Supporters of WikiLeaks attacked the Visa and MasterCard Web sites on Wednesday after the bank card networks cut off donation transactions to the controversial online anti-secrecy organization that recently disclosed hundreds of thousands of classified U.S. State Department cables.
The attacks, which slowed down the networks’ Web sites or made them unresponsive, were unprecedented events that dragged electronic-payment providers into an international political controversy. They followed cyber-attacks last weekend on PayPal Inc., the first processor to restrict WikiLeaks donations.
Spokespersons for both Visa Inc. and MasterCard Inc. say their transaction networks had not been hacked and were functioning normally. The story was different for their public-facing Internet sites. Efforts by Digital Transactions News early Wednesday to load various MasterCard Web pages failed. “MasterCard has made significant progress in restoring full service to its corporate Web site,” a spokesperson said late Wednesday afternoon by e-mail. “Our core processing capabilities have not been compromised and cardholder account data has not been placed at risk. While we have seen limited interruption in some Web-based services, cardholders can continue to use their cards for secure transactions globally.”
Avivah Litan, an analyst at Gartner Inc. who tracks payment card security and technology, says she heard the attackers were going after the networks’ online authentication services, MasterCard SecureCode and Verified by Visa. The MasterCard spokesperson confirmed that, though he provided no details. “We did have issues with SecureCode and they have been resolved,” the spokesperson said.
Visa Inc. released this statement at about 5:30 p.m. Eastern time: “Visa’s processing network, which handles cardholder transactions, is functioning normally and cardholders can continue to use their cards as they routinely would. Account data is not at risk. Separately, Visa’s corporate Web site, Visa.com, is currently experiencing heavier than normal traffic. The company is taking steps to restore the site to full operations within the next few hours.”
The Associated Press reported that an Internet group called “Operation Payback” claimed via Twitter responsibility for both companies’ problems. Neither Visa nor MasterCard identified the sources of their slowdowns.
Litan tells Digital Transactions News that the attacks appeared to have been launched by “very sophisticated” groups. “It’s pretty highly organized cyber espionage,” she says. “The big question is, what’s next?” Some of WikiLeaks’ defenders have vowed to go after anyone who tries to restrict the dissemination site. ABC News reported Wednesday evening that London-based hackers launched a cyber attack on a Web site of 2008 Republican presidential candidate Sarah Palin, who has criticized WikiLeaks founder Julian Assange, and were even trying to disrupt her and her husband’s credit card accounts.
PayPal on Dec. 3 permanently restricted the account used by WikiLeaks fundraisers due to what the eBay Inc. subsidiary said was a violation of the company’s Acceptable Use Policy that bans use of PayPal for illegal activities. The restriction soon triggered an eight-hour denial-of-service assault on PayPal by a loose group of hackers called “Anonymous,” according to Forbes.com. The attack reportedly was aimed against The PayPal Blog, which disclosed the restrictions, but in an update, a PayPal spokesperson told Forbes the blog’s problems might have been internal though PayPal is still investigating. The spokesperson did tell Forbes that PayPal.com was attacked late Monday morning. Users may have experienced slowness but the attacks didn’t take the service off-line. A PayPal spokesperson did not respond to a Digital Transactions e-mail request for comment.
Late Wednesday, The PayPal Blog posted what it called a clarification of a statement a PayPal executive made about the issue at a conference in Paris, a statement the company said triggered media reports that “have created confusion” about PayPal’s restrictions on WikiLeaks’ fundraising. PayPal said it had restricted WikiLeaks in both 2008 and 2009 for reasons unrelated to the Acceptable Use Policy. PayPal lifted the restrictions both times after receiving what it said was “proper information” from the account holder.
The latest restriction, however, involved disclosure of classified documents that the State Department on Nov. 27 said was a violation of law, according to PayPal. “We understand that PayPal’s decision has become part of a broader story involving political, legal, and free-speech debates surrounding WikiLeaks’ activities,” the updated statement says. “None of these concerns factored into our decision. Our only consideration was whether or not the account associated with WikiLeaks violated our Acceptable Use Policy and regulations required of us as a global payment company.” PayPal will release all remaining funds in the account to the foundation raising funds for WikiLeaks.
British authorities arrested Assange Tuesday on Swedish charges of sexual assault. Press reports say American authorities may seek his extradition to the U.S.