WikiLeaks hit by massive DDoS attack

Powered by SC Magazine
 

Attacks coincide with Stratfor dumps.

The website for news organisation WikiLeaks was taken down last week following a week-long and massive distributed denial-of-service (DDoS) attack.

The attacks came as the whistleblower site published new information on the Trapwire surveillance system discussed by Stratfor, the US-based global intelligence firm that hacker collective Anonymous infiltrated late last year to steal roughly five million emails.

"The emails show Stratfor's web of informers, pay-off structure, payment-laundering techniques and psychological methods," WikiLeaks wrote at the time

On Wednesday, WikiLeak's official Twitter account speculated the timing of the DDoS attack may be related to the Olympics; the ongoing releases of Stratfor and Syria documents, which also were handed over to WikiLeaks for publishing by Anonymous; or unspecified future releases.

A group calling itself AntiLeaks has taken credit for the DDoS campaign.

WikiLeaks, in a series of tweets on Friday, described the prolonged attack it is facing, which also is going after its "donation infrastructure." The organisation said the assaults are measuring more than 10 gigabits per second, and are being delivered in a way that is impossible to deflect.

"The bandwidth [being] used is so huge it is impossible to filter without specialised hardware," the tweets said.

"The DDoS is not simple bulk UDP or ICMP packet flooding, so most hardware filters won't work either. The [range] of IPs used is huge. Whoever is running it controls thousands of machines or is able to simulate them."

To respond, WikiLeaks has created a number of "mirror" sites, but most of those have been knocked offline as well.

WikiLeaks said it tried to move its servers to CloudFlare, a California-based start-up that specialises in DDoS protection and website acceleration. However, WikiLeaks said it was turned away.

CloudFlare is no stranger to protecting targeted websites. In fact, the company called LulzSec a customer during a roughly three-week period last summer when the close-knit hacktivist group was embarking on its rampage of breaches against companies like Sony and PBS.

LulzSec, however, never violated CloudFlare's terms of service.

When asked Friday about WikiLeaks seeking CloudFlare's assistance, Matthew Prince, the company's co-founder and CEO, said the organisation wasn't denied service.

"We restrict all high-traffic sites from the automatic sign-up process," he told SC in an email.

"The purpose for this is to make sure a big site signing up has a great experience and that we're prepared so they don't overwhelm our network. You'd see the exact same error for the same reason if you tried to sign up Google.com. The list of high-traffic sites is pulled automatically -- it wasn't purposefully directed at WikiLeaks.

"Someone alleging to be from WikiLeaks wrote in to our support [department]," Prince continued.

"We've responded to them to understand the nature of their attack and whether we can help. Stay tuned."

WikiLeaks has run into trouble with US -based companies before, however.

In late 2010, it began publishing secret diplomatic cables, which resulted in a number of major brands, including Amazon, PayPal and MasterCard, cutting off server hosting or payment processing ties with WikiLeaks in response to U.S. political pressure.

WikiLeaks' embattled leader, Julian Assange, remains at the Ecuador's London embassy. He is seeking asylum to the South American nation to avoid extradition to Sweden to face alleged sexual offenses. But he has not been charged with any crimes.

The AntiLeaks group said its claimed attacks are specifically against Assange and his attempt to seek asylum.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


WikiLeaks hit by massive DDoS attack
Tags
 
 
 
Top Stories
Innovating in the sleepy super industry
There’s little incentive to be on the bleeding edge, so why is Andrew Todd fighting so hard?
 
How technology will unify Toll
The systems headache formed through 15 years of acquisitions.
 
Immigration breached Privacy Act with data leak
Pilgrim slams "copy and paste" of asylum seeker data.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  38%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  7%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 842

Vote