Government uses private enterprise to stifle Wikileaks support

I decided to answer a call to be a mirror for Wikileaks since they were under attack by a host of pro-government zealots attempting to stifle the dissemination of material released which was critical of US Government actions abroad. The opportunity came by way of Cryptome.org Click here to assist with the mirroring efforts. MIRROR SUPPORT. The mirror can be found at http://www.markmccoy.org

After signing up to be a mirror, I was contacted by one of my hosting providers, siteground.com.  Their email alluded to my system having possibly been compromised or my site hosting some sort of virus or malware. I’m certain the admin who uploaded the files did not plant any such files, but I took reasonable measures to secure my network and remove the files per Siteground’s instructions. However, when pressed as to what the exact “violation” of their Terms of Service (TOS) or Acceptable Use Policy (AUP), they did not reply.

It appears as though the pressure was put on Siteground by their upstream provider Softlayer. I don’t know much about that company, but apparently it is “their” TOS or AUP which was violated by hosting the Wikileaks files, even though there was no specific violation mentioned.

I have been in contact with Siteground about the matter, and they too have avoided answering a direct question as to what specifically constituted the violation. I have attached the ticket between myself and Siteground to show how the issue is avoided and the only objective was to have the offending files removed. I have the entire site backed up as well as the “Insurance” file from Wikileaks which will be released if Assagne is jailed. These files have been distributed to over 100 people with access to servers on which to host the material if need-be.

I fully support Wikileaks efforts to shine the light upon the corrupt and violent US Government as evidenced by their actions abroad and at home which cost lives and oppress liberty. If the US Government is concerned about consequences arising from Assagne’s release of the Government’s own material then maybe the government should think twice about what it does. Anyone identified in the information should be responsible for their actions. Whatever happens to them as a result is just too bad, but they chose to act in whatever manner.

The list of mirrors is growing and the spread of information proliferating around the globe. In the mean-time, companies will succumb to strong-arm pressure from government to stifle opinions and speech under the guise of violating non-existent laws or policy. This is desperation and intimidation. I will update this post should the “Abuse Department” provide an actual explanation.

12/14/10 – I sent an email to the abuse and legal department at Softlayer requesting a reply to this issue. The content of that email is below this thread with Siteground.

ID: 5429947458966 Domain: markmccoy.org
Issue Date: 2010-12-11 12:30am

Subject: Illegal activity through your website detected
Description:

Dear Mark,

SiteGround has received a complaint from its upstream provider – SoftLayer, that some illegal activity has been performed through your website.

The infringing material is located at:

http://markmccoy.org/public_html/

You can find the complaint we have received at the bottom of this message.

Due to the fact that this activity severely violates SiteGround’s Terms of Use and Acceptable Use Policy, we were forced to suspend your account in order to prevent any further issues caused by the illegal activity.

We are very much aware of the inconvenience this issue may cause you, so we would like to take a moment and explain the reasons for our actions: as you know, your account is hosted on a shared hosting server and thus sharing the resources of the server with other customers’ accounts. When some illegal activity performed through a shared hosting account is detected, we must take immediate actions to stop that activity, otherwise we risk having the whole server unplugged. And we cannot allow the entire hosting server with hundreds of accounts on it to be unplugged because of one single account.

This is why the above explained precaution was absolutely necessary.

We believe the illegal activity through your account is a result of vulnerable software on your local computer. For relevant information about similar problems please read this article

http://news.cnet.com/8301-1009_3-10251779-83.html.

In order to continue using your account with us you have to:

– Update your antivirus software and perform a complete scan on your computer. For extra security we can disable your ftp access if you don’t use it.

Upon completion of the above you will have to contact us to re-activate your account. Then you will have to:

– Change your cPanel password which is also your main FTP password. This can be done from your Customer’s area, My accounts

– Delete all files / folders mentioned as infringing above. This can be done through your cPanel, File Manager. We can also do it for you.

