WikiLeaks Back Online After Massive DDoS Attack

← Back to Stories (view on slashdot.org)

WikiLeaks Back Online After Massive DDoS Attack

Posted by Soulskill on Tuesday August 14, 2012 @06:25AM from the of-barn-doors-and-horses dept.

Trailrunner7 writes "Controversial document-sharing site WikiLeaks was back online Monday evening after sustaining a week-long distributed denial-of-service attack. The organization apparently received some extra capacity and assistance from Web performance and security firm Cloudfare to counter the 10 gigabits per second of bogus traffic that overwhelmed servers for numerous WikiLeaks domains and several supporters' sites. Targets included WikiLeaks' news aggregation site and its donations infrastructure, which it calls the Fund for Network Neutrality. A few days ago the organization posted a statement describing what it surmised was a DNS amplification attack. 'Broadly speaking, this attack makes use of open DNS servers where attackers send a small request to, the fast DNS servers then amplify the request, the request has now increased somewhat in size and is sent to the server of wikileaks-press.org. If an attacker then exploits hundreds of thousands of open DNS resolvers and sends millions of requests to each of them, the attack becomes quite powerful. We only have a small uplink to our server, the size of all these requests was 100,000 times the size of our uplink.'"

36 of 56 comments (clear)

Min score:

Reason:

Sort:

Speak truth to power, get shitstorm in return by crazyjj · 2012-08-14 06:25 · Score: 5, Insightful

It's funny how everyone says they like the truth, openness, honesty, free speech--all that shit. Well, until someone dares actually exercise any of that stuff when it exposes THEM, of course. Then it's GODDAMN WAR!!
It kind of reminds me of the old crack my union friend used to make back in the day: "Ronald Reagan loves labor unions, as long as they're in Poland."

--
What political party do you join when you don't like Bible-thumpers *or* hippies?
1. Re:Speak truth to power, get shitstorm in return by stevegee58 · 2012-08-14 06:33 · Score: 1
  
  "If they're shooting at you then you must be doing something right"
2. Re:Speak truth to power, get shitstorm in return by Fwipp · 2012-08-14 06:36 · Score: 4, Informative
  
  I think GP meant that Wikileaks was exercising truth, openness, etc - and some people who didn't like that were responsible for the DDoS.
3. Re:Speak truth to power, get shitstorm in return by CanHasDIY · 2012-08-14 06:44 · Score: 5, Insightful
  
  I agree, troop movement and positions
  ... were never exposed by Wikileaks, contrary to the squawking of Faux News' talking heads. Also notable, 'exposing troop movements and positions' wouldn't be an issue if our government didn't insist on sending them all over the world for some imperialistic bullshit.Ultimately, the responsibility for putting troops in harms way lies with the armchair generals in D.C., not Wikileaks.
  
  Although I do agree that evil should be exposed, good should not always be exposed.
  "Good" has nothing to hide, or at least, so says every cop who has ever wanted to search my property.
  
  --
  An enigma, wrapped in a riddle, shrouded in bacon and cheese
4. Re:Speak truth to power, get shitstorm in return by MindlessAutomata · 2012-08-14 06:45 · Score: 1
  
  And that entity should be the government, of course!
5. Re:Speak truth to power, get shitstorm in return by Baloroth · 2012-08-14 06:51 · Score: 1
  
  It's funny how everyone says they like the truth, openness, honesty, free speech--all that shit. Well, until someone dares actually exercise any of that stuff when it exposes THEM, of course. Then it's GODDAMN WAR!!
  It kind of reminds me of the old crack my union friend used to make back in the day: "Ronald Reagan loves labor unions, as long as they're in Poland."
  Wait, who are you talking about here? Because a DDoS attack is exactly how most Wikileaks supporters act against their perceived enemies, and I have to say, I think having the tables turned and have Wikileaks DDoSed in turn is, well, highly appropriate. Maybe now their supporters will learn that breaking the Internet in such a manner to make a point is not acceptable, from anyone.
  Who am I kidding, they'll probably search for the source and launch a DDoS attack of their own. People never learn, and large mobs of anonymous people just amplify the stupidity.
  
