WikiLeaks began its release of more than 250,000 diplomatic documents, its domain name service (DNS) provider pulled the plug on its long-time name, WikiLeaks.org. Two days later, the name was re-registered and the other day it was set to redirect users to another site - mirror.wikileaks.info - which hosts an old version of the WikiLeaks homepage. It's unclear, however, exactly who's behind it and one Internet security site is saying that the site exists in "a very dangerous 'neighborhood'" of the Internet and is warning people not to visit it.Shortly after
We have to wonder, though: Does guilt by association warrant a warning against the site? And does WikiLeaks have anything to do with it?
According to Internet-security website SpamHaus, "This new web site is hosted in a very dangerous 'neighborhood', Webalta's 188.8.131.52/19 IP address space, a 'blackhat' network which Spamhaus believes caters primarily to, or is under the control of, Russian cybercriminals."
WikiLeaks Coverage From ReadWriteWeb:
- Wikileaks Lets Loose "Global Intelligence Files" from Stratfor Emails
- WikiLeaks May Move Servers to International Waters to Avoid Shutdown
- One Year After Cablegate Began, WikiLeaks' Operations Still Handicapped
- Twitter, WikiLeaks and the Troubling New Implications For Online Privacy
- Having Ended the Iraq War, Wikileaks Runs Out of Money
- Did Google Hand a Wikileaks Volunteer's Gmail Data to the U.S. Government? [Updated]
- Weekly Wrap-up: Wikileaks, Google Plus, Facebook and More...
- Wikileaks Takes Down the Head of Al Jazeera
"We find it very disturbing that Spamhaus labels a site as dangerous without even checking if there is any malware on it. We monitor the wikileaks.info site and we can guarantee that there is no malware on it. We do not know who else is hosted with Heihachi Ltd and it is none of our business. They provide reliable hosting to us. That's it."
We reached out to WikiLeaks via Twitter and received an email shortly after from someone claiming to be an editor with WikiLeaks and the owner of wikileaks.info. While we can't confirm their affiliation with WikiLeaks itself, they do appear to be behind the website wikiLeaks.info, which wikileaks.org now redirects to. According to this person, who asked to remain anonymous, they have no control over the wikileaks.org domain name, which was redirected to mirror.wikileaks.info without their knowledge.
"With a million page hits a day, my server stopped working," they wrote, "So in an emergency move, I set up Hosting in Russia to cope with the load."
Our source also told us that they were "only in loose contact" with the wikileaks.org owner and that "it is not Assange."
As SpamHaus notes, the website on mirror.wikileaks.info appears to be an outdated version of the WikiLeaks homepage. We asked why this was and were told that "The mirror is a static copy of the old leaks, like a snapshot of the old pages" and that the site doesn't have a current mirror "because 2,000 other mirrors do. They are safe enough."
While this still seems odd to us (the process for setting up a mirror of the current WikiLeaks website is clearly explained), there is no immediate evidence that wikileaks.info is serving malware, as suggested by Spamhaus. Guilt by association seems like a minimal amount of evidence for such a strong warning against visiting the out-of-date WikiLeaks mirror. Spamhaus also points out that "there has been no press release about this by Wikileaks and none of the official Wikileaks mirrors sites even recognise the wikileaks.info mirror." According to our source, wikileaks.info is not listed on the official list of mirrors because it does not host the current releases.
So, is this the work of Russian cybercriminals looking to infect your machine with malware? Or was one WikiLeaks mirror turned into a hapless victim of chance and a million daily pageviews? Right now we're likely to side with the latter. As we've spoken with our source, links to WikiLeak's donation page, among others, have been fixed, so traffic reaching mirror.wikileaks.info is only a short step away from WikiLeaks official site. Why the mirror doesn't provide a current version, we still haven't received an answer we fully accept, but right now it looks like a "no harm, no foul" sort of situation.
What do you think? Is this the work of some nefarious Web underworld? Or has chance brought one WikiLeaks editor and their website into the limelight?