Once we confirm all steps are followed properly, we can consider this case resolved.

If you fail to complete any of the above steps your account will remain suspended and deleted after 30 calendar days.

Please make sure you keep your local PC always safe with an updated antivirus software. Otherwise, if this issue happens again we will have no option but to terminate your contract and delete your content. For more information please check our Terms of Use.

Thank you for your understanding and cooperation.

Regards,

SiteGround.com

— EMAIL COMPLAINT COPY STARTS HERE —

SoftLayer Security has identified the following TOS/AUP VIOLATION in reference to an IP hosted on your server. A description of the violation is listed below or attached to this ticket for your review. Please disable or remove this activity immediately as it is direct abuse of the network services and a violation of your TOS and AUP. Failure to resolve this issue in an expeditious manner could lead to service interruption for this server. Please update this ticket with resolution to this issue. We thank you in advance for your quick action and cooperation.

We require a resolution to this matter within 4 hours.

markmccoy.org 174.133.191.12

— EMAIL COMPLAINT COPY ENDS HERE —

——————————————–

Replies: 2010-12-12 07:35am

Hello,

I’m still unsure what caused this issue. My local machine(s) have been scanned with Norton 360, Microsoft Security Essentials, Avira Antivirus, and Malware Bites. The systems show clean across the board.

Is it possible my account was compromised?

I tried to change the password on the cpanel and delete the offending files, but I can’t access that section. All links are grayed out.

Please disable FTP access to the site for now and either provide the necessary access so I can change passwords and delete files, or you can delete the files for me.

Do you have logs of access to the system? I have not logged in for some time and maybe the logs can identify the IP address of whoever put that file on the server.

For the record, the IP address of my local network is most likely NOT the culprit.

I want to get this resolved ASAP and any assistance is greatly appreciated.

Thank you.

Mark McCoy

——————————————–

2010-12-12 08:11am

Hello Mark,

Thank you for your cooperation on the matter.

It seems that your account was hacked via the FTP service and infringing materials were uploaded on it.

Here is what we have found in our FTP logs:


Dec 8 23:13:11 serv01 pure-ftpd: (wikileaks@markmccoy.org@90.35.159.109) [NOTICE] /home/markmcco/public_html//public_html/cable/2009/12/09STATE132349.html uploaded (37748 bytes, 38.10KB/sec)
Dec 8 23:13:12 serv01 pure-ftpd: (wikileaks@markmccoy.org@90.35.159.109) [NOTICE] /home/markmcco/public_html//public_html/cable/2009/12/09TALLINN373.html uploaded (37955 bytes, 39.63KB/sec)
Dec 8 23:13:14 serv01 pure-ftpd: (wikileaks@markmccoy.org@90.35.159.109) [NOTICE] /home/markmcco/public_html//public_html/cable/2009/12/09TELAVIV2757.html uploaded (61160 bytes, 45.76KB/sec)
Dec 8 23:13:16 serv01 pure-ftpd: (wikileaks@markmccoy.org@90.35.159.109) [NOTICE] /home/markmcco/public_html//public_html/cable/2009/12/09TELAVIV2777.html uploaded (49376 bytes, 45.93KB/sec)
Dec 8 23:13:18 serv01 pure-ftpd: (wikileaks@markmccoy.org@90.35.159.109) [NOTICE] /home/markmcco/public_html//public_html/cable/2009/12/09TRIPOLI1025.html uploaded (38152 bytes, 38.70KB/sec)
Dec 8 23:13:19 serv01 pure-ftpd: (wikileaks@markmccoy.org@90.35.159.109) [NOTICE] /home/markmcco/public_html//public_html/cable/2009/12/09TRIPOLI943.html uploaded (39019 bytes, 40.85KB/sec)
Dec 8 23:13:21 serv01 pure-ftpd: (wikileaks@markmccoy.org@90.35.159.109) [NOTICE] /home/markmcco/public_html//public_html/cable/2009/12/09TRIPOLI950.html uploaded (42321 bytes, 44.98KB/sec)
Dec 8 23:13:23 serv01 pure-ftpd: (wikileaks@markmccoy.org@90.35.159.109) [NOTICE] /home/markmcco/public_html//public_html/cable/2009/12/09UNVIEVIENNA540.html uploaded (57586 bytes, 48.53KB/sec)
Dec 8 23:13:25 serv01 pure-ftpd: (wikileaks@markmccoy.org@90.35.159.109) [NOTICE] /home/markmcco/public_html//public_html/cable/2009/12/09UNVIEVIENNA553.html uploaded (52759 bytes, 48.55KB/sec)
Dec 8 23:13:26 serv01 pure-ftpd: (wikileaks@markmccoy.org@90.35.159.109) [NOTICE] /home/markmcco/public_html//public_html/cable/2009/12/09USNATO588.html uploaded (37588 bytes, 39.86KB/sec)
Dec 8 23:13:28 serv01 pure-ftpd: (wikileaks@markmccoy.org@90.35.159.109) [NOTICE] /home/markmcco/public_html//public_html/cable/2009/12/09WARSAW1228.html uploaded (38057 bytes, 39.14KB/sec)
Dec 8 23:13:43 serv01 pure-ftpd: (wikileaks@markmccoy.org@90.35.159.109) [INFO] Logout.