  --
  "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
6. Re:Speak truth to power, get shitstorm in return by daveschroeder · 2012-08-14 07:07 · Score: 3, Insightful
  
  So since you seem to be implying that the US and/or the West was behind a DDoS — because that's how the US rolls in the cyber realm: DDoSing targets [insert rolling eyes emoticon here] — I think you should turn your attention to this:
  http://wikileaks.org/syria-files/
  ---
  Social Media Becoming Online Battlefield in Syria - Mashable
  Social media is often credited with helping spread the Arab Spring, as activists shared messages of discontent and organized protests using Facebook and Twitter. More than a year after the Arab Spring began in Tunisia, it has become a megaphone for propaganda from both sides of the struggle in conflict-ridden Syria.
  http://mashable.com/2012/08/09/social-media-syria/
  ---
  Disinformation flies in Syria's growing cyber war - Reuters
  On Sunday, it was a hijacked Reuters Twitter feed trying to create the impression of a rebel collapse in Aleppo. On Monday, it was another account purporting to be a Russian diplomat announcing the death in Damascus of Syrian President Bashar al-Assad.
  http://www.reuters.com/article/2012/08/07/us-syria-crisis-hacking-idUSBRE8760GI20120807
  ---
  Reuters Twitter account hijacked, fake tweets sent - CNET
  The hack of news agency's tech feed comes two days after its Web site was breached and defaced with a phony pro-Syrian government story.
  http://news.cnet.com/8301-1023_3-57486971-93/reuters-twitter-account-hijacked-fake-tweets-sent/
  ---
  Reuters hacked, phony Syria stories posted - CNET
  Bogus posts reported on setbacks suffered by rebel Free Syrian Army fighting Assad regime.
  http://news.cnet.com/8301-1009_3-57486463-83/reuters-hacked-phony-syria-stories-posted/
  ---
  Nah, it's easier to live in the topsy-turvy bizarro land where the US is what's wrong with the world.
7. Re:Speak truth to power, get shitstorm in return by erikkemperman · 2012-08-14 07:16 · Score: 2
  
  ... good should not always be exposed.
  Except lots of stuff gets covered up (just) because it is, or looks, "bad".
  
  --
  Gosh, thanks. That must be why the other ships call me Meatfucker -- GCU Grey Area (Eccentric)
8. Re:Speak truth to power, get shitstorm in return by kiwimate · 2012-08-14 07:16 · Score: 1
  
  It's funny how everyone says they like the truth, openness, honesty, free speech--all that shit. Well, until someone dares actually exercise any of that stuff when it exposes THEM, of course. Then it's GODDAMN WAR!!
  You're talking about Julian Assange, right?
9. Re:Speak truth to power, get shitstorm in return by Desler · 2012-08-14 07:17 · Score: 1
  
  It's funny how everyone says they like the truth, openness, honesty, free speech--all that shit. Well, until someone dares actually exercise any of that stuff when it exposes THEM, of course. Then it's GODDAMN WAR!!
  Yes, your indignation is even more funny since Wikileaks supporters have DDoSed others for exercising their rights to free speech and free association, too.
10. Re:Speak truth to power, get shitstorm in return by poity · 2012-08-14 07:20 · Score: 1
  
  Why couldn't it just be some anons doing it for lulz? Or some other country that doesn't like to preach about "openness, honesty, free speech"? After all, Wikileaks has released documents on more than one country.
  Also, don't forget the two verses of the Slashdot Gospel: 1) ip address is insufficient to identify people, 2) we cannot jump to conclusions since more than one entity can benefit from this act, and this could very well be a false flag to discredit a country.
  (source: 1) every slashdot article about piracy lawsuits, 2) every slashdot article about US network intrusion/disruption that implicates another country)
  
