WikiLeaks appears to be quickly taking steps to reduce its reliance on Internet infrastructure in the U.S. as it battles to keep secret diplomatic cables online while its new French hosting provider is seeking court protection.
Early on Friday, WikiLeaks began using a new domain name, WikiLeaks.ch, which is owned by The Pirate Party Switzerland, a group that is apparently sympathetic to the controversial website.
Since it began posting classified U.S. diplomatic cables, WikiLeaks has come under consistent denial-of-service attacks that have aimed to shut down the release of the documents.
It has also faced problems with its hosting providers. The site briefly used Amazon.com's hosted Web Services, which caused U.S. Senator Joe Lieberman, a Connecticut Independent, to criticize the company. Amazon cut WikiLeaks, denying that it did so under political pressure and saying instead that the site violates its terms of service. After Amazon, Bahnhof Internet AB in Uppsala, Sweden, hosted WikiLeaks.
Amid the hosting problems, WikiLeaks was abandoned by its DNS (Domain Name System) provider on Thursday due to sustained attacks. One of its domain names, WikiLeaks.org, no longer works after a subsidiary of Dynamic Network Services called EveryDNS.net terminated that DNS.
EveryDNS.net said the attacks were threatening the reliability of its infrastructure, which is used for 500,000 other websites.
But WikiLeaks is remaining on the run in what appears to be a fast-moving, constantly shifting effort to keep online.
As of Friday, WikiLeaks.ch resolved to an IP (Internet protocol) address, (http://18.104.22.168) that then redirects to an IP address in France, (http://22.214.171.124), said Paul Mutton, a security analyst with Netcraft.
The latter address is allocated to the French hosting provider OVH. The company has delegated a block of 16 IP addresses to WikiLeaks, "which suggests more than a temporary relationship between the two organisations," Mutton wrote on Netcraft's blog.
OVH's CEO, Octave Klaba, wrote on Friday in an e-mail to the company's customers that WikiLeaks has been hosted on its infrastructure since early Thursday. A person ordered a dedicated server and "protection against attack," paying less than €150 (US$198) on a credit card, Klaba wrote.
The order was made through OVH's automated systems. The company found out that WikiLeaks was hosted on its infrastructure on Thursday "from the press," Klaba wrote. OVH is neither for or against WikiLeaks, he wrote, and will fulfill its contract with the customer.
"He is hosting WikiLeaks," Klaba wrote. "Legally speaking, OVH is not the host of this site. OVH is simply the provider of the service the customer ordered. In short, the story is banal."
Nonetheless, Klaba complained about political pressure to shut the site down, and has asked the courts for an urgent declaratory ruling on its legality. The ruling should be released Friday or Saturday, he wrote. France's Minister of Industry Eric Besson has reportedly asked advisers to find a way to have the site removed from French territory.
In an interview, Mutton said that having 16 IP addresses on OVH's network would make WikiLeaks more resilient to an attack, as WikiLeaks can change which of those IP addresses WikiLeaks.ch redirects to.
"It gives them flexibility to hop around IP addresses instantly," Mutton said.
WikiLeaks is also using a nameserver called "ns.WikiLeaks.ch." But despite EveryDNS.net's actions on Friday, it appears the nameserver is using services from that company.
"I think it's curious that they have chosen to use EveryDNS again, given that EveryDNS terminated DNS services for their other domain, WikiLeaks.org, earlier this morning," Mutton said.
Nonetheless, the changes make it appear that WikiLeaks want to ensure their infrastructure is not reliant on servers in the U.S. or on services provided by U.S. companies, Mutton said.
"WikiLeaks.ch will be hard for the U.S. government to influence," Mutton said.