Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spamhaus Under DDoS Over Wikileaks.info

Posted by timothy on from the you-got-the-wrong-idea-mister dept.

achowe writes "Steve Linford of Spamhaus sent this to a private anti-spam list and asked that the message get out far and wide: 'For speaking out about the crime gangs located at the wikileaks.info mirror IP, Spamhaus is now under ddos by AnonOps. As our site cannot be reached now [actually sporadic], we can not continue to warn Wikileaks users not to load things from the Heihachi IP. ... AnonOps did not like our article update, here is what we said and what brought the ddos on us.'" At the conclusion of this message: "Spamhaus continues to warn Wikileaks readers to make sure they are viewing and downloading documents only from an official Wikileaks mirror site. We’re not saying 'don’t go to Wikileaks' we’re saying 'Use the wikileaks.ch server instead.'" Here is Spamhaus's full warning.

17 of 295 comments (clear)

  1. AnonOps part of the problem, not the solution by Animats · · Score: 5, Interesting

    I'm beginning to wonder if AnonOps/Anonymous is a false flag operation. They seem to be doing more harm than help to Wikileaks. Their targeting is inept (they previously targeted the wrong DNS provider), their timing is inept, and Wikileaks doesn't need them to stay on line.

    1. Re:AnonOps part of the problem, not the solution by openfrog · · Score: 5, Informative

      I'm beginning to wonder if AnonOps/Anonymous is a false flag operation. They seem to be doing more harm than help to Wikileaks. Their targeting is inept (they previously targeted the wrong DNS provider), their timing is inept, and Wikileaks doesn't need them to stay on line.

      At last, this is coming out! I've been repeating this obvious thing on every Anonymous story that Slashdot has echoed out until now: we have no idea who is behind so called "Anonymous". A naive teenager is arrested from time to time to give credence to the myth that the Web is under the threat of unruly teenagers, opening the door to repressive legislation.

      Now with this, we are beginning to get to hard facts, which should help us awaken our traditional media journalist friends: press, TV, radio. Congratulation for coming up with the term AnonOps. It tells the whole story in a nutshell.

    2. Re:AnonOps part of the problem, not the solution by Anonymous Coward · · Score: 5, Funny

      Of COURSE it's a false flag operation. The brave freedom fighters of Anonymous couldn't POSSIBLY be mistaken or misinformed in what they do. There's no way they're all just a bunch of kids with no idea what they're doing. The plan to DDOS Amazon to its knees was truly brilliant, in that it allowed the world to see how quickly Anonymous can shift their attack to new targets.

      I, for one, welcome our new basement-dwelling, scat-loving overlords.

         

    3. Re:AnonOps part of the problem, not the solution by HungryHobo · · Score: 5, Interesting

      Forget false flag ops.
      What are the real wikileaks sites now???

      Last time I checked wikileaks used self signed certs and at this point I'd love to simply see a interview with assange where he lists the "official" wikileaks sites and reads out some of their SSL certs.

      is wikileaks.org still in the hands of the wikileaks organization or does the DHS control it now or some third party?
      Or has it just been infected with malware to add a redirect?

      Is their twitter account really them?

      is there even any way for anyone to anonymously submit documents any more?

    4. Re:AnonOps part of the problem, not the solution by PeterBrett · · Score: 5, Informative

      The Pirate Parties provide and administrate the wikileaks.ch network (note that the same network serves wikileaks.de and wikileaks.lu). Understandably, we all feel very strongly about the importance of whistleblowing and freedom of the press. I personally will vouch for those servers' integrity at this time. Specifically, Pirate Party members in the UK, Holland, Germany, Russia, Switzerland, Luxembourg and the Czech Republic have all donated servers.

      I'm sorry that these servers are not currently available over SSL. As I understand it, some of these servers are hosted on IP addresses shared with other websites, and apparently this setup is incompatible with SSL. In addition, we have not yet identified a signing authority that we feel confident that would be resistant to coercion and subornation by agencies looking to discredit or manipulate Wikileaks. (Got a suggestion? Reply to this post!)

      I'll re-raise the issue with the PPI organising committee, and see whether we can organise something. ;-)

      I'm afraid that I can't speak for any of the Wikileaks-specific issues, such as document submission or the status of the wikileaks.org domain.

