Amazon Says Wikileaks Plug Pulled Over SLA Violation
Amazon says it halted operations of WikiLeaks servers in its EC2 cloud data center due to Wikileaks' breach of its service level agreement, including violations of the provision that it hold all rights to posted content.
Amazon Web Services, after a period of uncharacteristic silence, said it was not responding to government pressure or denial of service attacks when it halted operations of WikiLeaks servers in its EC2 data center.
Instead, it was merely enforcing the terms of a contract that apply to all its cloud customers who have a service level agreement. In a posting to its own message board, Amazon responded to reports that Sen. Joe Lieberman had inquired about AWS’ relationship to WikiLeaks and speculation that EC2 services had been impacted by denial of service attacks aimed at WikiLeaks.
"There have been reports that a government inquiry prompted us not to serve WikiLeaks any longer. That is inaccurate. There have also been reports that it was prompted by massive DDOS attacks. That too is inaccurate," said the blog posting, signed simply by "Amazon Web Services."
AWS officials have said in the past that they can defend against denial-of-service attacks. The unit’s post states that it detected the large-scale denial of service attacks against WikiLeaks and “successfully defended against them.”
AWS said its service level agreement with a customer includes terms for continued service that WikiLeaks was not following.
"There were several parts they were violating. For example, our terms of service state that you represent and warrant that you own or otherwise control all of the rights to the content… that use of the content you supply does not violate this policy and will not cause injury to any person or entity," the AWS blog states.
"It's clear that WikiLeaks doesn't own or otherwise control all the rights to this classified content. Further, it is not credible that the extraordinary volume of 250,000 classified documents that WikiLeaks is publishing could have been carefully redacted in such a way as to ensure that they weren’t putting innocent people in jeopardy," it said.
Human rights organizations intervened as WikiLeaks continued posting diplomatic documents to urge caution in releasing identities of human rights defenders who might be persecuted by their governments, the AWS statement noted.
So AWS has come with a simple rationale, citing a business agreement violation, for its shutdown of WikiLeaks servers.
Amazon has a strong record of transparency in operation, a stated goal of the way it plans to do business as a cloud service, but in this case the simple explanation took an uncharacteristically long time to arrive. It reported, for example, a Dec. 9 outage in one of its availability zones in its Northern Virginia data center 34 minutes after it happened, according to independent observers. About three days have elapsed between the WikiLeaks shutdown and the brief explanation.
The process leading up to the decision is also opaque. There is no specific reference to Sen. Joe Lieberman, whose inquiry is on the record, or any other governmental interventions, such as Homeland Security, which may not be. AWS claims the decision was entirely in its own hands.
As is typical, AWS doesn't say where it was hosting WikiLeaks. A cloud monitoring service, CloudSleuth, a unit of Compuware, said its monitoring of worldwide cloud service providers indicated a Nov. 29 spike in response times for its test application running in AWS’ Dublin, Ireland, data center, reflecting either a large scale increase in activity there or network traffic passing through Dublin at the time of heightened WikiLeaks activity. A hacker has since volunteered that he launched denial of service attacks in an attempt to shut down the Web site.
A CloudSleuth developer posted what it discovered in this blog on Thursday.
If you are an EC2 user, this incident seems to illustrate that AWS can protect you from denial of service attacks. At the same time, if it comes to AWS' attention that you are using stolen content or airing content with reckless disregard for individual safety, AWS doesn’t need to wait for the authorities or the legal system to act. It can do so on its own, based on its SLA.
On the other hand, if you want Amazon's decision-making process to be as transparent as possible, you’ll have to wait on that--or at least we did in this difficult case.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.