Wikileaks under mass distributed denial of service attacks
Wikileaks, the famous whistle blower website has attracted high attention after publishing confidential information otherwise not available to the public.in April 2010, WikiLeaks posted video from a 2007 incident in which Iraqi civilians and journalists were killed by U.S. forces, on a website called Collateral Murder. In July of the same year, WikiLeaks released Afghan War Diary, documents about the War in Afghanistan not previously available for public review.
Just recently, Wikileaks says it is the target of a computer-hacking operation, ahead of a release of secret US documents.
DDOS (Distributed Denial of Service)
Distributed denial-of-service attack (DDoS attack)
In short: Distributed Denial of Service, or DDoS. A group of computer users or an organization distributed across multiple systems floods the host's servers with spurious requests for access,
Is showed in the below graph, traffic to one of Wikileak’s primary hosting provider> At approximately 10:05am EST, traffic abruptly jumps by 2-4 Gbps as the attack begins.
The attack was "exceeding 10 Gigabits a second"
Another way to think of it is that someone, somewhere is demanding that the WikiLeaks cablegate site deliver the equivalent of 114 movies per second
.
That's a massive attack, but it's not as big as some it has survived in the past. So why did it have so much trouble today?
Amazon dropped it
On 2 December 2010 Amazon.com severed its ties with WikiLeaks, to which it was providing infrastructure services, after an intervention of an aide of US Senator Joe Lieberman. Amazon denied acting under political pressure citing a violation of its terms of service. Fuck !
DNS too (Dynamic Network Services Inc.)
On 2 December 2010 American owned EveryDNS dropped WikiLeaks from its entries, citing DDoS attacks that "threatened the stability of its infrastructure".
The site's 'info' DNS lookup remained operational at alternative addresses for direct access respectively to the Wikileaks and Cablegate websites
The Hacker who took it down (The Jester)
th3j35t3r
So who is this hacker?
The hacker, who calls himself The Jester and goes by the name th3j35t3r on Twitter, said he was motivated to take down WikiLeaks for patriotic reasons. He also said his other targets include Web sites used by Al Qaeda and other terrorists groups for recruiting purposes.
He apparently developed a multi-thread, thin-client denial of service attack application that effectively allows him to launch a distributed denial of service (DDOS) attack on a website from a single linux server.
The everal interviews with The Jester, along with two videos he made for Infosec Island that demonstrate the XerXeS Dos attack in action.
