The Tech Herald

WikiLeaks mirrors taken down over questionable ToS violations (Update)

by Steve Ragan - Dec 23 2010, 18:57

Update:

SiteGround responded to our questions earlier this morning. In a statement, a spokesperson said that they acted on a notice from their datacenter’s legal department when suspending the sites in question. The full update is on the bottom of page two.

Original Article:

In at least three separate cases, sites hosting mirrors of diplomatic cables released by WikiLeaks have been taken down due to pressure from the hosting provider. The reason for the takedowns is said to be severe violations of the host’s Terms of Service (ToS), illegal activities, or the potential for DDoS attacks related to the mirror’s contents.

The host in question, SiteGround, appears to be suspending the WikiLeaks mirrors on behalf of its upstream provider SoftLayer. In all three cases, SoftLayer reported domains hosting mirrored Cablegate content as being in violation of the Acceptable Use Policy (AUP) and ToS. As a result, SiteGround suspended the accounts and gave mixed reasons for doing so.

The first example of a site being suspended comes from a blog post by the EFF’s Marcia Hofmann. The story starts with a letter sent from SiteGround to an unnamed customer, which informs them that SoftLayer has flagged the domain for AUP/ToS violations. When pressed, SiteGround told the customer that SoftLayer flagged the domain because it was hosting a mirror for WikiLeaks content.

“Finally, SiteGround told the user that SoftLayer wanted the mirror taken down because it was worried about the potential for distributed denial of service (DDOS) attacks. When the user pointed out that no attack had actually happened, and that this rationale could let the company use hypothetical future events to take down any site, SiteGround said that it was suspending the account because a future DDOS attack might violate its terms of use,” the EFF blog post explains.

Summing up her thoughts on the story, Hofmann commented that it was incredibly disappointing to see service providers cutting off customers “simply because they decide (or fear) that content is too volatile or unpopular to host.”

“This incident shows that censorship is a slippery slope. The first victim here was Wikileaks. Now it's a Wikileaks mirror. Will a news organization that posts cables and provides journalistic analysis be next?” she added. “Or a blogger who posts links to news articles describing the cables? If intermediaries are willing to use the potential for future DDOS attacks as a reason to cut off users, they can cut off anyone for anything.”

The story by the EFF is frustrating enough to some on its own, but when The Tech Herald went digging for a copy of the SiteGround letter, we discovered two more instances of forced takedowns. Moreover, the reasons listed for the account suspensions simply boggle the mind.

Note: We realize that one of the following sites could be the site referenced by the EFF. We covered it anyway, as the EFF didn't mention names in its accounting of the situation.

We’ll start with Mark McCoy, who wrote on his blog that he was doing his part by hosting a WikiLeaks mirror on markmccoy.org. On December 11, at 12:30 a.m. his mirror was taken down.

“SiteGround has received a complaint from its upstream provider – SoftLayer, that some illegal activity has been performed through your website,” the Suspension letter starts.

“Due to the fact that this activity severely violates SiteGround’s Terms of Use and Acceptable Use Policy, we were forced to suspend your account in order to prevent any further issues caused by the illegal activity.”

The letter goes on to explain that, because his domain is on a shared hosting server, it was suspended in order to prevent SoftLayer from pulling the plug, shutting down all of the sites hosted upon it.

It also explained that it felt his account was compromised due to a Malware infection on his computer, offering a link to CNET’s coverage on the Gumblar Worm for more information. To regain access, the letter requested that McCoy scan his computer with anti-Virus software, change his cPanel password, and delete all infringing files on the domain.

McCoy asked for logs of the unauthorized access, and SiteGround responded with Pure-FTPd logs clearly showing WikiLeaks uploading that day’s Cablegate releases. Additionally, it noted that the logs show his account was hacked and used to upload the infringing materials. At this stage, the infringing materials are the WikiLeaks cables.

Clearly not fooled by the explanation, McCoy responded with the following additional questions:

“Can you tell me exactly what it is that caused the violation? I was under the impression there may have been a virus or malware or other exploit on the site, but all I see are html files and JavaScript. Before I delete the ‘evidence’, can you tell me what the exact violation is?”

SiteGround responded by saying that “infringing materials” were uploaded to his account, and added additional information as to how that happened. “This is called phishing, you can learn more about this here,” they explained, offering a link to Wikipedia.

