Denial of Service attack brings Wikileaks site to its knees
November 29, 2010
A DoS (Denial of Service) attack against Wikileaks made the whistleblower website unavailable for several hours last night, in the run up to its publication of highly classified U.S. State Department documents, and may turn out to be the work of a single but well-meaning hacker.
The DoS attack could be blamed on an application level assault targeting a vulnerability in Wikileak's Apache web server, according to various reports from global Internet security firms.
A few weeks ago, a patriot-hacker named The Jester has previously used the XerXeS tool to attack jihadist sites. Now, if rumours are to be believed, the same tool was turned against Wikileaks last night, making the site unacessible at a very critical time.
Hundreds of thousands of U.S. diplomatic cables were still published by The Guardian, with extracts run by other high-profile media publications, so the attack failed to block access to the diplomatically and politically embarrassing information, always an unrealistic goal.
Rather than a purely conventional packet flood, it seems probable that the site was also hit by the XerXeS tool. A video showing how the tool works and an interview with the 'Jester' can be found via the Infosec Island website.
The 'Jester' claimed responsibility for an attack on Wikileaks via a Twitter update last night: "www.wikileaks.org - TANGO DOWN - for attempting to endanger the lives of our troops, other assets & foreign relations," Jester said.
For many weeks now, the Obama administration has repeatedly condemned the leak of the diplomatic cables in similar terms arguing that the release puts lives at risk, damages U.S. relations with its allies and undermines counterterrorism operations. President Obama was and still is very critical of the Wikileaks initiative and would want it permanently stopped in its tracks.
Wikileaks said on its updates to its Twitter feed last night "We are currently under a mass distributed denial of service attack."
It added "The New York Times, El Pais, Le Monde, Speigel and the Guardian will all publish many U.S. embassy cables tonight, even if WikiLeaks goes down."
Of course, claims by Jester could be just "hacker bragging" and it may turn out that a more significant conventional packet flood attack was actually the main culprit in bringing Wikileaks down. Analysis of the attack still remains far from complete, however, and in the next day or two we might know a lot more of what exactly happened and how it was done.
The release of the diplomatic cables late yesterday was Wikileaks's biggest release to date, and follows the controversial release of the Iraqi War Logs about three weeks ago.
In related news, Netcraft reports that the Iraqi War Logs are no longer served by Amazon EC-2 from the U.S. The DNS configurations over the warless.wikileaks.org site were changed over the past week so that the site is now served solely by a French hosting company.
Wikileaks started to make available on its website classified and critical documents that many say could endanger the lives of men and women in the military serving in Iraq, Afghanistan and elsewhere. The leaks started mostly sometime in July of this year, and are now appearing even faster and in greater numbers at any given time.
Source: Wikileaks' Twitter Feed.
You can link to the Internet Security web site as much as you like.