Please remove all of the files in the folder:

http://markmccoy.org/public_html/

Also you will have to:

* Inspect and remove all malicious files and code from your account;
* Perform a full antivirus scan of your PC and of the files currently uploaded on your account and provide us with the results;
* Upgrade all of your applications, plugins, modules, etc. to the latest stable versions;
* Remove any modules, applications, plugins, etc. which you are not using;
* Change all of your administrative passwords(FTP/cPanel, application’s,etc.);

I have allowed full access from your IP address only so now you can work on your site without any issues.

When all above steps are completed, please reply to this ticket so we can proceed with the case. Thank you!

Looking forward to your reply.

Best Regards,

Technical Support Team
SiteGround.com

——————————————–

2010-12-12 09:00am

Please assist:

The complaining party, Softlayer Security, does not quote any TOS or AUP violation in the below complaint. Can you tell me exactly what it is that caused the violation? I was under the impression there may have been a virus or malware or other exploit on the site, but all I see are html files and javascript. Before I delete the “evidence”, can you tell me what the exact violation is?

Thanks.

Mark McCoy

The complaint which was received was:

— EMAIL COMPLAINT COPY STARTS HERE —

SoftLayer Security has identified the following TOS/AUP VIOLATION in reference to an IP hosted on your server. A description of the violation is listed below or attached to this ticket for your review. Please disable or remove this activity immediately as it is direct abuse of the network services and a violation of your TOS and AUP. Failure to resolve this issue in an expeditious manner could lead to service interruption for this server. Please update this ticket with resolution to this issue. We thank you in advance for your quick action and cooperation.

We require a resolution to this matter within 4 hours.

markmccoy.org 174.133.191.12

— EMAIL COMPLAINT COPY ENDS HERE —

——————————————–

2010-12-12 09:21am

Hello,

Thank you for the update.

Infringing materials were uploaded on your account. This is called phishing, you can learn more about this here:

http://en.wikipedia.org/wiki/Phishing

It seems that your website was hacked and such materials were uploaded in the folder:

http://markmccoy.org/public_html/

Now you have to:

* Remove the materials;
* Clear and secure your account and computer;

Please use the instructions in the initial post and the guidelines in my last reply.

When you are ready, please reply to this ticket so we could proceed with the case.

Thank you!

Looking forward to your reply.

Best Regards,

Technical Support Team
SiteGround.com

——————————————–

2010-12-12 10:15am

Hello,

I have scanned my systems again. All are clear and have been clear.
I have removed ALL files from public_html.
I have changed ALL of my passwords.

