WikiLeaks Targeted In Second DDoS Attack

Hackers have pummeled the whistleblower haven WikiLeaks with a series of cyber attacks which successfully shut down the site over the weekend and on Tuesday.

The WikiLeaks site issued an alert on Tuesday via Twitter and Facebook that the site was unavailable due to a denial of service attack. Distributed denial of service attacks are launched with the intention of crashing a network by subjecting it to more access requests than it can handle.

The whistleblowing site was first hit with a DDoS attack over the weekend, shortly after WikiLeaks executives embarked on an initiative to publish 281 diplomatic cables from a pool of 250,000 -- a project since dubbed "cablegate." Among other things, the cables revealed that U.S. officials were aware that the Chinese government was behind cyber attacks targeting Google and 30 other major international corporations in January of this year.

The source of the most recent attacks thus far remains unknown and no one group has claimed responsibility.

Over the weekend, a hacker known as The Jester threatened to attack WikiLeaks' Web site if the cables went live, claiming that their release would endanger U.S. troops abroad. However, security experts say that there is no conclusive evidence suggesting that The Jester was responsible for the attacks.

Meanwhile, despite the attacks, WikiLeaks maintains that the rest of the 251,287 cables will be published. "El Pais, Le Monde, Speigel, Guardian and NYT will publish many US embassy cables tonight, even if WikiLeaks goes down," it said.

Prior to the cables' release, WikiLeaks had attempted to mitigate the risk of an attack by hosting the information on three separate IP addresses -- a precaution that failed to prevent the subsequent DDoS attack from occurring.

Arbor Networks, which analyzed WikiLeaks traffic around the time of the attacks, said that WikiLeaks redirected DNS from its Swedish hosting provider to use mirror sites hosted by a large cloud provider based in Ireland.

"While the DDoS attack generated an outpouring of blog posts, news articles and tweets, it appears to have had little impact on the WikiLeaks "Cablegate" disbursement of documents," said Craig Labovitz, Arbor Networks chief scientist, in a blog post Monday.

Overall, the attack used between 2 and 4 Gbps, making it "modest in the relative scheme of recent attacks against large Web sites," Labovitz said. "Though, TCP and application level attacks generally require far lower bps and pps rates to be effective."

Next: WikiLeaks Previously Victim Of DDoS Attacks

Labovitz said that evidence suggested that the hosting and upstream providers decided to blackhole all WikiLeaks traffic, or silently dropping the traffic, as opposed to transiting, which would allow the traffic to cross the computer network.

This isn't the first time that WikiLeaks has been the victim of a malicious cyber attack, he added. The site was targeted in 2008 with a DDoS attack shortly before it released leaked Swiss bank information.