Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spamhaus Under DDoS Over Wikileaks.info

Posted by timothy on from the you-got-the-wrong-idea-mister dept.

achowe writes "Steve Linford of Spamhaus sent this to a private anti-spam list and asked that the message get out far and wide: 'For speaking out about the crime gangs located at the wikileaks.info mirror IP, Spamhaus is now under ddos by AnonOps. As our site cannot be reached now [actually sporadic], we can not continue to warn Wikileaks users not to load things from the Heihachi IP. ... AnonOps did not like our article update, here is what we said and what brought the ddos on us.'" At the conclusion of this message: "Spamhaus continues to warn Wikileaks readers to make sure they are viewing and downloading documents only from an official Wikileaks mirror site. We’re not saying 'don’t go to Wikileaks' we’re saying 'Use the wikileaks.ch server instead.'" Here is Spamhaus's full warning.

9 of 295 comments (clear)

  1. AnonOps part of the problem, not the solution by Animats · · Score: 5, Interesting

    I'm beginning to wonder if AnonOps/Anonymous is a false flag operation. They seem to be doing more harm than help to Wikileaks. Their targeting is inept (they previously targeted the wrong DNS provider), their timing is inept, and Wikileaks doesn't need them to stay on line.

    1. Re:AnonOps part of the problem, not the solution by HungryHobo · · Score: 5, Interesting

      Forget false flag ops.
      What are the real wikileaks sites now???

      Last time I checked wikileaks used self signed certs and at this point I'd love to simply see a interview with assange where he lists the "official" wikileaks sites and reads out some of their SSL certs.

      is wikileaks.org still in the hands of the wikileaks organization or does the DHS control it now or some third party?
      Or has it just been infected with malware to add a redirect?

      Is their twitter account really them?

      is there even any way for anyone to anonymously submit documents any more?

    2. Re:AnonOps part of the problem, not the solution by HungryHobo · · Score: 4, Interesting

      hell, is there even any verifiable way to communicate with any wikileaks staff any more?
      Any PGP public keys? etc etc

    3. Re:AnonOps part of the problem, not the solution by Anonymous Coward · · Score: 3, Interesting

      Let's check the allegations:

      The original Wikileaks domain was wikileaks.org. Wikileaks has not used that domain in a while. The .org TLD is under the control of the USA (registry and registrar are both US based companies). It is unclear if Wikileaks is still in control of the wikileaks.org domain.

      Spamhaus suggests that irc.anonops-irg.net is the address of the "Anonymous" coordination IRC server. The most current reference to an Anonops IRC server I could find names it irc.anonops-irc.org, which currently does not resolve. The page lists several changes of domain in the past days. It appears someone is sweeping up the abandoned domains and using them for (more) nefarious purposes. It is unclear if Anonymous is still connected to the domains listed in the Spamhaus warning.

      The Spamhaus warning is probably right insofar that the listed domains are hosted by cybercrime outfits and pose a danger to anyone visiting them. The linking of Anonymous to these cybercrime outfits is possibly incorrect (other Anonymous domains are hosted at well-known commercial hosters). It will be interesting to see how the wikileaks.org domain got to point to wikileaks.info.

      Since linking Wikileaks and Anonymous to cybercrime discredits both groups, it is quite conceivable that it's not just Russian gangs jumping on the opportunity but a FUD campaign by western three letter agencies. Nevertheless, heed the Spamhaus warning and stay away from wikileaks.org, wikileaks.info (and possibly all other wikileaks domains under TLDs which are operated by US registries). If you're thinking about downloading software from Anonymous and running it on your own computer, go ahead. No warning will cure that kind of stupidity.

  2. Say wha? by Anonymous Coward · · Score: 5, Interesting

    I just asked anonops about it, they're not attacking spamhaus.

  3. Re:kids these days by openfrog · · Score: 4, Interesting

    When you have a large DDoS tool at your beck and call, who has time to bother with accuracy and trifling details like the truth? This is just further evidence that "anonymous" is some unemployed young adult.

    The profile of anonymous becomes less and less one of sophistication and intelligence and more that of teenage angst and a limited understanding of technology daily.

    From TFA:

    The Webalta 92.241.160.0/19 netblock has been listed on the Spamhaus Block List (SBL) since October 2008. Spamhaus regards the Russian Webalta host (also known as Wahome) as being "blackhat" - a known cybercrime host from whose IP space Spamhaus only sees malware/virus hosting, botnet C&Cs, phishing and other cybercriminal activities.

    I sympathize with your impatience with the idiocy that is Anonymous, but what this goes on to show here is that Anonymous, or now better referred to as AnonOps, is NOT unruly teenagers as media have been dutifully reporting, but something else.

    The poster above referring to Anonymous as a potential 'false flag' operation has it right. Whether it was started by real teenagers or not is inconsequential: it plays in the interests of those wanting to swerve public opinion in the direction of repressive legislation and it is all too easy to attribute any kind of stunt on "Anonymous", whomever is really behind it.

  4. my guess by Anonymous Coward · · Score: 5, Interesting

    the russian criminals are using the whole wikileaks/anonymous affair as a cover to attack one of their archenemies: spamhaus, while trying to paint spamhaus as the bad guys.

  5. Please note: by guruevi · · Score: 5, Interesting

    1) This DDoS attack does not seem to be originating from Anonymous but from AnonOps which is a cybergang-related IRC server and the DDoS seems to be originating from a real botnet of hijacked Windows computers, not LOIC.
    2) Spamhaus warned about wikileaks.info which seems to be hosted by the same criminals and is posting false Wikileaks statements.
    3) Wikileaks.org has been taken over by these criminals and is redirecting to http://mirror.wikileaks.info/ which is NOT sourcing from wikileaks.ch (and other mirrors like http://www.wlmirror.com/)

    It seems to me the US Gov'mint has 'fixed' their Wikileaks problem by a campaign of misinformation and probably paid these Russian criminals to host the false Wikileaks site. It wouldn't surprise me if the wikileaks.info sites started to have certain damning documents disappear or specific ones infected just to track who's reading what.

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
  6. Re:ok well lets take a wikieak here + have a look by Anonymous Coward · · Score: 4, Interesting

    mirror.wikileaks.info actually seems to be more useful than wikileaks.ch at the moment. It contains all the old leaks in the old (better imho) wikileaks format, together with the wikileaks analysis articles. It also contains links to the new leaks found on wikileaks.ch. I've checked a few of the articles there, and they all look just like I remembered. I couldn't see anything wrong.

    I agree that it is strange that the site still uses the old format. It is also strange that the old leaks (from before the Afghanistan, Irak and Cable stuff) aren't available at wikileaks.ch. I'm not sure what to think, but I am far from convinced that there is anything wrong with the .info mirror.