  --
  your thin skin doesn't make me a troll
11. Re:Speak truth to power, get shitstorm in return by Desler · 2012-08-14 07:24 · Score: 1
  
  But we are only supposed to be skeptical of things that aren't our sacred cows. This is why this very same person will handwave away any evidence that disproves AGW denialism (even when it comes from studies consucted and funded by other denialists) but if Julian Assange or Wikileaks says anything he attacks anyone who dares question them.
12. Re:Speak truth to power, get shitstorm in return by VON-MAN · 2012-08-14 07:28 · Score: 1
  
  I don't think he implied anything *rolls eyes*, but: yes, it might well be Syria or supporters.
13. Re:Speak truth to power, get shitstorm in return by Rei · 2012-08-14 07:41 · Score: 1
  
  Why couldn't it just be some anons doing it for lulz?
  What makes you think that DietPepsi is not the leader's real name? ;)
  
  --
  We're practicing our labials.
14. Re:Speak truth to power, get shitstorm in return by Anonymous Coward · 2012-08-14 07:48 · Score: 1
  
  Good and Evil are subjective, which is the whole point of exposing information. It lets everyone decide.
15. Re:Speak truth to power, get shitstorm in return by CanHasDIY · 2012-08-14 07:54 · Score: 1
  
  ... were never exposed by Wikileaks, contrary to the squawking of Faux News' talking heads.
  This popular spelling of Fox News would work if Faux was pronounced Fox, but it isn't. Faux could be applied to numerous news outlets.
  By what metric do you surmise that I was specifically referring to FOX News, and not corporate media in general (i.e. "numerous news outlets")?
  
  Your preconceptions cloud your judgement, friend.
  
  --
  An enigma, wrapped in a riddle, shrouded in bacon and cheese
16. Re:Speak truth to power, get shitstorm in return by moeinvt · 2012-08-14 07:56 · Score: 2
  
  "it's perfectly rational to want to protect information that could be damaging to you."
  Yes, but it's not acceptable for the elected government of a supposedly free democratic republic to suppress information because it exposes their incompetence and/or malfeasance.
  Government should have very few secrets in general and should never suppress information simply because it might be "damaging" to them in terms of "reputation" or might conflict with the official narrative they are trying to sell to the American public.
17. Re:Speak truth to power, get shitstorm in return by Jeremy+Erwin · 2012-08-14 08:05 · Score: 1
  
  you actually watch fox news? Why? It's a lot faster to just read their website.
18. Re:Speak truth to power, get shitstorm in return by KhabaLox · 2012-08-14 09:38 · Score: 1
  
  "If they're shooting at you then you must be doing something right"
  -- Muammar Gaddafi
  
  --
  Ceci n'est pas un sig.
19. Re:Speak truth to power, get shitstorm in return by KhabaLox · 2012-08-14 09:40 · Score: 1
  
  I think having the tables turned and have Wikileaks DDoSed in turn is, well, highly appropriate.
  I am in no ways an expert in this type of thing, but from the sound of it, the DDoS on WL was much more sophisticated that those normally perpetrated by Anonymous and the like.
  
  --
  Ceci n'est pas un sig.
20. Re:Speak truth to power, get shitstorm in return by stevegee58 · 2012-08-14 09:51 · Score: 1
  
  "If they're shooting at you then you must be doing something right"
  -- Muammar Gaddafi
  FTFY
  -- Andrew Mackintosh, West Wing
21. Re:Speak truth to power, get shitstorm in return by Mr.+Slippery · 2012-08-14 09:53 · Score: 1
  
  Because a DDoS attack is exactly how most Wikileaks supporters act against their perceived enemies,
  
  [citation needed]
  I'm a WikiLeask supporter; I've never DDoS'd anyone.
  
