WikiLeaks edges away from the US

WikiLeaks is no longer using US servers to deliver content for its Iraq War Logs site at warlogs.wikileaks.org.

Yesterday, two of the IP addresses used by the site belonged to Amazon EC2 instances in the United States, but these are no longer being used. Today, the Iraq War Logs site is only being served from two IP addresses; one in France and an EC2 instance in Ireland.

click to view

However, the main WikiLeaks site at wikileaks.org is still using a US-hosted EC2 instance. More interestingly, the DNS for wikileaks.org is also controlled by a US company:

wikileaks.org.          5160    IN      NS      ns4.everydns.net.
wikileaks.org.          5160    IN      NS      ns1.everydns.net.
wikileaks.org.          5160    IN      NS      ns2.everydns.net.
wikileaks.org.          5160    IN      NS      ns3.everydns.net.

In April 2010, EveryDNS was bought by the owners of DynDNS, which is well known for providing free dynamic DNS services.

WikiLeaks will have prepared for US intervention over the Iraq War Logs, which could explain why warlogs.wikileaks.org uses different nameservers, hosted in France:

;; ANSWER SECTION:
warlogs.wikileaks.org.  864     IN      A       91.194.60.32
warlogs.wikileaks.org.  864     IN      A       46.51.186.222

;; AUTHORITY SECTION:
warlogs.wikileaks.org.  864     IN      NS      gnou.octopuce.fr.
warlogs.wikileaks.org.  864     IN      NS      benedict.serverside.fr.
warlogs.wikileaks.org.  864     IN      NS      ns2.octopuce.fr.

The short TTL (time to live) on warlogs.wikileaks.org is typical of any site that may need to change its location in a hurry, and is reminiscent of the actions carried out by Microsoft in 2004 after they anticipated www.microsoft.com being attacked by the "MyDoom.B" virus. SCO also made a similar change, setting their TTL as low as 60 seconds. The 15 minute TTL on warlogs.wikileaks.org allows WikiLeaks to change the site's location relatively quickly, should any of the hosting locations be attacked or taken down. Netcraft has not seen the site suffering any outages yet.

Nonetheless, WikiLeaks' hosting is not as bulletproof as some make out. Besides the US-based nameservers used by wikileaks.org, another potential weakness for all sites under the wikileaks.org domain could be the choice of domain name registrar: Dynadot LLC is a US company and thus has to consider US law as well as ICANN regulations.

This could suggest that the US government is reluctant to disrupt access to warlogs.wikileaks.org, even though they appear to be capable of doing so.