Question:

If this was done by one of my admins, as I suspect, and my account was NOT hacked, is this in retaliation to the information related to Wikileaks? If so, how does that information constitute a violation of TOS of AUP, specifically?

If I am to fire or discharge one of my admins I am going to need documentation of a violation because I can almost guarantee he will come back to me with a demand for proof before I terminate an employment contract. I could face potential legal trouble for unjust termination of an employment agreement if he was the one who uploaded the material, as I expect.

Our systems were not compromised and the account was not hacked. Therefore, if this is a reaction to information related to Wikileaks, please tell me where the violation can be found in the TOS or AUP so I can take appropriate action with this admin.

Please restore all account privileges in the mean-time as I have complied with all requests related to this ticket and this admin’s account is no longer active due to the password change.

Thank you.

Mark McCoy

——————————————–

2010-12-12 10:27am

Hello Mark,

Thank you for the update.

Due to the nature of the problem I will forward this ticket to our Abuse Department.

They will check the case and further assist you as soon as possible. Please wait for their reply.

Thank you for your patience in advance!

Best Regards,

Technical Support Team
SiteGround.com

——————————————–

2010-12-13 07:09am

Hello,

Please excuse me for the delayed reply.

It seems you have removed the materials in question so I have reactivated your account. Please note that since this came from our data center we have been forced to comply within 4 hours otherwise we risked to have the entire server unplugged, then not only your account but all the accounts hosted on the server would be affected. As you can see from the logs provided above this has been uploaded intentionally via ftp, you should know who has login credentials for your account in your company.

More about our upstream provider’s TOS you can find on the link below:

http://www.softlayer.com/

Thank you for your understanding and cooperation.

Should you have any additional questions please do not hesitate to contact us.

Best Regards,

Abuse Department
SiteGround.com

——————————————–

2010-12-13 09:08am

Since my original question was not answered as to what specifically constituted the “violation” and alleged that my system was somehow compromised, let me force the issue this way. If I were to put the files back on the server, with no virus, security compromise, or otherwise, would I be in violation of any TOS or AUP, and if so, what specifically?

I do not believe my original question was adequately addressed. I was led to believe that one of my admins did something improper and now I have to take action. If there was NO violation, then there should be no problem putting the files back. Correct?

So, in order to get some kind of answer, let’s say I put the files back on the server. Is there a violation? Will you again, suspend the account? Where in the TOS or AUP can I investigate this issue to determine what will constitute a breach of the TOS or AUP?

If there is NO articulable violation pursuant to those policies, then the presumption is that I may have the files on the server, correct? If you cannot provide me guidance on this then you likewise cannot justify another suspension, correct?

So, can I put the files back on the server and if not, why not?

Sincerely,

Mark McCoy

——————————————–

2010-12-13 12:04pm

Hello Mark,

I will escalate this ticket to the attention of our Abuse Department. Please allow them up to one business day to review the case and reply to you.

Thank you again for your patience.

Best Regards,

Senior Support Team

——————————————–

2010-12-14 02:29am

Hello,

We received the following from our data center and this has been already provided to you:

SoftLayer Security has identified the following TOS/AUP VIOLATION in reference to an IP hosted on your server. A description of the violation is listed below or attached to this ticket for your review. Please disable or remove this activity immediately as it is direct abuse of the network services and a violation of your TOS and AUP. Failure to resolve this issue in an expeditious manner could lead to service interruption for this server. Please update this ticket with resolution to this issue. We thank you in advance for your quick action and cooperation.

We require a resolution to this matter within 4 hours.

markmccoy.org 174.133.191.12

We had no further explanation but we know for sure that we had to comply, I cannot provide you with more details and yes you can put your files back [Emphasis Mine] but if we receive second similar complaint your account will be permanently suspended.

I consider this case as closed now.

Thank you for your understanding and cooperation.

