Blackout protests against Hungary media law

Popular BitTorrent site The Pirate Bay is one of many joining in with today's "blackout" protests against a new media law approved in Hungary. The law allows Hungarian publications to be fined for violating public order, which could require journalists to reveal their sources.

The blackout campaign is being publicised through blackout4hungary.net, which encourages other sites to take part in the protest by adding black banners or stylesheets to their sites. The blackout4hungary.net site appears to have taken the blackout concept a step further and is currently offline, although this may just be a consequence of the large amount of traffic being driven to the site through hyperlinks and hotlinked stylesheets.

The Pirate Bay is currently hosted in Germany and uses the lighttpd web server. The site has nearly 5 million registered users and claims to be "the world's most resilient BitTorrent"; however, the site's availability has been somewhat choppy since Tuesday.

4chan boards fall to second attack

4chan's popular message boards are under another distributed denial of service attack. Many members of Anonymous inhabit the site's boards, although it is unknown whether the current attack is related to any of the previous DDoS attacks purportedly carried out by Anonymous.

'sup /b/?

Shortly after the attack began, an update on status.4chan.org quickly stated, "Another day, another DDoS! Right on the eve of /b/'s 300 millionth post." 4Chan was also subjected to a similar attack last week, whereupon it quipped, "We now join the ranks of MasterCard, Visa, PayPal, et al.–an exclusive club!" These payment companies had previously been targeted by Anonymous in a series of attacks last month.

Real-time performance graphs for websites that have been involved (or may become involved) in the WikiLeaks and Anonymous attacks can be monitored at http://uptime.netcraft.com/perf/reports/performance/wikileaks

BestBuy.com hits problems in run up to Christmas

Many Christmas shoppers have been denied access to the BestBuy.com website this week. None of our performance monitors has been able to visit the site in the past 24 hours, while some locations have been denied access for more than 3 days. Some Twitter users have reported problems accessing the site as early as 18th December.

BestBuy.com offered guaranteed Christmas delivery for orders placed before 11am ET time on Tuesday, although many shoppers have apparently been unable to use the website ahead of the deadline.

The BestBuy.com website is served from the Akamai content distribution network, and has been using the AkamaiGHost web server since 19th December. A Best Buy employee said "The website is acting a little weird right now, for US customers or otherwise. Technicians are working on it 24/7".

At the time of writing, the site still returns a 403 Forbidden response, saying "You don't have permission to access "http://www.bestbuy.com/" on this server." Live performance graphs for www.bestbuy.com can be viewed here.

WikiLeaks.org moves next door to the CIA

The WikiLeaks.org website has moved again and now appears to be hosted within walking distance of the CIA's headquarters. The site was previously hosted by Silicon Valley Web Hosting, but has now switched to ServInt, whose offices are adjacent to the CIA in McLean, Virginia.


A = ServInt headquarters, B = CIA headquarters (both approximate)

Hosting the WikiLeaks.org site within such close proximity of the CIA headquarters is surprising given that earlier this year, WikiLeaks asked the CIA to stop spying on it, though it will presumably be helpful for the CIA's WikiLeaks Task Force (WTF!)

The recent hosting history for www.wikileaks.org can be viewed here.

WikiLeaks.org back in the USA

After being taken down two weeks ago, WikiLeaks.org is back up and running in the US.

The restored site has been hosted by Silicon Valley Web Hosting since Friday night, but does not appear to be serving any of the leaked cables or other content that it used to hold. Instead, the site immediately redirects visitors to a WikiLeaks mirror hosted in Russia.

Nonetheless, it is surprising to see WikiLeaks.org being hosted in the US again, even if it is only being used to redirect traffic. Two weeks ago, Amazon decided to remove hosting services from WikiLeaks. After the domain had been pointed to a new hosting location in Europe, EveryDNS then took the site down by terminating DNS services used by the WikiLeaks.org domain, preventing the domain name being resolved into an IP address. Joe Lieberman of the United States Senate Committee on Homeland Security and Government Affairs urged other companies to make similar decisions, saying "No responsible company – whether American or foreign – should assist Wikileaks in its efforts to disseminate these stolen materials."

The WikiLeaks.org domain name also uses a US company, Dynadot, as its registrar and DNS provider. The domain registration was last updated on 10 December 2010 and is not due to expire until 2018.

Operation Payback’s next DDoS target: Fax machines

Operation Payback has begun a new fax-based campaign against some of the companies who decided to distance themselves from WikiLeaks. As part of its new Leakflood mission, the Anonymous group of 'hacktivists' is encouraging its members to send a large number of faxes to Amazon, MasterCard, Moneybookers, PayPal, Visa and Tableau Software.

This latest campaign by the Anonymous group is analogous to the distributed denial of service attacks it has been carrying out against websites over the past week. In essence, this has turned into a DDoS attack against fax machines. The group started the fax-attacks today at 13:00 GMT and published a list of target fax numbers in their call to arms:

The Anonymous collective are being encouraged to send faxes of random WikiLeaks cables, letters from Anonymous, Guy Fawkes, and the WikiLeaks logo to the target fax numbers all day long. It is not clear how many people are taking part in the attacks, but an IRC channel set up to provide information about the campaign contained 73 users just a few hours after the fax-attacks started.

As well as dishing out attacks, the group has also found itself under attack for supporting WikiLeaks. Many users were knocked off its IRC network after its servers came under attack this morning. It is also understood that the anonops.eu domain (which used to announce the locations of IRC servers and the current attack target) has also come under attack and is currently unavailable.

We have already witnessed website attacks against each of the fax targets, apart from Tableau Software. Two weeks ago, this company removed graphs published by WikiLeaks to its free Tableau Public data visualisation tool. A statement on the Tableau Software website admits this decision was taken as a result of political pressure:

"Our decision to remove the data from our servers came in response to a public request by Senator Joe Lieberman, who chairs the Senate Homeland Security Committee, when he called for organizations hosting WikiLeaks to terminate their relationship with the website"

The poster instructs participants in the attack to use the MyFax free fax service at http://myfax.com/free/, and recommends using a proxy to keep Anonymous, well, anonymous.

Real-time performance graphs for websites that have been involved (or may become involved) in the WikiLeaks attacks can be monitored at http://uptime.netcraft.com/perf/reports/performance/wikileaks; however, Netcraft is not monitoring any of the fax machines.