McCoy ended up removing his mirror after he failed to receive a clear reason for the AUP/ToS violation accusal. When he asked SiteGround and SoftLayer directly if the policy violations were related to the WikiLeaks material, they remained silent on the issue, aside from SiteGround reminding him they had to comply with the order from SoftLayer.

The final example of a mirror being forced offline by SiteGround and SoftLayer is wikileaks.lainconscienciadepablo.net. Pablo, @_pablog on Tiwtter, ended up pulling his entire domain, leaving in its place a message to his host about censorship.

“Yes, it's me! SoftLayer and SiteGround have tried to censor my WikiLeaks mirror. Don't worry, it will be back again soon,” the message read.

While not hosting a mirror himself, Pablo does link to a WikiLeaks page that lists more than 2,000 other mirrors. The letter sent to Pablo, a near perfect copy of the one sent to McCoy, is available online via Pastebin.

In the event that the letter is removed, we have archived a copy. For now, you can read it here.

We’ve also emailed SiteGround and SoftLayer and asked them whether they’re suspending domains simply because they host mirrored WikiLeaks content. If that is not the reason, we’ve asked them to explain exactly what aspects of the AUP and ToS are being violated by the three customers referenced in this article.

If they respond, we’ll update this story accordingly.

Update:

SiteGround responded to our questions earlier this morning. In a statement, a spokesperson said that they acted on a notice from their datacenter’s legal department when suspending the sites in question.

“As this is a shared server, we have to choose whether to close one site or several hundred others on that machine. That's not exactly a choice but a rather predefined course of action. Since we host more than 200,000 websites we receive a dozen of copyright complaints every day, most of which come through our upstream provider SoftLayer.”

“Among all the complaints we get, at first we didn't even realize that there's a complaint about a WikiLeaks mirror site. Even if we did though, SiteGround as an organization cannot act as a court and decide on which complaints are valid and which are not - we pass all along to the customer and request an immediate action from him - same thing as our providers expect from us,” the statement added.

“If the customer does not agree with what's inside the complaint, he can file a counter complaint and go to court to figure this out, but in any case we cannot decide or be held liable for our lack of desire to negatively impact the service we guarantee to several hundreds of users hosted on the same server.”

SiteGround’s spokesperson went on to explain that they are simply the intermediary under these circumstances, and that as a hosting provider who rents servers from SoftLayer, “we have to comply with their notices and legal requirements.”

“We assume SoftLayer has received a valid complaint from someone, as this has always been the case since working with them, but we have no information where it came from. All the information we have was provided in the ticket already.”

As a side note, in the conversation with McCoy, where it was suggested that Phishing was the reason for the uploaded content, the statement said that the administrator on duty who closed the website was misled by the text in the SoftLayer notice and wrongly assumed that McCoy was hacked, and had not uploaded the content on his own.

“…so he filed the action with a reason phishing/hacking without further investigation. After all, the complaint looked almost the same as most of the phishing complaints we are getting lately.”

SoftLayer has not responded to requests for comment.

Around the Web

Comment on this Story

comments powered by Disqus

From Autosaur.com

Lamborghini Islero Pictures

Pictures of the Lamborghini Islero. The Lamborghini Islero was produced for just one year from 1968 to 1969. Just 225 were made: 125 of the standard version and 100 of the updated S version. It replaced the Lamborghini 400GT. The original Lamborghini Islero had a 3929cc V12 engine producing 325bhp and could do 0-60mph (0-97kph) in 6.4 [...]

The post Lamborghini Islero Pictures appeared first on Autosaur.

Lamborghini Jarama Pictures

Pictures of the Lamborghini Jarama. The Lamborghini Jarama was built between 1970 and 1976. Just 328 were ever produced. It was essentially a redesigned Lamborghini Islero made to meet US auto regulations. The original GT model had a 350bhp V12 engine while the later GTS had a more powerful 365bhp version.

The post Lamborghini Jarama Pictures appeared first on Autosaur.

Lamborghini Diablo Pictures

Pictures of the Lamborghini Diablo. The Lamborghini Diablo was produced between 1990 and 2001, with 2884 being made in total. It’s name means ‘devil’ in Spanish. It was replaced by the Lamborghini Murcielago in 2001. There were several different models made, including the VT, Jota, SV, and VT between 1990-1998, and the SV, updated VTand [...]

The post Lamborghini Diablo Pictures appeared first on Autosaur.