Both Visa and MasterCard payments have been being rejected on their donation system since around 22:30 CET yesterday. Visa expressed concerns about protecting its brand, but DataCell points out that Visa is nevertheless happy to transfer money for gambling sites and pornography services.
DataCell ehf CEO Andreas Fink said, "It is obvious that Visa is under political pressure to close us down".
Earlier today, PayPal admitted that its decision to suspend WikiLeaks' PayPal account was made after the US government claimed that the activities of the website were illegal in the US.
Netcraft is now monitoring the performance and uptime of websites which are involved in the ongoing WikiLeaks cyberbattle. Real-time graphs for all of these sites can be viewed here:
Please contact us if you know of any new sites which have come under attack: email@example.com
WikiLeaks has been subjected to several denial of service attacks, and has also had to deal with its name servers, hosting accounts and payment services being suspended. In retaliation, WikiLeaks supporters have targetted some of the companies who have decided to terminate relationships with the whistle-blowing site.
MasterCard is the latest target, and there have also been successful attacks against PostFinance, the Swedish prosecutor's website, and the official PayPal blog.
Despite a French minister declaring war on WikiLeaks, French hosting company OVH allowed the site to continue using its servers, stating that it was neither for nor against WikiLeaks. OVH sought an emergency decision from a judge over whether or not it was illegal to host the WikiLeaks website. The judge subsequently declined to force OVH to shut down the site.
Meanwhile, SWITCH (the registry for .ch domains) has clarified the circumstances under which the wikileaks.ch domain would be deleted, and is keen to point out that it is not responsible for the contents of the Wikileaks site.
mastercard.com is currently under a distributed denial of service (DDoS) attack, making the site unavailable from some locations.
The attack is being orchestrated by Operation Payback and forms part of an ongoing campaign by Anonymous. They announced the attack's success a short while ago on their Twitter stream:
Operation Payback is announcing targets via its website, Twitter stream and Internet Relay Chat (IRC) channels. To muster the necessary volume of traffic to take sites offline, they are inviting people to take part in a 'voluntary' botnet by installing a tool called LOIC (Low Orbit Ion Cannon – a fictional weapon of mass destruction popularised by computer games such as Command & Conquer).
The LOIC tool connects to an IRC server and joins an invite-only 'hive' channel, where it can be updated with the current attack target. This allows Operation Payback to automatically reconfigure the entire botnet to switch to a different target at any time.
Yesterday, Operation Payback successfully brought down the PostFinance.ch website after the Swiss bank decided to close Julian Assange's bank account.
Later in the day, they also launched an attack against the Swedish prosecutor's website, www.aklagare.se. The attack was successful for several hours, but now appears to have stopped. The Director of Prosecution, Ms. Marianne Ny, stated yesterday that Swedish prosecutors are completely independent in their decision making, and that there had been no political pressure. The same group also successfully took down the official PayPal blog last week, after WikiLeaks' PayPal account was suspended.
As more companies distance themselves from WikiLeaks, we would not be surprised to see additional attacks taking place over the coming days. Concurrent attacks against the online payment services of MasterCard, Visa and PayPal would have a significant impact on online retailers, particularly in the run up to Christmas.
Although denial of service attacks are illegal in most countries, Operation Payback clearly has a sufficient supply of volunteers who are willing to take an active role in the attacks we have seen so far. They are a force to be reckoned with.
A real-time performance graph for www.mastercard.com can be viewed here.
The Swiss bank which froze the accounts of WikiLeaks founder Julian Assange is under electronic attack by WikiLeaks supporters. The PostFinance.ch website is being subjected to a distributed denial of service attack, rendering the site unusable by its customers and other visitors.
PostFinance yesterday announced that it had ended its business relationship with Julian Assange, claiming that he had falsely entered Geneva as his domicile. "Assange cannot provide proof of residence in Switzerland and thus does not meet the criteria for a customer relationship with PostFinance. For this reason, PostFinance is entitled to close his account."
PostFinance appears to have made the decision independently, pointing out that it has the option of "terminating business relationships which run contrary to public and moral opinion."
PayPal's official blog was also attacked after its decision to restrict the PayPal account used for collecting WikiLeaks donations. Twitter user AnonyWatcher posted a TANGO DOWN message announcing a DDoS attack against the blog. On Friday, PayPal's blog posted the following statement: "PayPal has permanently restricted the account used by WikiLeaks due to a violation of the PayPal Acceptable Use Policy, which states that our payment service cannot be used for any activities that encourage, promote, facilitate or instruct others to engage in illegal activity."
In another financial setback, MasterCard has also said that it will be taking action to ensure that WikiLeaks can no longer accept MasterCard-branded products.
Real-time performance graphs for www.postfinance.ch can be viewed here.
WikiLeaks is down (yet again!). Half an hour ago, EveryDNS.net disabled DNS services for WikiLeaks' secondary hosted domains, including wikileaks.ch.
EveryDNS.net is the US company that was also responsible for disabling the DNS services for wikileaks.org this morning. It seemed strange that WikiLeaks subsequently decided to use the same DNS provider for wikileaks.ch, as it was almost inevitable that the new domain would suffer the same fate. In a Guardian Q&A session today, Julian Assange hinted that WikiLeaks deliberately places some of its servers in juristictions that they suspect suffer from a "free speech deficit".
In an updated statement, EveryDNS.net said, "Today, also in accordance with the EveryDNS.net Acceptable Use Policy, the secondary DNS hosted domains, including wikileaks.ch, were disabled. EveryDNS.net is not taking a position on the content hosted on the wikileaks.org or wikileaks.ch website, it is following established policies."
Just a moment ago, WikiLeaks responded to the takedown by announcing three more domains that can be used to access the WikiLeaks content:
Meanwhile, EasyDNS (not to be confused with EveryDNS.net) has criticised the state of online journalism after they were falsely accused of taking down WikiLeaks. Several blogs and tweets have erroneously stated that EasyDNS, rather than EveryDNS.net, were providing DNS services for WikiLeaks.
A real-time performance graph for wikileaks.ch can be viewed here
Éric Besson, the Minister of Industry, Energy and Digital Economy in France, has declared war on WikiLeaks (article in French here).
Besson has asked CGIET (The General Council of Industry, Energy and Technology) to stop the site being hosted in France, as this violates secret diplomatic relations and endangers the people protected by those secrets.
wikileaks.ch is hosted in Sweden, but requests to this site are immediately redirected to http://22.214.171.124/. This IP address serves all of the WikiLeaks content, which is hosted by OVH in France. WikiLeaks has been allocated a range of 16 IP addresses at OVH, but may have to switch to an alternative hosting location if government action is instigated against OVH.
If the French hosting location is taken down, WikiLeaks can make wikileaks.ch redirect to a different IP address at the drop of a hat. Even if the Swedish hosting location (where the redirection takes place) is taken down, the DNS for wikileaks.ch has a TTL of only 10 minutes, allowing the domain to be pointed elsewhere promptly, should WikiLeaks have alternative hosting prepared.