The Magazine

Can You Plug a WikiLeak?

It’s not easy.

Dec 27, 2010, Vol. 16, No. 15 • By JONATHAN V. LAST
Widget tooltip
Single Page Print Larger Text Smaller Text Alerts

Lost among the many debates concerning WikiLeaks is a practical question: When an irresistible force, such as the Internet, meets an immovable object, like a government, which one’s gotta give?  Could a government shut down the website if it really wanted to? The answer is: yes and no.

Can You Plug  a WikiLeak?

Photo Credit: Newscom

As a technical matter, it would be nearly impossible to remove from circulation the documents WikiLeaks has already released. Information on the Internet is resilient because the source files can reside on billions of computers in many different countries. WikiLeaks posts all of the documents it releases on its website, where users can view or, more to the point, download them. This website is run from servers currently located in France. Those servers could, in theory, be shut down. But even if they were, the downloaded copies would live on. What’s more, WikiLeaks had the foresight to publish its full run of documents in what is called a torrent file.

Torrents are the most common and efficient method of peer-to-peer sharing—that is, a somewhat anonymous exchange of files between computer users. The creator of the file turns it into a torrent “seed” and then allows others to download that seed from him. Once the seed has been published, anyone wanting a copy of the file in question can download it not just from the original source but from anyone else who has already downloaded it. Once a torrent has been out in the wild for a prolonged period of time, it becomes very hard to kill; it has been reproduced too many times and is stored on too many different computers. (Hollywood knows all about this problem: Torrents are most often used to pass around pirated movies and TV shows.)

WikiLeaks made its complete archive of documents available as a torrent file some weeks ago. By now, it is safe to assume that it has been downloaded many thousands of times. The torrent file is small enough to reside on personal computers and even smart phones. And since every torrent that has been downloaded is capable of being used as a seed for others to download, there’s no stopping that information now—genies, bottles, horses, barns. 

But what about WikiLeaks going forward? People tend to assume that the lubricating power of the Internet makes it impossible to stop the flow of information. But that’s not always true. Take the case of ESPN reporter Erin Andrews. A year ago, someone with a spy camera filmed her through a peephole in the door walking around her hotel room in the altogether. Andrews took immediate, aggressive legal action. Today it’s nearly impossible to find the video on the Internet. On a larger scale, China has successfully censored the web for a billion citizens for several years. Governments are not powerless against the Internet.

To understand what could be done to stop WikiLeaks, you begin by looking at WikiLeaks as a system with three functions: (1) It gathers leaked information from third-party sources; (2) it publishes this content; and (3) it distributes this published material across the web to readers. As a technical matter, each of these processes can be curtailed to some degree. Let’s start with the front end of the operation and work backward.

WikiLeaks publishes by uploading material onto its website, which resides on the organization’s servers. You access the site by going to wikileaks.org. Three weeks ago wikileaks.org became inoperable when a massive distributed denial-of-service attack (DDoS) was launched against it. That is to say, a small network of computers conspired to send so many requests to wikileaks.org that its server became overloaded and crashed. The DDoS assault on WikiLeaks sank the group’s main website for a day or two.

WikiLeaks responded by asking hosting providers to voluntarily set up “mirrors”—exact replicas of the WikiLeaks site—on other servers at different addresses. Many volunteers appeared. As of this writing, there are 1,885 mirror sites running, with URLs such as wikileaks.enzym.su and wikileaks.thinkfurther.de.

It would be difficult, though not impossible, to launch denial-of-service attacks against all of the mirrors. But what is vulnerable is WikiLeaks’ canonical server—the WikiLeaks server that is dedicated to supplying the mirror sites. In theory, one could approach WikiLeaks posing as a host interested in providing a mirror. When WikiLeaks established the mirror, an attacker could then use the data gathered about the canonical server to launch an attack against it, thus disrupting all of the mirrors at once.

Recent Blog Posts