WikiLeaks Hit With DoS Attack as It Releases Tens of Thousands of Cables

By: Kevin Gosztola Wednesday August 24, 2011 9:13 am

Hours after announcing it would be releasing tens of thousands of cables from various countries including Libya, China, Israel and Afghanistan, WikiLeaks announced that it was sustaining denial of service (DOS) attacks and had “regressed” to its backup servers.

Not surprisingly, WikiLeaks suggested on Twitter that the attacks were from a state-sponsored entity. The organization asked, “Are state directed Denial of Service attacks, legally, a war crime against civilian infrastructure?” And, “Should we, legally, declare war on state aggressors that commit infrastructure war crimes against us?”

These messages came early in the morning on August 24. Releases had already been posted. Followers were helping WikiLeaks “crowd source” the cables by tweeting out their findings with the hashtag #wlfind.

“Note how DOS attacks on WikiLeaks are not investigated but DoS attacks on corrupt finance companies lead to dozens of arrests,” the Twitter feed for WikiLeaks declared. Salon blogger Glenn Greenwald wittily reacted, “I’m sure the DOJ will investigate the cyber-attacks on WikiLeaks as aggressively as those on Paypal, Amazon, MasterCard & Sony.”


The issue of DoS attacks has exposed where the powerful in America place their priorities and how some computer crimes are not computer crimes worth investigating. In July, sixteen individuals alleged to be members of the hacktivist group Anonymous, known for engaging in cyber operations for political and social reasons. The FBI raided homes seizing computers and computer-related accessories. The Justice Department claimed fourteen of the individuals had been part of the distributed denial of service (DDoS) attacks on PayPal back in December 2010, when PayPal suspended WikiLeaks’ accounts, making it impossible for the organization to receive donations via PayPal.

Marcy Wheeler notes that as the FBI was rounding up low-level hackers, the Justice Department had not indicted anyone for the massive DDoS attack against WikiLeaks that took place eight days before the DDoS attacks on PayPal, Visa and MasterCard. She draws attention to the fact that the WikiLeaks website had been proposed as a “first pubic target for a US government cyberattack.” In fact, in 2008, the Defense Department had the US Army Counterintelligence Center, Cyber Counterintelligence Assessments Branch and the Defense Department Intelligence Analysis Program prepare an assessment on the threat posed by WikiLeaks.

What the assessment concluded was that (not simply WikiLeaks but the website itself) represented a “potential force protection, counterintelligence, OPSEC and INFOSEC threat to the US Army.” They found the “unauthorized release of DoD sensitive and classified documents could provide foreign terrorist groups, insurgents and foreign adversaries with “potentially actionable information” for targeting US forces. They also found the website could be used to “post fabricated information, misinformation, disinformation or propaganda” that “could be used in perception management and influence operations to convey a positive or negative message.”

In May, as the Pentagon was set to unveil its cybersecurity strategy, officials with the Pentagon indicated that cyber attacks could be considered acts of war. The Pentagon suggested there might be ”equivalence” between electronic attacks and physical ones and that “use-of-force” considerations could be made that might “merit retaliation.” One unnamed official even said, “if you shut down our power grid, maybe we will put a missile down one of your smokestacks.”

Justice Department’s lack of interest in investigating the attack has led many to conclude the attack likely came from some agency or institution affiliated with the US government, as there seems to be no effort to find out who was involved and how those involved justified launching an attack. The media hasn’t done any investigation into attacks on WikiLeaks infrastructure, and why should they? To many journalists, WikiLeaks is a threat to their profession.

Evgeny Morozov in his book The Net Delusion explains DoS attacks are “an increasingly popular way of silencing one’s opponents.” A website has a limit to the number of simultaneous users it can handle. DoS attacks take advantage of “resource constraints” a website has by sending “fake visitors,” which are often generated by computers infected with malware or viruses that allow a “third party to establish full command over them and use their resources how they see fit.”

The attacks take a lot of traffic. Cleaning up after a DoS attack can take quite a while and the hosting companies for websites that experience DoS attacks typically have to pay the bills for costs incurred during the attack. This means DoS attacks are a way of suppressing speech or expression on the Internet that is controversial or unpopular. It is a current tactic that entities can use to force censorship.

For example, Morozov recounts the DoS attacks against Tomaar, a forum that was started by several US-educated Saudis. The Saudi government grew weary of the success of the website. The Saudi government managed to block Internet service provider (ISP) requests for Tomaar’s URL, but fans of Tomaar were able to use censorship-circumvention tools and get around the government’s block on Tomaar.

The Saudi government realized they had not done enough and began to mount a DoS attack against the website. The website was overloaded with traffic. This led to the US company hosting Tomaar to inform the site owners their contract was being terminated. The site was now a “digital refugee.” (Recall, just after suffering a massive DoS attack was when WikiLeaks’ had its domain name terminated.)  Tomaar didn’t know what was happening, but it soon figured out it had suffered a DDoS attack.

DoS attacks can significantly eat into the budgets of organizations like WikiLeaks. To any entity or person wanting to inhibit operations, threat of DoS attacks, according to Morozov, require “strategizing about server administration,” back-up plans in case of DDoS emergencies and budgets for expensive anti-DDoS protection services. Clearly, WikiLeaks is one website that any company or host service would regard as a site prone to DoS attacks and this only makes operations more difficult.

As if DoS attacks weren’t enough, WikiLeaks was further reminded it is still in the cross hairs of the US government.   Its DNS host service based in California, Dynadot, informed them that they had been given a Patriot Act production order that required them to turn all information they had on Julian Assange over for use in the Grand Jury investigation into WikiLeaks that is going on in Alexandria, Virginia. The service informed WikiLeaks it would be complying with the request.

Despite the DoS attacks and the continued targeting of WikiLeaks by a grand jury investigation, WikiLeaks continues to release batches of cables. The thousands of cables on Israel that were promised are out now. So is a batch on Afghanistan. (See here for some of the revelations from the cables released thus far.)

Be Sociable, Share!