nito - stock.adobe.com

WikiLeaks goes public with alleged list of AWS datacentre locations and code names

Whistle-blowing website claims to have obtained a confidential document detailing code names, locations and operational details of Amazon’s datacentre portfolio

WikiLeaks has published details of the alleged location and code names of more than 100 Amazon Web Services (AWS) datacentres, as the cloud giant prepares to bid for a sizeable cloud deal with the US Department of Defense.

The whistle-blowing website claims to have obtained a “highly confidential” internal AWS document, dating back to late 2015, detailing the addresses, phone numbers and some operational details of the facilities, which are dotted across 15 cities and nine countries.

For instance, the 20-page document features reminders about San Francisco’s tax laws that AWS employees must factor in when procuring datacentre hardware, as well as instructions on how to ship kit to certain geographical locations.

WikiLeaks also claims that the document details the code names of some of the facilities, as well as the alternative subsidiaries under which many of them are operated, as part of Amazon’s wider efforts to keep the location and scale of its datacentre footprint under wraps.

The organisation has also tried to gamify the information by creating an online game called The Quest of Random Clues to “encourage people to research these datacentres in a fun and intriguing way”, while highlighting Amazon’s “complex corporate structures and the physicality of the cloud”, WikiLeaks’ statement adds.

At the time of writing, the veracity of the document is still in question, and AWS has yet to respond to Computer Weekly’s request for comment and clarification about the information WikiLeaks claims to hold.

The emergence of the document, dubbed the “Amazon Atlas” by WikiLeaks, coincides with the bid submission deadline for a contentious public sector cloud deal in the US involving the US Department of Defense (DoD).

The 10-year Joint Enterprise Defense Infrastructure (JEDI) deal is valued at $10bn, and is aimed at helping the DoD unify its IT infrastructure through the use of public cloud services. The deadline for submitting bids is today (12 October).  

The WikiLeaks statement makes a brief reference to the DoD contract, for which Amazon is known to be in competition with Oracle and IBM, as well as the company’s existing commercial ties to the US intelligence community.

Read more about AWS

As for why the website has published this information now, a WikiLeaks statement suggests that the disclosure is simply a continuation of the site’s anti-secrecy agenda.

“Until now, this cloud infrastructure controlled by Amazon was largely hidden, with only the general geographic regions of the datacentres publicised,” the WikiLeaks statement read.

“While Amazon’s cloud is comprised of physical locations, indications of the existence of these places are primarily buried in government records or made visible only when cloud infrastructure fails due to natural disasters or other problems in the physical world.”

AWS and WikiLeaks have something of a chequered history, as the latter previously relied on Amazon’s cloud services to host its website and documents until 2010, when Amazon pulled the plug on the engagement.

In a statement at the time, AWS said WikiLeaks had violated its terms of service on several fronts, including publishing content that did not belong to it.

“We’ve been running AWS for over four years and have hundreds of thousands of customers storing all kinds of data on AWS,” the statement read. “Some of this data is controversial, and that’s perfectly fine.

“But when companies or people go about securing and storing large quantities of data that isn’t rightfully theirs, and publishing this data without ensuring it won’t injure others, it’s a violation of our terms of service, and folks need to go operate elsewhere.”

Read more on Infrastructure-as-a-Service (IaaS)