MasterCard attacked by voluntary botnet after WikiLeaks decision

mastercard.com is currently under a distributed denial of service (DDoS) attack, making the site unavailable from some locations.

The attack is being orchestrated by Operation Payback and forms part of an ongoing campaign by Anonymous. They announced the attack's success a short while ago on their Twitter stream:

Operation Payback is announcing targets via its website, Twitter stream and Internet Relay Chat (IRC) channels. To muster the necessary volume of traffic to take sites offline, they are inviting people to take part in a 'voluntary' botnet by installing a tool called LOIC (Low Orbit Ion Cannon – a fictional weapon of mass destruction popularised by computer games such as Command & Conquer).

The LOIC tool connects to an IRC server and joins an invite-only 'hive' channel, where it can be updated with the current attack target. This allows Operation Payback to automatically reconfigure the entire botnet to switch to a different target at any time.

Yesterday, Operation Payback successfully brought down the PostFinance.ch website after the Swiss bank decided to close Julian Assange's bank account.

Later in the day, they also launched an attack against the Swedish prosecutor's website, www.aklagare.se. The attack was successful for several hours, but now appears to have stopped. The Director of Prosecution, Ms. Marianne Ny, stated yesterday that Swedish prosecutors are completely independent in their decision making, and that there had been no political pressure. The same group also successfully took down the official PayPal blog last week, after WikiLeaks' PayPal account was suspended.

As more companies distance themselves from WikiLeaks, we would not be surprised to see additional attacks taking place over the coming days. Concurrent attacks against the online payment services of MasterCard, Visa and PayPal would have a significant impact on online retailers, particularly in the run up to Christmas.

Although denial of service attacks are illegal in most countries, Operation Payback clearly has a sufficient supply of volunteers who are willing to take an active role in the attacks we have seen so far. They are a force to be reckoned with.

A real-time performance graph for www.mastercard.com can be viewed here.

WikiLeaks supporters fight back against Swiss bank

The Swiss bank which froze the accounts of WikiLeaks founder Julian Assange is under electronic attack by WikiLeaks supporters. The PostFinance.ch website is being subjected to a distributed denial of service attack, rendering the site unusable by its customers and other visitors.

PostFinance yesterday announced that it had ended its business relationship with Julian Assange, claiming that he had falsely entered Geneva as his domicile. "Assange cannot provide proof of residence in Switzerland and thus does not meet the criteria for a customer relationship with PostFinance. For this reason, PostFinance is entitled to close his account."

PostFinance appears to have made the decision independently, pointing out that it has the option of "terminating business relationships which run contrary to public and moral opinion."

PayPal's official blog was also attacked after its decision to restrict the PayPal account used for collecting WikiLeaks donations. Twitter user AnonyWatcher posted a TANGO DOWN message announcing a DDoS attack against the blog. On Friday, PayPal's blog posted the following statement: "PayPal has permanently restricted the account used by WikiLeaks due to a violation of the PayPal Acceptable Use Policy, which states that our payment service cannot be used for any activities that encourage, promote, facilitate or instruct others to engage in illegal activity."

In another financial setback, MasterCard has also said that it will be taking action to ensure that WikiLeaks can no longer accept MasterCard-branded products.

Real-time performance graphs for www.postfinance.ch can be viewed here.

WikiLeaks.ch goes down as EveryDNS pulls the plug again

WikiLeaks is down (yet again!). Half an hour ago, EveryDNS.net disabled DNS services for WikiLeaks' secondary hosted domains, including wikileaks.ch.

wikileaks.ch ch ch changes!

EveryDNS.net is the US company that was also responsible for disabling the DNS services for wikileaks.org this morning. It seemed strange that WikiLeaks subsequently decided to use the same DNS provider for wikileaks.ch, as it was almost inevitable that the new domain would suffer the same fate. In a Guardian Q&A session today, Julian Assange hinted that WikiLeaks deliberately places some of its servers in juristictions that they suspect suffer from a "free speech deficit".

In an updated statement, EveryDNS.net said, "Today, also in accordance with the EveryDNS.net Acceptable Use Policy, the secondary DNS hosted domains, including wikileaks.ch, were disabled. EveryDNS.net is not taking a position on the content hosted on the wikileaks.org or wikileaks.ch website, it is following established policies."

Just a moment ago, WikiLeaks responded to the takedown by announcing three more domains that can be used to access the WikiLeaks content:

Meanwhile, EasyDNS (not to be confused with EveryDNS.net) has criticised the state of online journalism after they were falsely accused of taking down WikiLeaks. Several blogs and tweets have erroneously stated that EasyDNS, rather than EveryDNS.net, were providing DNS services for WikiLeaks.

A real-time performance graph for wikileaks.ch can be viewed here

French minister declares war on WikiLeaks

Éric Besson, the Minister of Industry, Energy and Digital Economy in France, has declared war on WikiLeaks (article in French here).

Besson has asked CGIET (The General Council of Industry, Energy and Technology) to stop the site being hosted in France, as this violates secret diplomatic relations and endangers the people protected by those secrets.

wikileaks.ch is hosted in Sweden, but requests to this site are immediately redirected to http://213.251.145.96/. This IP address serves all of the WikiLeaks content, which is hosted by OVH in France. WikiLeaks has been allocated a range of 16 IP addresses at OVH, but may have to switch to an alternative hosting location if government action is instigated against OVH.

If the French hosting location is taken down, WikiLeaks can make wikileaks.ch redirect to a different IP address at the drop of a hat. Even if the Swedish hosting location (where the redirection takes place) is taken down, the DNS for wikileaks.ch has a TTL of only 10 minutes, allowing the domain to be pointed elsewhere promptly, should WikiLeaks have alternative hosting prepared.

Most Reliable Hosting Company Sites in November 2010

Rank Company site OS Outage hh:mm:ss Failed Req% DNS Connect First byte Total
1 INetU FreeBSD 0:00:00 0.012 0.126 0.053 0.129 0.337
2 Rackspace F5 Big-IP 0:00:00 0.019 0.118 0.056 0.113 0.113
3 www.codero.com Linux 0:00:00 0.019 0.197 0.063 0.348 0.616
4 www.singlehop.com Linux 0:00:00 0.023 0.178 0.074 0.520 0.852
5 Virtual Internet Linux 0:00:00 0.027 0.207 0.048 0.099 0.099
6 Server Intellect Windows Server 2008 0:00:00 0.027 0.066 0.080 0.163 0.404
7 Multacom FreeBSD 0:00:00 0.027 0.141 0.105 0.217 0.595
8 www.netcetera.co.uk Windows Server 2008 0:00:00 0.031 0.105 0.045 0.094 0.190
9 Swishmail FreeBSD 0:00:00 0.031 0.102 0.051 0.102 0.268
10 ServInt Linux 0:00:00 0.035 0.208 0.062 0.129 0.321
See full table

INetU was this month's most reliable hoster, failing to respond to only three of Netcraft's requests. The hoster has a consistently good record, last month ranking third and regularly appearing in the top ten. INetU offers managed hosting services and prides itself on its high level of customer service.

Second place this month is Rackspace, which offers managed, cloud and application hosting from its nine datacentres in the U.S., the U.K. and Hong Kong. Rackspace offers "Fanatical Support" allowing customers to contact the company 24 hours a day.

Codero ranked third this month, with only five failed requests in November. Codero appeared in the top ten hosters in September and October but this is the first time it has been in the top three. The company offers dedicated and managed hosting aimed specifically at the needs of small businesses.

Netcraft measures and makes available the response times of around forty leading hosting providers' sites. The performance measurements are made at fifteen minute intervals from separate points around the internet, and averages are calculated over the immediately preceding 24 hour period.

From a customer's point of view, the percentage of failed requests is more pertinent than outages on hosting companies' own sites, as this gives a pointer to reliability of routing, and this is why we choose to rank our table by fewest failed requests, rather than shortest periods of outage.

Information on the measurement process and current measurements is available.

WikiLeaks moves domain to Switzerland

Just a few hours after having its DNS servers terminated by a US company, WikiLeaks has anounced a move to a Swiss domain: wikileaks.ch. The domain is registered by the Pirate Party of Switzerland and it currently points to a single IP address in Sweden.

This move increases the resilience of the WikiLeaks site. Unlike wikileaks.org, the wikileaks.ch domain is not registered with a US company and is thus less likely to bow to pressure from the US government.

WikiLeaks also points out that "Free speech has a number", referring to the Swedish IP address that can be entered into a browser's address bar (http://88.80.13.160). The Swedish website does not host any WikiLeaks content; instead, it redirects browsers to an IP address in France, which does host the content (http://213.251.145.96)

French company OVH has now delegated a block of 16 IP addresses to WikiLeaks, which suggests more than a temporary relationship between the two organisations:

inetnum:        213.251.145.96 - 213.251.145.111
netname:        WIKILEAKS

Curiously, the wikileaks.ch domain is configured to use EveryDNS.net as a DNS provider. This is the same US company that terminated DNS services for the wikileaks.org domain earlier today. It could be interesting to see what happens next in this cat and mouse game.

Real-time performance graphs for wikileaks.ch can be viewed here.