  --
  Tom Swiss | the infamous tms | my blog
  You cannot wash away blood with blood
22. Re:Speak truth to power, get shitstorm in return by ubrgeek · 2012-08-14 10:37 · Score: 1
  
  Yeah, but do you know how many clicks you need to go through to get to Heather Nauert? ;)
  
  --
  Bark less. Wag more.
23. Re:Speak truth to power, get shitstorm in return by Jeremy+Erwin · 2012-08-14 11:44 · Score: 1
  
  Thanks for reminding me. Sex House is on!
Bravo Cloudflare! by John3 · 2012-08-14 06:41 · Score: 4, Interesting

I've been using Cloudflare for my DNS hosting since the beta days and they are an outstanding group of individuals. Their free DNS hosting is top-notch, with no pressure to upgrade to the paid option. They are some of the same people behind Project Honeypot. It's good to see firms like Cloudflare stand up and be counted when free and open access to information is threatened.

--
"We make our world significant by the courage of our questions and by the depth of our answers." Carl Sagan
does anyone know if by nimbius · 2012-08-14 07:01 · Score: 1

CloudFlare has patched the exploit that hit Amazons EC3 when wikileaks was hosted there?
Joe Liebermann is an awfully nasty bug going around.

--
Good people go to bed earlier.
"Massive" DDoS attack by Aldhibah · 2012-08-14 07:06 · Score: 3, Interesting

I think we need another term to describe DDoS attack other than massive. Every DDoS attack is massive, that's kind of how they work. How about megalithic, prodigious, elephantine or gargantuan? Other suggestions?
1. Re:"Massive" DDoS attack by Havenwar · 2012-08-14 07:18 · Score: 3, Insightful
  
  How about childish, old fashioned, pointless?
  I mean seriously, even if you manage to "kill" a large entity on the internet with a DDoS, all you do is give them more publicity and a few hours of people going "What? Where did it go? Oh, I'll check again to see if it works later." Shut a site down for days, keep it troubled for weeks, and you've expended great amounts of resources at.... giving them more publicity. If you've caused them any pain it's miniscule, they've regrouped, patched a few systems, installed a couple of load balancers, whatever it is they do... and then they are back. And the attack is over.
  It always ends.
  The only entity that a DDoS could be expected to be truly effective against would be one too small to be worth using it against.
2. Re:"Massive" DDoS attack by moeinvt · 2012-08-14 08:09 · Score: 1
  
  "The only entity that a DDoS could be expected to be truly effective against would be one too small to be worth using it against."
  Depends what you mean by "effective". Knocking out a site permanently? Of course not. Putting it out of service at a time that's critical to the business? It happens.
  I read an article where a gambling site was being extorted by a group threatening to do a DDoS attack at critical moments, say, right before some big sporting event. It was actually very effective.
3. Re:"Massive" DDoS attack by Havenwar · 2012-08-14 08:32 · Score: 1
  
  Fair enough, for an extremely small subset of sites I can see how it would have a worrisome impact on their bottom line, namely as you mentioned betting sites if properly timed. I'm sure there are one or two other use-cases I'm missing, but the point remains... DDoS has become the hammer of the "angry child on the internet" toolbox. To them, every problem looks like a nail. To most of us, we just roll our eyes at them and get on with our lives. Maybe we have some interesting discussions on internet security or such, but all in all it's a non-issue.
  It's like beating their chest and bragging because they argued with the cashier at McDonald's for thirty minutes, delaying her giving service to anyone else. Did they piss some people off? Quite possibly. But you can bet the vast majority of them don't hold McDonald's liable for "that guy's" childish actions. There's always going to be a "that guy", and there is always going to be a McDonald's. Argue/DDoS until you fall down dead from exhaustion, the moment you're gone it'll be "Next Customer, Please."
4. Re:"Massive" DDoS attack by logicassasin · 2012-08-14 08:36 · Score: 1
  
  I like "Jovian". Has a ring of absurdity to it.
  