      --
      Pirate Party UK
    5. Re:AnonOps part of the problem, not the solution by Anthony+Mouse · · Score: 5, Informative

      So I'm going to post this near the beginning of the thread since the OP is correct but confusing and the signal to noise ratio in the comments is terrible. It appears the general consensus is this:

      1) Russian criminals have control over the wikileaks.org and wikileaks.info domains and are distributing malware. The current real wikileaks website is wikileaks.ch.

      2) Spamhaus has been telling people about (1).

      3) The Russian criminals are now retaliating by using their botnets to DDoS Spamhaus under the flag of AnonOps.

      4) Some of the people who call themselves Anonymous may or may not also be participating in the DDoS against Spamhaus because they are idiots.

  2. As if a DDoS wasn't enough... by e9th · · Score: 5, Funny

    now they're slashdotted, too.

  3. Say wha? by Anonymous Coward · · Score: 5, Interesting

    I just asked anonops about it, they're not attacking spamhaus.

    1. Re:Say wha? by Anonymous Coward · · Score: 5, Funny

      I just asked them and they say they are.

  4. I don't think so by Sycraft-fu · · Score: 5, Insightful

    I think they are just angry idiots with too much time on their hands. There's a reason why vigilantism is so frowned upon and force out in a civilized society: Vigilantes suck at justice. They shoot first, ask questions later. They are all about the Great Cause(tm) whatever that cause happens to be and don't do a good job thinking about any trouble they cause.

    Now this is made even worse by the /b/tards because they are not very organized, operate with what they believe to be impunity, and are often kids.

    So my bet is not a false flag op, just a bunch of dumbasses causing trouble. They've decided that Wikileaks will be their Great Cause(tm), until they get bored and find something else, and lash out at any perceived enemies of it without thinking about it.

    1. Re:I don't think so by HomelessInLaJolla · · Score: 5, Funny

      There's a reason why vigilantism is so frowned upon and force out in a civilized society: Vigilantes suck at justice

      The United States of America is obviously not a civilized society. My personal experience with La Jolla, CA, indicates that vigilanteism is the general rule--and not vigilanteism to combat high profile violent crime or high cost white collar crime ... no, people like to be vigilantes just to go around playing surrogate parent against the homeless, or hoping to be the next one to call the police on street people.

      Vigilanteism isn't about justice. It's about being the person with the juiciest gossip.

      just a bunch of dumbasses causing trouble.

      A very good description of the retired folks, the dog-walkers, the neighborhood watch, and the wealthy snobs around my area. Their entire method of life involves: provoke problem where there was none, call police.

      If they happen to catch one of the actual drunks or dumpster diving troublemakers then they give themselves extra credit. Maybe harassing me is practice for them. :-(

      --
      the NPG electrode was replaced with carbon blac
    2. Re:I don't think so by Shakrai · · Score: 5, Insightful

      The United States of America is obviously not a civilized society. My personal experience with La Jolla, CA

      So you've drawn conclusions about an entire society based on your experiences in one city?

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    3. Re:I don't think so by The_mad_linguist · · Score: 5, Funny

      He's generalizing from a small subset to the entire group of people.

      Everyone does it.

      Or at least, I do.

  5. Spamhaus announcement by pinkushun · · Score: 5, Informative

    In the case of it getting /.'ed or DOS'd (like TFA link to nanozen.info)

    Wikileaks Mirror Malware Warning
    2010-12-14 17:00 GMT, by Quentin Jenkins

    On Monday Spamhaus became aware that the main Wikileaks website, wikileaks.org, was redirecting web traffic to a 3rd party mirror site, mirror.wikileaks.info. This new web site is hosted in a very dangerous "neighborhood", Webalta's 92.241.160.0/19 IP address space, a "blackhat" network which Spamhaus believes caters primarily to, or is under the control of, Russian cybercriminals.

    Important: this warning is issued only for wikileaks.INFO, NOT Wikileaks itself or any other Wikileaks site. Wikileaks.info is NOT connected with Julian Assange or the Wikileaks organization. For a list of real Wikileaks mirror sites please go to wikileaks.ch

    The Webalta 92.241.160.0/19 netblock has been listed on the Spamhaus Block List (SBL) since October 2008. Spamhaus regards the Russian Webalta host (also known as Wahome) as being "blackhat" - a known cybercrime host from whose IP space Spamhaus only sees malware/virus hosting, botnet C&Cs, phishing and other cybercriminal activities. These include routing traffic for Russian cybercriminals who use malware to infect the computers of thousands of Russian citizens.

