WikiLeaks Back Online after Sustained DDoS Attack

The controversial document-sharing site WikiLeaks was back online Monday evening after sustaining a week-long distributed denial-of-service attack.

The organization apparently received some extra capacity and assistance from Web performance and security firm Cloudfare to counter the 10 gigabits per second of bogus traffic that overwhelmed servers for numerous WikiLeaks domains and several supporters’ sites.

The controversial document-sharing site WikiLeaks was back online Monday evening after sustaining a week-long distributed denial-of-service attack.

The organization apparently received some extra capacity and assistance from Web performance and security firm Cloudfare to counter the 10 gigabits per second of bogus traffic that overwhelmed servers for numerous WikiLeaks domains and several supporters’ sites.

According to one site’s posting while the attack was underway, “The bandwidth is [sic] used is so huge it is impossible to filter without specialized hardware, however… the DDoS is not simple bulk UDP or ICMP packet flooding, so most hardware filters won’t work either. The rage of IPs used is huge. Whoever is running it controls thousands of machines or is able to simulate them.”

Targets included WikiLeaks’ news aggregation site and its donations infrastructure, which it calls the Fund for Network Neutrality.

A few days ago the organization posted a statement describing what it surmised was a DNS amplification attack. “Broadly speaking, this attack makes use of open DNS servers where attackers send a small request to, the fast DNS servers then amplify the request, the request has now increased somewhat in size and is sent to the server of wikileaks-press.org. If an attacker then exploits hundreds of thousands of open DNS resolvers and sends millions of requests to each of them, the attack becomes quite powerful. We only have a small uplink to our server, the size of all these requests was 100,000 times the size of our uplink.”

A group calling itself “Anti Leaks” has claimed credit. “We have proven to two separate media organizations that we are behind these attacks by giving them advanced notice of our next target. We find the speculation that we are not behind these attacks and/or that we are CIA/NSA/FBI or even wikileaks themselves to be downright comical,” wrote someone who goes by the handle DietPepsi.

The attacks began Aug. 3, around the time WikiLeaks released new documents related to Texas-based intelligence agency Stratfor detailing a U.S. surveillance project using technology called TrapWire.

Cloudfare said it stepped in after seeing a request for help on Twitter, according to NBCNews.com.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.