Best Regards,

Abuse Department
SiteGround.com

——————————————–

Email to Softlayer:

I have received notice from my provider, Siteground, that I was in violation of their TOS/AUP. When pressed, they admitted that it was your TOS/AUP which had been violated. I have been attempting to determine the exact cause of the violation, but they are unable to answer my request. Therefore, I am asking Softlayer what caused the alleged violation of your TOS/AUP?

Siteground has indicated that the files may be placed back on the site, but any further complaints will result in a permanent suspension of my hosting services. This would indicate an unwritten and capricious policy subject to the whim of anyone who may take exception to certain material. This began as an accusation that my system was compromised or otherwise infected with malware or virus’. Since that is not the case, and most likely a ruse to gain my compliance, I am directing my inquiry to you, since it is Softlayer that is making these allegations towards Siteground in attempts to suspend my account or force removal of what I now believe is material that is not illegal, but personally objectionable to someone with your company.

Given that the files were not placed on the server by me, but by an admin who felt it proper to offer such content, I will stand by his actions unless a specific violation can be found in your current TOS/AUP. Siteground resorted to hyperbole and alarmist presentation of the suspension which turned up no violation found in either their TOS/AUP or yours.

The thread of the support ticket is included for your review. Siteground has indicated that they will permanently suspend my account if they receive another complaint, although they cannot say the material cannot be posted. I would like a response based on in-place, established policies pursuant to your TOS/AUP regarding the publishing of the referenced material. If need-be, I will upload the previously offending material, after having been scanned for malicious code, and press my rights through civil litigation for breach of contract. This email is being sent in good-faith so as to identify and resolve any possible violations before pursuing such remedy. Silence is acquiescence. Should I not receive a reply within 24 hours, I will assume no violation of any TOS/AUP related to the original content hosted at Siteground, and therefore, an approval by Siteground and Softlayer to publish said material.

Thank you for your time and prompt response. The thread between myself and Siteground follows:

——————————————–

12/23/10

After having given more than enough time for Siteground and Softlayer to respond to my previous email I have decided to re-publish the site. I have reviewed the pertinent TOS and AUP and find NOTHING that would constitute a breach by way of this information being hosted on my account. I don’t know if Siteground or Softlayer wants a lawsuit for breach of contract, but if they suspend my account without cause it will cost them more to defend the suit than what the hosting account is worth. I was sure to back up all of my files before Siteground attempts to suspend my account again, but I have the email from them which specifically states it is not prohibited to put the files back on the server. I guess we will see………….

Advertisements

5 thoughts on “Government uses private enterprise to stifle Wikileaks support

  1. […] user, Mark McCoy, a self-professed anarchist, posted on his blog the entire e-mail thread between him, SiteGround, […]

  2. Mark McCoy says:

    Dear Siteground and Softlayer….

    If you choose to suspend this account then you will be in violation of your own TOS/AUP for unjust termination. This will constitute a breach of contract which will subject you to actual, as well as punitive damages, plus the cost of the suit. I am also notifying the ACLU in case you would prefer more exposure than you would otherwise prefer.

    Before taking ANY action in regards to this matter, please provide the pertinent provisions of your policies or refund in-full all fees paid on this account.

  3. Marc MkKoy says:

    Dear Siteground and Softlayer….

    If you choose to suspend this account then you will be in violation of your own TOS/AUP for unjust termination. This will constitute a breach of contract which will subject you to actual, as well as punitive damages, plus the cost of the suit. I am also notifying the ACLU in case you would prefer more exposure than you would otherwise prefer.

    Before taking ANY action in regards to this matter, please provide the pertinent provisions of your policies or refund in-full all fees paid on this account.

  4. […] user, Mark McCoy, a self-professed anarchist, posted on his blog the entire email thread between SiteGround, SoftLayer and himself. SiteGround initially informed […]

  5. […] explains that shortly after signing up to be a WikiLeaks mirror, he was contacted by the hosting provider, […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: