WikiLeaks Censorship 'Virtually Impossible' Researcher Says
The United States government may have succeeded in pressuring companies such as PayPal, MasterCard and Amazon to cut off services to WikiLeaks, but it will be impossible to censor -- or even slow -- the spread of controversial information, a top security researcher says.
If you want to censor something, let's say a book, what you need to do is get every single copy of that book and burn it. If you want to shut WikiLeaks down, you have to destroy every single copy of the website and all the contents of the website, and that's virtually impossible, said Nicolas Christin, associate director for the Information Networking Institute (INI), and a professor at CyLab, Carnegie Mellon University's cybersecurity education and research center.
This morning (Dec. 8), a group of hacktivists launched "Operation: Payback" -- a distributed denial-of-service (DDoS) campaign against the websites of MasterCard and Visa over their recent decisions to refuse to process donations to WikiLeaks.
These attacks came less than a week after PayPal, under pressure from the U.S. State Department, banned WikiLeaks' account, according to a TechCrunch report, and after the government persuaded Amazon to stop hosting the site on its servers.
(DDoS attacks are carried out when remote computers overwhelm a site with data, making it unavailable to visitors.)
A Twitter post early this morning (Dec. 8) from the account Anon_Operation read: WE ARE GLAD TO TELL YOU THAT http://www.mastercard.com/ is DOWN AND IT'S CONFIRMED! #ddos #wikileaks Operating: Payback(is a bitch!) #PAYBACK.
Since WikiLeaks released 250,000 embassy cables on Nov. 28, several sites, including the Swiss Bank Post Finance, Twitter, and WikiLeaks itself, have been victims of DDoS attacks. But the MasterCard attack, done in retaliation for the government's intervention into PayPal and Amazon and possibly into MasterCard, though it's not clear yet appears to be the troubling beginning of a controversial and futile attempt at Internet censorship.
The slippery slope of censorship
For example, torrent sites are already being used to disseminate hundreds of thousands of copies of the WikiLeaks documents, even as they are facing heat from the government .
Christin expounded on the censorship issue, using what he called an absolute worst-case scenario that illuminates how difficult stopping the spread of information is.
"Censorship efforts on the Internet are bound to fail, he told SecurityNewsDaily. No matter what the U.S. government does, it's going to be very hard to stop [WikiLeaks]. Let's say the government gives an order to the CIA to shoot anybody hosting a copy of the leaked documents. Even that wouldn't completely solve the problem because they couldn't go after everyone. It's a slippery slope.
As soon as information is released into cyberspace, especially documents as controversial and sought after as the classified cables, they are impossible to retrieve, Christin said. This is why government censorship efforts are ultimately useless.
"In the security world we call it the 'barn door' property, he told SecurityNewsDaily. When you open the door to the barn and the horse gets out, he's gone. It's the same thing with secrets, once they're revealed, they're not a secret anymore. You can do some damage control and try to limit how fast the information is traveling, but it's a done deal.
He added, "As long as there's one computer in the world that can hold that site, it will be up."
Going after the bad guys
Another strike against the government in its attempts to shut down WikiLeaks, or at least slow the spread of documents, is the anonymity of the digital protesters.
Speaking about the MasterCard DDoS, Christin told SecurityNewsDaily, I'm pretty sure you're going to see some people in Congress saying we need to punish them, but it's not that simple. Technologically it's very hard to trace these attacks, and it's virtually impossible to prove who's doing this.
Christin said any government organization that seeks punishment for those behind what he called the civil disobedience act of flooding MasterCard with requests until it became inoperable will be met with more frustration.
Even if you manage to catch someone, you're dealing with an extremely complex, completely murky problem of international law, he said.
And if caught, the punishment is almost embarrassingly minimal.
Christin cited the case of Dmitri Galushkevich, a 20-year-old Russian man who unleashed massive DDoS attacks in Estonia in May 2007. The Estonian government caught Galushkevich and fined him roughly $1,620, according to a Science Channel report.
Unfortunately for those who'd like to keep WikiLeaks and future controversial websites from running, Christin said the immediacy and far-reaching tentacles of the modern Internet make censorship a losing battle.
The content is out there, and you can't get it back, he said. That's the world we live in and there's very little we can do about it.