  --
  Fifty watts per channel, baby cakes.
5. Re:"Massive" DDoS attack by petermgreen · 2012-08-14 14:30 · Score: 1
  
  If you've caused them any pain it's miniscule, they've regrouped, patched a few systems, installed a couple of load balancers, whatever it is they do.
  You need sufficiant bandwidth to receive all the traffic (legit and DDoS) and then sufficient hardware to return legitimate responses for the legimate traffic while dealing with the DDoS traffic. Depending on the details of the DDoS traffic it may be possible to filter it or it may have to be dealt with as if it was legitimate traffic. For a large scale DDoS attack you are unlikely to have these resources in-house so you will have to find a company (likely a content delivery network) to do it for you. Unless you are lucky enough to have someone who has the resources take pity on you then you will have to pay for these services.
  And you can't just ignore a DDoS attack and wait for it to go away because your hosting provider is unlikely to let you.
  The question is who will break first, the entity who has to pay for DDoS mitigation services or the entities performing the DDoS attacks. It's certainly not a forgone conclustion that the attacker(s) will break first.
  http://research.lifeboat.com/spam2.htm
  
  --
  note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
6. Re:"Massive" DDoS attack by Havenwar · 2012-08-14 16:50 · Score: 1
  
  Yes, it is indeed a foregone conclusion that the attacker will break first, if the company/entity they are attacking is anything but small to mid sized. Anything larger than that should be able to absorb the costs you talk about as a roadbump. A significant loss, quite possibly, but in business school they taught us to always be prepared for unexpected loss.
  Your hosting provider won't let you sit back and wait? Do they also hold you responsible for lightning strikes? I think you need to switch hosting providers. As far as I understand it they fall into two categories relevant to this topic: Page Hosting, which means you're small enough that this should indeed hurt you... in which case they can just shut your page down while it happens - anything beyond that is their problem, you're paying them to handle the network side of things. Or Server Hosting, in which case the server side problem is yours, and the network side problem is still theirs. The only thing your hosting provider could realistically complain about here is transfer - i.e. you'd be paying for more bandwidth. This is already regulated in contract, so basically if you have a machine that can handle the traffic then it would be just dandy to sit back and wait it out, as long as you can absorb the extra transferage fees.
  Of course I'm not saying that's the best idea. The best idea is to do what people do today, try to filter the traffic, while pursuing legal options to try and track down the origin and shut it down. The next best idea in my opinion is to just pull the plug for the duration. Let the "big scary hacker" blow and blow and get his street cred for bringing you down, and then just flick the switch, back up, good as new. I'd recommend combining this with researching the attacks however, so you can be ready to filter them out with little effort should he try a second time... but in reality the attention span of these people is about the lifecycle of a gnat.
Re:"Massive" DoS attack by Rei · 2012-08-14 07:59 · Score: 2

Well, when talking about a Denial-Of-Service (DOS) attack, if you want to elaborate with a new prefix, you need to address several things. One, the scope - is this a localized source, is it international, etc? Secondly, the scale - are we dealing with a large-scale attack, a small-scale attack, etc? Third, is it an automated attack with centralized control, such as a botnet or LOIC, or is it more akin to a "flash mob" DOS? In this particular case, we're dealing with a (G)lobal, (L)arge-scale and (A) automated. So there's your prefix to the Denial-Of-Service acronym.

--
We're practicing our labials.
Ice T said it best... by logicassasin · 2012-08-14 08:39 · Score: 3, Interesting

"Freedom of Speech... Just watch what you say"
http://en.wikipedia.org/wiki/The_Iceberg/Freedom_Of_Speech..._Just_Watch_What_You_Say!
I think the album cover is most appropriate in this situation.

--
Fifty watts per channel, baby cakes.
When you're in the business of pissing people off by VGPowerlord · 2012-08-15 00:34 · Score: 1

When you're in the business of pissing off companies, governments, and occasionally people, it's a bit naive to assume that they won't respond in some way..

--
GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011