We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

WikiLeaks suffers second DoS attack

Attackers have 'upped their game'

WikiLeaks has suffered a second denial-of-service (DoS) attack, say internet researchers.

The site remained online with some short interruptions, as did a secondary site, cablegate.wikileaks.org, where more than 250,000 US State Department internal messages have been published so far.

[The attackers] have upped their game," said Craig Labovitz, chief scientist at Arbor Networks, a supplier of anti-DoS technology.

"This looks like a different attack. It's a more complex attack, with multiple components, and it's a more significant attack," added Labovitz.

WikiLeaks echoed Labovitz's take on today's attack. According to the organisation's Twitter account, the attack quickly reached 10Gbps (gigabits-per-second), or two-and-a-half to five times larger than the previous attack.

Labovitz estimated the DoS, which was launched by a single hacker, at between 2Gbps and 4Gbps.

WikiLeaks has been under assault since shortly after it began publishing diplomatic cables from a trove of more than 250,000 messages. The group provided several newspapers with the complete cache, but is releasing the cables to the public in small dribbles on cablegate.wikileaks.org. In the UK, The Guardian has been working with WikiLeaks to pulish details of the cables.

Labovitz declined to go into specifics on the extent of the DoS, saying that he was still compiling data from Arbor's ATLAS (Active Threat Level Analysis System) network, which collects internet traffic data from approximately 120 carriers and providers worldwide.

Netcraft, however, spelled out its findings in detail.

According to Netcraft's traffic measurements, WikiLeaks and Cablegate were both hit hard today, with the latest failures of the sites occurring about 6am Eastern Time (11am in the UK).

Netcraft explained how WikiLeaks and Cablegate remained operational for the most part during the DoS attacks.

"The cablegate hostname is still configured to use three different IP addresses on a round-robin basis, essentially acting as a load balancer," said Netcraft's Paul Mutton in a post to the company's blog.

Labovitz had a different idea.

"They've been moving their hosting around," said Labovitz, referring to WikiLeaks. "They seem to have gone from using small providers to using larger providers, which have better capabilities to deal with these attacks."

Most large hosting companies use one or more technologies or techniques to fend off DoS attacks, Labovitz continued. "DoS is part and parcel of the internet today," he said. "There's nothing unique to WikiLeaks except the amount of publicity it's received. There are enterprises that [undergo] much larger DoS attacks on a regular basis."

Yesterday, WikiLeaks shifted its site to servers operated by Amazon.

Although a single hacker, who goes by the nickname of 'The Jester' - penned in leetspeak as 'th3j35t3r' - claimed responsibility for first attack, which one security expert said was not launched via a botnet, the second DoS looked more co-ordinated, said Labovitz. He wasn't able to tell, however, whether it originated from a single source or from a botnet.

"There's enough publicity surrounding WikiLeaks [and the leaked cables] that this will be an ongoing event for them," Labovitz said.

See also: WikiLeaks cables show US ignored Brown's NASA hacker pleas


IDG UK Sites

Nexus 6 vs Samsung Galaxy Note 4 comparison: What's the best Android phablet?

IDG UK Sites

The iPhone is doomed. Doomed to be marginally less successful than a very successful thing.

IDG UK Sites

How to prototype native mobile apps without writing code

IDG UK Sites

How to prepare for and update to OS X Yosemite: Get your Mac ready to download & install Apple's...