DoS attacks hammer WikiLeaks for second day running
Attackers have 'upped their game,' says Internet traffic researcher
Computerworld - WikiLeaks, the focus of attention since it released a quarter-million U.S. diplomatic cables two days ago, is again under a denial-of-service (DoS) attack, Internet researchers said today.
The site remained online with some short interruptions, however, as did a secondary site, cablegate.wikileaks.org, where nearly 300 U.S. State Department internal messages have been published thus far.
[The attackers] have upped their game," said Craig Labovitz, chief scientist at Arbor Networks, a supplier of anti-DoS technology.
"This looks like a different attack from yesterday. It's a more complex attack, with multiple components, and it's a more significant attack," added Labovitz.
WikiLeaks echoed Labovitz's take on today's attack. According to the organization's Twitter account, Tuesday's attack quickly reached 10Gbit/sec (gigabits-per-second), or two-and-a-half to five times larger than Monday's.
Labovitz estimated yesterday's DoS, which was launched by a single hacker, at between 2Gbit/sec and 4Gbit/sec.
WikiLeaks has been under assault since shortly after it began publishing diplomatic cables from a trove of more than 250,000 messages. The group provided several newspapers with the complete cache, but is releasing the cables to the public in small dribbles on cablegate.wikileaks.org. In the U.S., the New York Times has been writing about the contents of the cables.
Both WikiLeaks' main site, wikileaks.org, and the Cablegate site were being attacked today, said Labovitz.
Labovitz declined to go into specifics on the extent of Tuesday's DoS, saying that he was still compiling data from Arbor's ATLAS (Active Threat Level Analysis System) network, which collects Internet traffic data from approximately 120 carriers and providers worldwide.
U.K.-based Netcraft, however, spelled out its findings in detail.
According to Netcraft's traffic measurements, WikiLeaks and Cablegate were both hit hard today, with the latest failures of the sites occurring about 6 a.m. ET.
Netcraft explained how WikiLeaks and Cablegate remained operational for the most part during the DoS attacks.
"The cablegate hostname is still configured to use three different IP addresses on a round-robin basis, essentially acting as a load balancer," said Netcraft's Paul Mutton in a post to the company's blog Tuesday.
Labovitz had a different idea.
"They've been moving their hosting around," said Labovitz, referring to WikiLeaks. "They seem to have gone from using small providers to using larger providers, which have better capabilities to deal with these attacks."
Most large hosting companies use one or more technologies or techniques to fend off DoS attacks, Labovitz continued. "DoS is part and parcel of the Internet today," he said. "There's nothing unique to WikiLeaks except the amount of publicity it's received. There are enterprises that [undergo] much larger DoS attacks on a regular basis."
Yesterday, WikiLeaks shifted its site to servers operated by Amazon.com.
Although a single hacker, who goes by the nickname of "The Jester" -- penned in leetspeak as "th3j35t3r" -- claimed responsibility for Monday's attack, which one security expert said was not launched via a botnet, today's DoS looked more coordinated, said Labovitz. He wasn't able to tell, however, whether it originated from a single source or from a botnet.
"There's enough publicity surrounding WikiLeaks [and the leaked cables] that this will be an ongoing event for them," Labovitz said.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at
@gkeizer or subscribe to Gregg's RSS feed
. His e-mail address is gkeizer@computerworld.com.
Data breaches
- In the cloud, a data breach is only as bad as your contract
- Hackers probably stole Steam transaction data, Valve says
- Cisco's John Stewart on the latest security threats and what enterprises can do to fight back
- Foxconn said to have been hacked by group critical of working conditions
- 4 keys for IP protection
- Final phase of Mass. data protection law kicks in March 1
- IT pros say data breach assessment is more valuable than notification, study says
- Proposed EU data protection rules include right to be forgotten
- Cyber insurance offers IT peace of mind -- or maybe not
- Two new tools exploit router security setup problem
Read more about Security in Computerworld's Security Topic Center.



- Excel 2010 Cheat Sheet
- Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.
- Expert Guide to Secure Your Active Directory
- Layered security is the way to go when it comes to protecting Active Directory. This expert e-guide explains the best method to use...
- ESG Lab Validation Report: HP Data Protector & Deduplication Solutions
- Many organizations have deployed disk-to-disk backup technologies to improve the speed and reliability of their backup and disaster recovery operations. A growing number...
- Overcome Top 7 Admin Challenges of Active Directory
- As Active Directory's role in the enterprise has drastically increased, so has the need to secure the data. Gain insight on creating repeatable,...
- Insiders Can Ruin Your Company. Take Action.
- Did you know that 80 percent of threats to an organization come from the inside? The threat from insiders is often overlooked in...
- Top Solutions and Tools to Prevent Devastating Malware
- Custom malware frequently goes undetected. According to Forrester Research, the best way to reduce risk of breach is to deploy file integrity monitoring... All Security White Papers
- Live Webcast
Playing Defense: Staying on Top of Your Disaster Recovery Game - When it comes to disaster recovery, rapidly growing data volumes, distributed computing models, and new technologies all combine to present an ever-changing playing...
- Introduction to VMware vCenter Site Recovery Manager 5
- Traditional disaster recovery solutions are often too expensive, complex and unreliable to meet business requirements. As a result, IT departments are hesitant to...
- The Top Ten Secrets to Avoiding SAN Performance Problems
- Maintaining peak performance while simultaneously addressing the root cause of SAN errors is challenging. Learn the most common SAN problems and explore new...
- Deduplication Without Compromise
- Go inside Quantum's scalable, high-performance, multi-protocol new DXi deduplication appliances, designed to make backup much more effective. Discover how the new future-proof DXi6700...
- Director of Disk Products Discusses DXi6700
- Discover how the new DXi 6700 series of deduplication appliances provide investment protection and a future-proof feature set, all while delivering fast, scalable,...
- Playing Defense: Staying on Top of Your Disaster Recovery Game
- When it comes to disaster recovery, rapidly growing data volumes, distributed computing models, and new technologies all combine to present an ever-changing playing... All Security Webcasts
