Denial-of-service Attack Hits Wikileaks During US Diplomatic Cables Leak Release
As it was preparing to begin releasing a massive cache of secret US diplomatic cables, WikiLeaks was hit by a major distributed denial-of-service (DDoS) attack, which temporarily crippled its website.
The announcement was made from the organizations official Twitter account and read: “We are currently under a mass distributed denial of service attack.”
The identity of the attacker has not been confirmed, but a hacktivist who specializes in attacking jidhadist websites, took credit for the DDoS via his Twitter account. He also noted that “If I was a wikileaks ‘source’ right now I’d be getting a little twitchy, if they cant protect their own site, how can they protect a src?”
He publicly declared his disapproval of WikiLeaks’ actions in the past and even suggested that he has compromising information about the organization and its activities. Part of his research into WikiLeaks supposedly touches on the insecurity of its infrastructure and its inability to protect the identity of sources.
He also claims to have a tool capable of launching successful (non-distributed) denial of service attacks with little bandwidth and from a single Linux machine. If this is, indeed, the case, it might be a tool like Slowloris, which opens several HTTP sessions and keeps them open for as long as possible. Most servers are configured to handle only a set number of connections; the infinite sessions prevent legitimate requests from being handled, shutting down the site.
Such attacks are actually possible and in general they rely on tricking Web servers into keeping connections alive for long periods of time. Opening enough such connections will eventually exhaust the web server’s resources rendering it unresponsive to others until the attack stops.
With or without the DDoS, WikiLeaks did go ahead and published the potentially embarrassing diplomatic cables, which the US government fears could endanger lives and ruin foreign relations.
Credit: Softpedia.com News
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.