks would be pointless," Lewis told CNET yesterday. "They'd have no effect. We'd have better luck making fun of the WikiLeaks messiah, who seems a bit strange."

And in fact, WikiLeaks does have a series of mirror sites ready to go, including WikiLeaks.fr (hosted by famously pro-free speech registrar Gandi.net), and WikiLeaks.se, WikiLeaks.de, WikiLeaks.nl, and WikiLeaks.is (all currently hosted in Sweden, though this could be easily changed).

If the U.S. government does begin an electronic attack on WikiLeaks, the military's new Cyber Command would be one candidate to undertake it. The new organization is charged with allowing the U.S. armed forces to conduct "full-spectrum military cyberspace operations in order to enable actions in all domains," which includes destroying electronic infrastructure as thoroughly as a B-2 bomber would level a power plant.

So far, the United States government has been cagey, even reticent, about publicly discussing its offensive capabilities.

Two years ago, President Bush signed the secret National Security Presidential Directive 54, which was later revealed to include "offensive" elements. Earlier this year, when a congressional committee asked Lt. Gen. Keith Alexander, now the head of the NSA and Cyber Command, about the possibility of conducting "tactical" and "operational" offensive operations, he said (PDF) he could answer that question only in a classified setting.

A National Research Council report on the technology, law, and ethics of cyberattack said that "today's policy and legal framework for guiding and regulating the U.S. use of cyberattack is ill-formed, undeveloped, and highly uncertain." It also suggested that the United States' highly classified cyberattack capabilities are "likely more powerful" than "those demonstrated by the most sophisticated cyberattacks perpetrated by cybercriminals."

In August, Pentagon press secretary Geoff Morrell left open the possibility of offensive action against WikiLeaks. "If it requires compelling them to do anything, then we will figure out what other alternatives we have to compel them to do the right thing," he said. (The Obama administration has reportedly concluded that WikiLeaks violated U.S. law even before the Iraq leak.)

And this week, Adm. Mike Mullen, chairman of the Joint Chiefs of Staff, sent a note out through Twitter saying: "Another irresponsible posting of stolen classified documents by WikiLeaks puts lives at risk and gives adversaries valuable information."

Questions about diplomatic concerns and international law aside, the problem of successfully attacking a Web site in another country is not a trivial one to solve. It's reasonable to assume that the U.S. military has been able to find undocumented backdoors in popular operating systems and Web servers (schools like the Naval Postgraduate School in Monterey, Calif., have classified computer labs that appear to work on precisely those topics).

But would the Pentagon want to risk exposing those abilities to shutter WikiLeaks temporarily, only to have the same files be mirrored moments later on BitTorrent and innumerable other Web sites?

That seems unlikely. After all, as Brig. Gen. Joseph Osterman, commander of the First Marine Division, said yesterday in a teleconference from Afghanistan: "As far as the WikiLeaks, that really has had no impact at all on us."

Update 3 p.m. PDT: Wikileaks.org appears to have ceased hosting documents inside the United States. Its DNS entry no longer points to Amazon.com servers in San Jose (it continues to point to Amazon Ireland and the French hosting service). Yesterday's IP address has been removed. It's unclear why WikiLeaks has made this change--it may be as a result of this article--but now the DNS entries for Warlogs.wikileaks.org and Wikileaks.org are the same.