WikiLeaks is using US-based servers run by Amazon.com to mirror its controversial data stash, including the classified "Iraq War Logs" released on Friday afternoon, according to internet records.
Since at least Friday night, the famous whistle-blowing site has been hosting data on Amazon's AWS infrastructure cloud, both in the US and Ireland, records collected by UK research outfit NetCraft show. WikiLeaks is also mirroring servers with French service provider Octopuce, according to NetCraft.
WikiLeaks has long maintained its central servers in Sweden with "bulletproof" hosting outfit PRQ. WikiLeaks founder Julian Assange has said that the servers are kept in Sweden because the country provides legal protection for disclosures on the site. To further guard against takedowns, PRQ keeps almost no information about its clientele and maintains few if any of its own logs.
Recently, the Swedish Pirate Party said that it's also hosting servers for WikiLeaks, and according to one report, some WikiLeaks servers are now inside a Cold War–era nuclear bunker that was carved out of a rock hill in downtown Stockholm.
But on Friday, after WikiLeaks defied warnings from the Pentagon and released nearly 400,000 classified US military documents involving the Iraq War, NetCraft showed that the site was mirroring these and other documents in the US, Ireland, and France, countries that don't offer the sort of protection provided by Sweden.
According to Santa Clara University law professor and tech law blogger Eric Goldman, Amazon may not be legally required to remove the content, but he says the company could be persuaded to do so.
"[Federal law] 47 USC 230 protects Amazon from being liable for WikiLeaks' content in most circumstances. The only relevant exception is that 230 does not protect Amazon if republishing the content constitutes a federal crime. I'm uncertain what crimes could apply to the content publication," Goldman told The Reg.
"However, even if Amazon is insulated from liability, I suspect Amazon will choose to remove the content 'voluntarily' (motivated by a little persuasion from the government), presumably citing a breach of its terms of service as a pretext.
"A more 'ideological' web host would probably fight more vigorously for its users' publishing rights than Amazon will."
The US, Ireland, and France mirrors were first noticed by technology consultant Alex Norcliffe. It's unclear why WikiLeaks is mirroring its servers in such unprotected locations. The move could be part of an effort to accommodate the added traffic expected following the release of the Iraq documents, and the organization may be trying to decentralize its data stash. But it's surprising that the whistle-blowers would use servers based in such countries.
We've contacted WikiLeaks through email addresses it has used in the past, and it has not responded. Presumably, the site's content is still hosted on "bulletproof" servers in Sweden, but these no longer show up in NetCraft's records.
We've also contacted Amazon, and it has yet to respond. Nor has the US Department of Defense, which condemned the release of the Iraq War Logs. The US government has long said that releasing such documents will endanger the lives of soldiers and civilians alike. "We deplore WikiLeaks for inducing individuals to break the law, leak classified documents and then cavalierly share that secret information with the world, including our enemies," the Defense Department press secretary said in a statement on Friday.
Some have speculated that WikiLeaks is now running US-based mirrors as some sort of publicity stunt. "They are waiting for the US to shut down those servers so that they can say 'Oh, look at the information the US doesn’t want you to know!'" said one commenter on Norcliffe's blog.
Norcliffe is less sure. "WikiLeaks has set a confusing new precedent for its approach to hosting; in the past much has been made of its reputation for putting its servers in bunkers in Sweden for apparent legal protection, and yet for this launch the primary websites are being served in some cases from US datacenters.
"I can't believe this is incompetence on WikiLeaks' part, but whatever their reason it also seems unlikely a US company like Amazon won't be under pressure soon from US authorities."
As Norcliffe points out, WikiLeaks doesn't appear to be using a CDN for global caching which might have otherwise accounted for an accidental or automatic mirror, but instead seems to be using "round-robin DNS" resolution targeted at definitive IP addresses chosen by the organization. This method is used on WikiLeaks.org, and WarLogs.wikileaks.org gives you a random IP from France, Ireland, or the US.
As recently as October 10, NetCraft records showed PRQ as WikiLeaks' hosting providers. But now, the only providers returned by the research outfit are Amazon and Octopuce. ®
Sponsored: Ransomware has gone nuclear