DoS Attack Hit WikiLeaks Before Document Disclosure

WikiLeaks was hit with a denial-of-service attack as it prepared to publicise a trove of diplomatic documents.

The attack occurred on 28 November, striking the controversial site before it posted a collection of more than 250,000 US embassy cables online. The main WikiLeaks.org site appeared to bear the brunt of the attack, according to Paul Mutton of Netcraft, who added that the site suffered from “patchy or slow availability for several hours”.

Modest attack

“Twitter user th3j35t3r claimed to be carrying out the denial of service attack against www.wikileaks.org, although in a tweet that has since been deleted, th3j35t3r stated that it was not a distributed attack,” Mutton blogged. “If WikiLeaks believed the attack to be distributed, it could suggest that other parties had also been carrying out separate attacks at the same time. … th3j35t3r’s Twitter feed lists dozens of other sites that have also been taken down, mainly communicated through ‘TANGO DOWN’ messages posted via the XerCeS Attack Platform.”

According to an analysis by Arbor Networks, the attack began around 10:05 a.m. EST on 28 November. Shortly after the attack started, WikiLeaks redirected DNS from its AS8473 Swedish hosting provider to use mirror sites hosted by a large cloud provider in Ireland (and later the United States as well), Arbor found.

“Overall, at 2-4 Gbps the Wikileaks DDoS attack was modest in the relative scheme of recent attacks against large web sites,” blogged Craig Labovitz, chief scientist for Arbor Networks. “Though, TCP and application level attacks generally require far lower bps and pps rates to be effective. Engineering mailing list discussion also suggests the hosting provider and upstreams decided to blackhole all Wikileaks traffic rather than transit the DDoS.”

WikiLeaks was blasted during the past 24 hours by US officials, with Secretary of State Hillary Clinton stating the US government “strongly condemns the illegal disclosure of classified information”.

“This administration,” she said today, “is advancing a robust foreign policy that is focused on advancing America’s national interests and leading the world in solving the most complex challenges of our time. … In every country and in every region of the world, we are working with partners to pursue these aims. So let’s be clear: This disclosure is not just an attack on America’s foreign policy interests. It is an attack on the international community – the alliances and partnerships, the conversations and negotiations that safeguard global security and advance economic prosperity.”

Among the documents is a cable linking the Chinese government to the Aurora attack that impacted Google, Adobe Systems and dozens of other corporations. The attack was first reported by Google in January, and speculation immediately pointed to China as the culprit.

No significant downtime

While the controversy swirls, cablegate.wikileaks.org has so far escaped any significant downtime, Mutton blogged.

“This site has used 3 IP addresses since its launch, probably in anticipation of being attacked or deluged with legitimate traffic,” he wrote. “Two of these IP addresses are at Octopuce in France, which also hosts the single IP address now used by warlogs.wikileaks.org. Ironically, the third IP address being used to distribute secret US embassy cables is an Amazon EC2 instance hosted in – you guessed it – the US.”

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Share
Published by
Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

3 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

3 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago