WikiLeaks moves to Amazon cloud to weather DDOS attacks

Two days of increasingly intense attacks sparked by 'Cablegate'

Well, here's a good advertisement if you're in the cloud-services business:

After two days of increasingly intense DDOS attacks, controversial secret-government information site WikiLeaks has moved or expanded from the Swedish PRQ hosting provider to Amazon's EC2 cloud service. It may have previously switched at least part of its content to the French ISP Octopuce.

Specifically, according to traces by Computerworld and other sites, WikiLeaks' data is feeding from two sites owned by Amazon: one in Seattle and one in Ireland. It is not the first time WikiLeaks has moved content to Amazon to weather heavy traffic. It also maintains a long list of mirror sites.

The DDOS attacks started Nov. 28, days after WikiLeaks announced it would release thousands of secret U.S. State Department diplomatic cables, but before actually posting them.

A hacker or organization that calls itself The Jester has claimed credit for the attacks, which hovered around 4Mbit/second Monday and reached as high as 10Gbit/sec Tuesday, according to anti-DOS service providers.

The documents were spread out between the main WikiLeaks site and a secondary site called which, between then, used three IP addresses, rotated to balance the load of connection requests.

The sites were unavailable intermittently Tuesday as a result of the attacks, which came from a small number of IP addresses, largely in Russia, eastern Europe and Thailand.

TheJester -- interviewed in March by InfoSecIsland -- to has claimed responsibility for previous attacks using the XerXeS attack tool on jihadist organizations.

TheJester posts updates on its own Twitter feed.

Ten gigabits per second is a big attack, but not in the most-aggressive league, according to Ben Petro, SVP of Network Intelligence and Availability at Verisign.

"Most Web sites fail with about 50Mbit/sec of traffic," Petro said. "The largest attack we've seen against a commercial customer was in the 18Gbit/sec range, but for government and top-level domains, we've recorded attacks as high as 28Gbit/sec for as long as two hours at a time."

Those attacks are very expensive, largely because of the time and cost involved in developing the botnets that deliver the attacks, Petro said in an interview earlier in the month.

Kevin Fogarty writes about enterprise IT for ITworld. Follow him on Twitter @KevinFogarty.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon