• 11.30.10

WikiLeaks Hit By Another Massive DDoS Hacker Attack

WikiLeaks was hit by another massive DDoS attack on Tuesday morning. While access to the site was slowed, WikiLeaks’ decentralized nature makes shutdown more difficult than ever.



Hackers are after WikiLeaks. The
controversial site was hit by a sustained distributed denial of
service (DDoS) attack on Tuesday morning. The attack, which briefly made
WikiLeaks inaccessible, was directed at–the
recently released cache of secret diplomatic cables the organization
has been leaking. WikiLeaks was also hit by another denial of service (DoS) attack on
Sunday, when the cables were released.

A politically motivated hacker or group
of hackers named “th3j35t3r”–“The
Jester” in leet–took
credit for the Sunday attack. According to a tweet, the
site was targeted
for “attempting to endanger the lives of our
troops, ‘other assets’ & foreign relations.” The Jester’s
Twitter feed contains a log of attacks on other sites, most of which
are homepages for either jihadist or political Islamist

According to WikiLeaks, today’s DDoS
attack exceeded 10 gigabits per second as of 9 a.m. New York time. This
was much more intense than Sunday’s attack, which was a comparatively
mild 2-4 gigabits per second. Internet security firm Netcraft
today’s DDoS attack
as well. Netcraft’s analysis notes that is configured to use three different IP
addresses as a load balancer, which still failed to prevent today’s
DDoS attack.

WikiLeaks has put multiple safeguards
in place to distribute their leaked diplomatic cables. Apart from
working with media organizations such as the New York Times
Der Spiegel,
WikiLeaks has embraced every nerd’s favorite: Torrents. The
organization has
placed a torrent of all their diplomatic cable leaks
on the Web.

In order to cope with the DDoS attack
on Sunday, WikiLeaks did some improvised
DNS jiggering
. The site redirected DNS configurations from their
Swedish host to cloud sites hosted by in Ireland and the
United States.

Interestingly, detailed analyses and
walkthroughs of past DDoS attacks on WikiLeaks have been posted to
the web. Anthony Freed of Infosec Island interviewed the Jester in
February, who
a script he used called XerXes for a past attack:

“Okay it started with a little
script I wrote a while back to harden-test servers […] I modified
this script, and it was just a nasty script, very cumbersome. When I
realized the extent of the jihad online recruiting and co-ordination
involvement (much later), I realized I could turn this script into a
weapon. […] XerXes requires no zombie network or botnet to be
effective. Once a single attacking machine running XerXeS has smacked
down a box, it’s down, there is no need for thousands of machines.
But, XerXeS does not hurt intermediary nodes along its path to the
target. So the answer is that such institutions’ systems would
still be intact, as it causes no collateral damage, just not


It is important to remember two key
things, however:

  • Today’s DdoS attack was highly
    complex. Although the timing did not significantly affect access to
    WikiLeaks from North America, it was timed to make it inaccessible
    to Europe for much of the business day.

  • DdoS attacks on WikiLeaks are
    great for agitprop and publicity, but do nothing to inhibit the
    site’s operations. The organization’s bread and butter for
    information dissemination are the traditional media, bloggers and
    day-to-day communication between individuals in person and online–not their website. Furthermore, torrents make a nifty backup plan.

Meanwhile, China is fighting WikiLeaks
the traditional way: through the Great Firewall. China formally
announced they are
blocking access to WikiLeaks today
, with Foreign Ministry
spokesperson Hong Lei noting that “China takes note of the
government reports. We hope the U.S. Side will handle the relevant
issues. […] As for the content of the documents, we will not
comment on that.”