Mastercard Website Punished For WikiLeaks Ban

Mastercard was hit today by a series of focused distributed denial of service attacks, as the card issuer joined Visa and PayPal in suspending donations processing for the whistleblowing site WikiLeaks.

Visa and Mastercard suspended WikiLeaks processing earlier this week, following PayPal’s decision late last week. Mastercard said that it would take action against any organisation it believed to be involved in illegal activities “until the situation is resolved”.

Anonymous Denial Of Service Attacks

Mastercard and Visa have also come under pressure from DataCell, a cloud services data centre based in Iceland and Switzerland – which acts as a Wikileaks donations processing firm.

Andreas Fink, DataCell’s CEO, has published two impassioned blogs on the subject of the ban. Falling short of taking action himself, he said that both card issuers will have to be ready to take damage claims of “billions of Euros” and could lose “a big chunk of their business”.

The suspension of Visa and Mastercard payments to WikiLeaks is only expected to last for seven days, according to Fink, but may be extended while the companies do due diligence to see if they are breaking any laws. This is an inconvenience to DataCell, and Fink commented, “We strongly believe a world class company such as Visa should not get involved [in] politics and just simply do [the] business [that] they are good at. Transferring money.”

The DDoS attacks on Mastercard have been claimed by the same team of hackers, called the Anonymous Operation, who wage their own war on what they see as injustices, under the name of “Operation: Payback”. WikiLeaks is their current cause and both PayPal and PostFinance received lower-grade DDoS attacks from Anonymous earlier this week. Visa’s website is now braced for similar attention.

Mastercard Still Down

Mastercard said the attack on their www.mastercard.com site was unsuccessful but the site was unavailable this afternoon when eWEEK Europe tried to access it.

Claire Sellick, event director of the annual InfoSecurity Europe show, commented, “The fact that the massive Mastercard website, which is accessed on a regular basis from many countries around the world, has been downed by a DDoS attack from the 4chan-linked Anon Operation, shows the scale the hacktivists can now operate on.”

She admitted that a full-on attack is difficult to assuage but said that technologies such as hosting and route diversification can go a long away towards raising the bar against DDoS attacks. She pointed to WikiLeaks’ own actions to defeat the reciprocal attacks against its own servers by hosting its site on multiple sets of servers, with the peers positioned on  different Internet peering exchanges.