WikiLeaks – an IT perspective

There are a number of IT lessons to be learned: how vulnerable even large corporations are, as well as the speed with which online groups can react against business.

4Chan is an interesting community. The Guardian once summarised 4chan as “lunatic, juvenile… brilliant, ridiculous and alarming.” Started by a 15 year old in 2003 as an online board for discussing Japanese comics, it’s now a force in the hacktivist (hackers+activists) subculture.

The hack attacks are fairly simple – thousands of computers connect to a site and effectively overload it in a distributed Denial of Service attach (DDoS). Usually, the computers have been infected, and are taken over involuntarily for this purpose (a botnet).

What is different with WikiLeaks, is that hackers are voluntarily allowing their computers to become part of these botnets. They are signing up to attack the businesses that anger them, and the movement is fuelled by emotion, not legal outcomes.

WikiLeak’s founder Julian Assange is currently under arrest on rape charges. Character assassination news abounds – is he negotiating a big payoff from Bank of America to stay silent on the banking leaks? If Assange does prove to be morally dodgy, does that make WikiLeaks less material?

Do you remember Daniel Ellsberg, who released the Pentagon Papers in 1971? Ellsberg claims that EVERY attack being made on Assange and WikiLeaks was made against him at the time too.

Assange has a formidable fan group, however it all turns out. IT infrastructure arrangements are proving to be inadequate in the face of organized, angry, even-if-irrational, fans. The businesses under attack run major financial sites – if they can’t withstand an attack, is it likely that your web site is sufficiently secure?

If we learn anything from all of this, it should be to keep an open mind and a very closed firewall.