Slashdot Mirror

← Back to Stories (view on slashdot.org)

WikiLeaks Back Online After Massive DDoS Attack

Posted by Soulskill on from the of-barn-doors-and-horses dept.

Trailrunner7 writes "Controversial document-sharing site WikiLeaks was back online Monday evening after sustaining a week-long distributed denial-of-service attack. The organization apparently received some extra capacity and assistance from Web performance and security firm Cloudfare to counter the 10 gigabits per second of bogus traffic that overwhelmed servers for numerous WikiLeaks domains and several supporters' sites. Targets included WikiLeaks' news aggregation site and its donations infrastructure, which it calls the Fund for Network Neutrality. A few days ago the organization posted a statement describing what it surmised was a DNS amplification attack. 'Broadly speaking, this attack makes use of open DNS servers where attackers send a small request to, the fast DNS servers then amplify the request, the request has now increased somewhat in size and is sent to the server of wikileaks-press.org. If an attacker then exploits hundreds of thousands of open DNS resolvers and sends millions of requests to each of them, the attack becomes quite powerful. We only have a small uplink to our server, the size of all these requests was 100,000 times the size of our uplink.'"

11 of 56 comments (clear)

  1. Speak truth to power, get shitstorm in return by crazyjj · · Score: 5, Insightful

    It's funny how everyone says they like the truth, openness, honesty, free speech--all that shit. Well, until someone dares actually exercise any of that stuff when it exposes THEM, of course. Then it's GODDAMN WAR!!

    It kind of reminds me of the old crack my union friend used to make back in the day: "Ronald Reagan loves labor unions, as long as they're in Poland."

    --
    What political party do you join when you don't like Bible-thumpers *or* hippies?
    1. Re:Speak truth to power, get shitstorm in return by Fwipp · · Score: 4, Informative

      I think GP meant that Wikileaks was exercising truth, openness, etc - and some people who didn't like that were responsible for the DDoS.

    2. Re:Speak truth to power, get shitstorm in return by CanHasDIY · · Score: 5, Insightful

      I agree, troop movement and positions

      ... were never exposed by Wikileaks, contrary to the squawking of Faux News' talking heads. Also notable, 'exposing troop movements and positions' wouldn't be an issue if our government didn't insist on sending them all over the world for some imperialistic bullshit.Ultimately, the responsibility for putting troops in harms way lies with the armchair generals in D.C., not Wikileaks.

      Although I do agree that evil should be exposed, good should not always be exposed.

      "Good" has nothing to hide, or at least, so says every cop who has ever wanted to search my property.

      --
      An enigma, wrapped in a riddle, shrouded in bacon and cheese
    3. Re:Speak truth to power, get shitstorm in return by daveschroeder · · Score: 3, Insightful

      So since you seem to be implying that the US and/or the West was behind a DDoS — because that's how the US rolls in the cyber realm: DDoSing targets [insert rolling eyes emoticon here] — I think you should turn your attention to this:

      http://wikileaks.org/syria-files/

      ---

      Social Media Becoming Online Battlefield in Syria - Mashable

      Social media is often credited with helping spread the Arab Spring, as activists shared messages of discontent and organized protests using Facebook and Twitter. More than a year after the Arab Spring began in Tunisia, it has become a megaphone for propaganda from both sides of the struggle in conflict-ridden Syria.

      http://mashable.com/2012/08/09/social-media-syria/

      ---

      Disinformation flies in Syria's growing cyber war - Reuters

      On Sunday, it was a hijacked Reuters Twitter feed trying to create the impression of a rebel collapse in Aleppo. On Monday, it was another account purporting to be a Russian diplomat announcing the death in Damascus of Syrian President Bashar al-Assad.

      http://www.reuters.com/article/2012/08/07/us-syria-crisis-hacking-idUSBRE8760GI20120807

      ---

      Reuters Twitter account hijacked, fake tweets sent - CNET

      The hack of news agency's tech feed comes two days after its Web site was breached and defaced with a phony pro-Syrian government story.

      http://news.cnet.com/8301-1023_3-57486971-93/reuters-twitter-account-hijacked-fake-tweets-sent/

      ---

      Reuters hacked, phony Syria stories posted - CNET

      Bogus posts reported on setbacks suffered by rebel Free Syrian Army fighting Assad regime.

      http://news.cnet.com/8301-1009_3-57486463-83/reuters-hacked-phony-syria-stories-posted/

      ---

      Nah, it's easier to live in the topsy-turvy bizarro land where the US is what's wrong with the world.

    4. Re:Speak truth to power, get shitstorm in return by erikkemperman · · Score: 2

      ... good should not always be exposed.
      Except lots of stuff gets covered up (just) because it is, or looks, "bad".

      --
      Gosh, thanks. That must be why the other ships call me Meatfucker -- GCU Grey Area (Eccentric)
    5. Re:Speak truth to power, get shitstorm in return by moeinvt · · Score: 2

      "it's perfectly rational to want to protect information that could be damaging to you."

      Yes, but it's not acceptable for the elected government of a supposedly free democratic republic to suppress information because it exposes their incompetence and/or malfeasance.

      Government should have very few secrets in general and should never suppress information simply because it might be "damaging" to them in terms of "reputation" or might conflict with the official narrative they are trying to sell to the American public.

  2. Bravo Cloudflare! by John3 · · Score: 4, Interesting

    I've been using Cloudflare for my DNS hosting since the beta days and they are an outstanding group of individuals. Their free DNS hosting is top-notch, with no pressure to upgrade to the paid option. They are some of the same people behind Project Honeypot. It's good to see firms like Cloudflare stand up and be counted when free and open access to information is threatened.

    --
    "We make our world significant by the courage of our questions and by the depth of our answers." Carl Sagan
  3. "Massive" DDoS attack by Aldhibah · · Score: 3, Interesting

    I think we need another term to describe DDoS attack other than massive. Every DDoS attack is massive, that's kind of how they work. How about megalithic, prodigious, elephantine or gargantuan? Other suggestions?

    1. Re:"Massive" DDoS attack by Havenwar · · Score: 3, Insightful

      How about childish, old fashioned, pointless?

      I mean seriously, even if you manage to "kill" a large entity on the internet with a DDoS, all you do is give them more publicity and a few hours of people going "What? Where did it go? Oh, I'll check again to see if it works later." Shut a site down for days, keep it troubled for weeks, and you've expended great amounts of resources at.... giving them more publicity. If you've caused them any pain it's miniscule, they've regrouped, patched a few systems, installed a couple of load balancers, whatever it is they do... and then they are back. And the attack is over.

      It always ends.

      The only entity that a DDoS could be expected to be truly effective against would be one too small to be worth using it against.

  4. Re:"Massive" DoS attack by Rei · · Score: 2

    Well, when talking about a Denial-Of-Service (DOS) attack, if you want to elaborate with a new prefix, you need to address several things. One, the scope - is this a localized source, is it international, etc? Secondly, the scale - are we dealing with a large-scale attack, a small-scale attack, etc? Third, is it an automated attack with centralized control, such as a botnet or LOIC, or is it more akin to a "flash mob" DOS? In this particular case, we're dealing with a (G)lobal, (L)arge-scale and (A) automated. So there's your prefix to the Denial-Of-Service acronym.

    --
    We're practicing our labials.
  5. Ice T said it best... by logicassasin · · Score: 3, Interesting

    "Freedom of Speech... Just watch what you say"

    http://en.wikipedia.org/wiki/The_Iceberg/Freedom_Of_Speech..._Just_Watch_What_You_Say!

    I think the album cover is most appropriate in this situation.

    --
    Fifty watts per channel, baby cakes.