    The fact that recently some unknown person or persons decided to put a Wikileaks mirror on Webalta IP address 92.241.190.202 should raise an alarm; how was it placed there and by whom. Our concern is that any Wikileaks archive posted on a site that is hosted in Webalta space might be infected with malware. Since the main wikileaks.org website now transparently redirects visitors to mirror.wikileaks.info and thus directly into Webalta's controlled IP address space, there is substantial risk that any malware infection would spread widely.

    Spamhaus also notes that the DNS for wikileaks.info is controlled by Webalta's even more blackhat webhosting reseller "heihachi.net", as evidenced by the DNS records for the domain:

    wikileaks.info. 14400 IN A 92.241.190.202
    wikileaks.info. 14400 IN NS ns2.heihachi.net.
    wikileaks.info. 14400 IN NS ns1.heihachi.net.

    Spamhaus has for over a year regarded Heihachi as an outfit run 'by criminals for criminals' in the same mould as the criminal Estdomains. The Panama-registered but Russian/German-run heihachi.net is highly involved in botnet command and control and the hosting of Russian cybercrime.

    We also note that the content at mirror.wikileaks.info is rather unlike what's at the real Wikileaks mirrors which suggests that the wikileaks.info site may not be under the control of Wikileaks itself, but rather some other group. You can find the real site at wikileaks.ch, wikileaks.is, wikileaks.nl, and many other mirror sites around the world.

    Spamhaus takes no political stand on the Wikileaks affair. We do have an interest in preventing spam and related types of internet abuse however and hope that the Wikileaks staff will quickly address the hosting issue to remove the possibility of cybercriminals using Wikileaks traffic for illicit purposes.

    More information on the SBL listing of Webalta's 92.241.160.0/19 is here:
    http://www.spamhaus.org/sbl/sbl.lasso?query=SBL68370

    Spamhaus is not alone in issuing this Wikileaks mirror malware caution. On Sunday researcher Feike Hacquebord at fellow anti-spam system Trend Micro issued a similar warning in the Trend Micro Malware Blog. (http://blog.trendmicro.com/wikileaks-in-a-dangerous-internet-neighborhood/)

  6. my guess by Anonymous Coward · · Score: 5, Interesting

    the russian criminals are using the whole wikileaks/anonymous affair as a cover to attack one of their archenemies: spamhaus, while trying to paint spamhaus as the bad guys.

  7. Please note: by guruevi · · Score: 5, Interesting

    1) This DDoS attack does not seem to be originating from Anonymous but from AnonOps which is a cybergang-related IRC server and the DDoS seems to be originating from a real botnet of hijacked Windows computers, not LOIC.
    2) Spamhaus warned about wikileaks.info which seems to be hosted by the same criminals and is posting false Wikileaks statements.
    3) Wikileaks.org has been taken over by these criminals and is redirecting to http://mirror.wikileaks.info/ which is NOT sourcing from wikileaks.ch (and other mirrors like http://www.wlmirror.com/)

    It seems to me the US Gov'mint has 'fixed' their Wikileaks problem by a campaign of misinformation and probably paid these Russian criminals to host the false Wikileaks site. It wouldn't surprise me if the wikileaks.info sites started to have certain damning documents disappear or specific ones infected just to track who's reading what.

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
  8. ok well lets take a wikieak here + have a look by bpsheen · · Score: 5, Informative

    Screw all this talk, lets look at the page source code and go from there. I booted Knoppix, and pulled up Iceweasel and copy and pasted the page source from wikileaks.info. My html and Javascript skills are not the sharpest. My skills are best in other areas. However, I noticed there is too much talk and not enough transparency here so I posted the page source so hopefully someone would analyze it and talk about the contents rather than jumping on sides of the arguments like some deranged trolls. Lets have a discussion that not owned by a bunch of drama queens, True geeks work with logic, not Drama. End of anti-troll rant.. Heres the pastebin link. http://pastebin.com/dyMkdZEG

    --
    My first computer had 1024 bytes of ram