DoS attacks hammer WikiLeaks for second day running

Attackers have 'upped their game,' says Internet traffic researcher

By , Computerworld |  Security, DDOS, denial of service

WikiLeaks, the focus of attention since it released a quarter-million U.S. diplomatic cables two days ago, is again under a denial-of-service (DoS) attack, Internet researchers said today.

The site remained online with some short interruptions, however, as did a secondary site, cablegate.wikileaks.org, where nearly 300 U.S. State Department internal messages have been published thus far.

[The attackers] have upped their game," said Craig Labovitz, chief scientist at Arbor Networks, a supplier of anti-DoS technology.

"This looks like a different attack from yesterday. It's a more complex attack, with multiple components, and it's a more significant attack," added Labovitz.

WikiLeaks echoed Labovitz's take on today's attack. According to the organization's Twitter account, Tuesday's attack quickly reached 10Gbit/sec (gigabits-per-second), or two-and-a-half to five times larger than Monday's.

Labovitz estimated yesterday's DoS, which was launched by a single hacker, at between 2Gbit/sec and 4Gbit/sec.

WikiLeaks has been under assault since shortly after it began publishing diplomatic cables from a trove of more than 250,000 messages. The group provided several newspapers with the complete cache, but is releasing the cables to the public in small dribbles on cablegate.wikileaks.org. In the U.S., the New York Times has been writing about the contents of the cables.

Both WikiLeaks' main site, wikileaks.org , and the Cablegate site were being attacked today, said Labovitz.

Labovitz declined to go into specifics on the extent of Tuesday's DoS, saying that he was still compiling data from Arbor's ATLAS (Active Threat Level Analysis System) network, which collects Internet traffic data from approximately 120 carriers and providers worldwide.

U.K.-based Netcraft, however, spelled out its findings in detail.

According to Netcraft's traffic measurements, WikiLeaks and Cablegate were both hit hard today, with the latest failures of the sites occurring about 6 a.m. ET.

Netcraft explained how WikiLeaks and Cablegate remained operational for the most part during the DoS attacks.

"The cablegate hostname is still configured to use three different IP addresses on a round-robin basis, essentially acting as a load balancer," said Netcraft's Paul Mutton in a post to the company's blog Tuesday.

Labovitz had a different idea.


Originally published on Computerworld |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question
randomness