DoS attacks hammer WikiLeaks for second day running

Attackers have upped their game, says Internet traffic researcher

WikiLeaks, the focus of attention since it released a quarter-million U.S. diplomatic cables two days ago, is again under a denial-of-service (DoS) attack, Internet researchers said today.

The site remained online with some short interruptions, however, as did a secondary site,, where nearly 300 U.S. State Department internal messages have been published thus far.

[The attackers] have upped their game," said Craig Labovitz, chief scientist at Arbor Networks, a supplier of anti-DoS technology.

"This looks like a different attack from yesterday. It's a more complex attack, with multiple components, and it's a more significant attack," added Labovitz.

WikiLeaks echoed Labovitz's take on today's attack. According to the organization's Twitter account, Tuesday's attack quickly reached 10Gbit/sec (gigabits-per-second), or two-and-a-half to five times larger than Monday's.

Labovitz estimated yesterday's DoS, which was launched by a single hacker, at between 2Gbit/sec and 4Gbit/sec.

WikiLeaks has been under assault since shortly after it began publishing diplomatic cables from a trove of more than 250,000 messages. The group provided several newspapers with the complete cache, but is releasing the cables to the public in small dribbles on In the U.S., the New York Times has been writing about the contents of the cables.

Both WikiLeaks' main site, , and the Cablegate site were being attacked today, said Labovitz.

Labovitz declined to go into specifics on the extent of Tuesday's DoS, saying that he was still compiling data from Arbor's ATLAS (Active Threat Level Analysis System) network, which collects Internet traffic data from approximately 120 carriers and providers worldwide.

U.K.-based Netcraft, however, spelled out its findings in detail.

According to Netcraft's traffic measurements, WikiLeaks and Cablegate were both hit hard today, with the latest failures of the sites occurring about 6 a.m. ET.

Netcraft explained how WikiLeaks and Cablegate remained operational for the most part during the DoS attacks.

"The cablegate hostname is still configured to use three different IP addresses on a round-robin basis, essentially acting as a load balancer," said Netcraft's Paul Mutton in a post to the company's blog Tuesday.

Labovitz had a different idea.

"They've been moving their hosting around," said Labovitz, referring to WikiLeaks. "They seem to have gone from using small providers to using larger providers, which have better capabilities to deal with these attacks."

Most large hosting companies use one or more technologies or techniques to fend off DoS attacks, Labovitz continued. "DoS is part and parcel of the Internet today," he said. "There's nothing unique to WikiLeaks except the amount of publicity it's received. There are enterprises that [undergo] much larger DoS attacks on a regular basis."

Yesterday, WikiLeaks shifted its site to servers operated by

Although a single hacker, who goes by the nickname of "The Jester" -- penned in leetspeak as "th3j35t3r" -- claimed responsibility for Monday's attack, which one security expert said was not launched via a botnet, today's DoS looked more coordinated, said Labovitz. He wasn't able to tell, however, whether it originated from a single source or from a botnet.

"There's enough publicity surrounding WikiLeaks [and the leaked cables] that this will be an ongoing event for them," Labovitz said.

Join the CSO newsletter!

Error: Please check your email address.

Tags arbor networksCybercrime and HackingGooglesecuritytwittergovernmentinternetGovernment/Industries

More about Amazon.comAmazon Web ServicesArbor NetworksGoogleNetcraft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Gregg Keizer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts