WikiLeaks Back Online After Massive DDoS Attack 56
Trailrunner7 writes "Controversial document-sharing site WikiLeaks was back online Monday evening after sustaining a week-long distributed denial-of-service attack. The organization apparently received some extra capacity and assistance from Web performance and security firm Cloudfare to counter the 10 gigabits per second of bogus traffic that overwhelmed servers for numerous WikiLeaks domains and several supporters' sites. Targets included WikiLeaks' news aggregation site and its donations infrastructure, which it calls the Fund for Network Neutrality. A few days ago the organization posted a statement describing what it surmised was a DNS amplification attack. 'Broadly speaking, this attack makes use of open DNS servers where attackers send a small request to, the fast DNS servers then amplify the request, the request has now increased somewhat in size and is sent to the server of wikileaks-press.org. If an attacker then exploits hundreds of thousands of open DNS resolvers and sends millions of requests to each of them, the attack becomes quite powerful. We only have a small uplink to our server, the size of all these requests was 100,000 times the size of our uplink.'"
Speak truth to power, get shitstorm in return (Score:5, Insightful)
It's funny how everyone says they like the truth, openness, honesty, free speech--all that shit. Well, until someone dares actually exercise any of that stuff when it exposes THEM, of course. Then it's GODDAMN WAR!!
It kind of reminds me of the old crack my union friend used to make back in the day: "Ronald Reagan loves labor unions, as long as they're in Poland."
Re:Speak truth to power, get shitstorm in return (Score:5, Informative)
I think GP meant that Wikileaks was exercising truth, openness, etc - and some people who didn't like that were responsible for the DDoS.
Re: (Score:1)
Oh, and speaking of Morals, i never post AC. If my comment draws ire, so be it.
I am not afraid of the internet.
Re: (Score:2)
And that entity should be the government, of course!
Re:Speak truth to power, get shitstorm in return (Score:5, Insightful)
I agree, troop movement and positions
... were never exposed by Wikileaks, contrary to the squawking of Faux News' talking heads. Also notable, 'exposing troop movements and positions' wouldn't be an issue if our government didn't insist on sending them all over the world for some imperialistic bullshit.Ultimately, the responsibility for putting troops in harms way lies with the armchair generals in D.C., not Wikileaks.
Although I do agree that evil should be exposed, good should not always be exposed.
"Good" has nothing to hide, or at least, so says every cop who has ever wanted to search my property.
Re: (Score:1)
Ok, look. The Micro$oft thing worked, because the $ could be likened to an S. This popular spelling of Fox News would work if Faux was pronounced Fox, but it isn't. Faux could be applied to numerous news outlets.
Re: (Score:2)
This popular spelling of Fox News would work if Faux was pronounced Fox, but it isn't. Faux could be applied to numerous news outlets.
By what metric do you surmise that I was specifically referring to FOX News, and not corporate media in general (i.e. "numerous news outlets")?
Your preconceptions cloud your judgement, friend.
Re: (Score:2)
you actually watch fox news? Why? It's a lot faster to just read their website.
Re: (Score:2)
Thanks for reminding me. Sex House is on!
Re: (Score:1)
Re: (Score:3)
... good should not always be exposed.
Except lots of stuff gets covered up (just) because it is, or looks, "bad".
Re: (Score:1)
Good and Evil are subjective, which is the whole point of exposing information. It lets everyone decide.
Re: (Score:2)
Re: (Score:2)
"If they're shooting at you then you must be doing something right"
-- Muammar Gaddafi
Re: (Score:2)
"If they're shooting at you then you must be doing something right"
-- Muammar Gaddafi
FTFY
-- Andrew Mackintosh, West Wing
Re: (Score:2)
It's funny how everyone says they like the truth, openness, honesty, free speech--all that shit. Well, until someone dares actually exercise any of that stuff when it exposes THEM, of course. Then it's GODDAMN WAR!!
It kind of reminds me of the old crack my union friend used to make back in the day: "Ronald Reagan loves labor unions, as long as they're in Poland."
Wait, who are you talking about here? Because a DDoS attack is exactly how most Wikileaks supporters act against their perceived enemies, and I have to say, I think having the tables turned and have Wikileaks DDoSed in turn is, well, highly appropriate. Maybe now their supporters will learn that breaking the Internet in such a manner to make a point is not acceptable, from anyone.
Who am I kidding, they'll probably search for the source and launch a DDoS attack of their own. People never learn, and large mo
Re: (Score:2)
I think having the tables turned and have Wikileaks DDoSed in turn is, well, highly appropriate.
I am in no ways an expert in this type of thing, but from the sound of it, the DDoS on WL was much more sophisticated that those normally perpetrated by Anonymous and the like.
Re: (Score:1)
[citation needed]
I'm a WikiLeask supporter; I've never DDoS'd anyone.
Re:Speak truth to power, get shitstorm in return (Score:4, Insightful)
So since you seem to be implying that the US and/or the West was behind a DDoS — because that's how the US rolls in the cyber realm: DDoSing targets [insert rolling eyes emoticon here] — I think you should turn your attention to this:
http://wikileaks.org/syria-files/ [wikileaks.org]
---
Social Media Becoming Online Battlefield in Syria - Mashable
Social media is often credited with helping spread the Arab Spring, as activists shared messages of discontent and organized protests using Facebook and Twitter. More than a year after the Arab Spring began in Tunisia, it has become a megaphone for propaganda from both sides of the struggle in conflict-ridden Syria.
http://mashable.com/2012/08/09/social-media-syria/ [mashable.com]
---
Disinformation flies in Syria's growing cyber war - Reuters
On Sunday, it was a hijacked Reuters Twitter feed trying to create the impression of a rebel collapse in Aleppo. On Monday, it was another account purporting to be a Russian diplomat announcing the death in Damascus of Syrian President Bashar al-Assad.
http://www.reuters.com/article/2012/08/07/us-syria-crisis-hacking-idUSBRE8760GI20120807 [reuters.com]
---
Reuters Twitter account hijacked, fake tweets sent - CNET
The hack of news agency's tech feed comes two days after its Web site was breached and defaced with a phony pro-Syrian government story.
http://news.cnet.com/8301-1023_3-57486971-93/reuters-twitter-account-hijacked-fake-tweets-sent/ [cnet.com]
---
Reuters hacked, phony Syria stories posted - CNET
Bogus posts reported on setbacks suffered by rebel Free Syrian Army fighting Assad regime.
http://news.cnet.com/8301-1009_3-57486463-83/reuters-hacked-phony-syria-stories-posted/ [cnet.com]
---
Nah, it's easier to live in the topsy-turvy bizarro land where the US is what's wrong with the world.
Re: (Score:2)
Re: (Score:2)
It's funny how everyone says they like the truth, openness, honesty, free speech--all that shit. Well, until someone dares actually exercise any of that stuff when it exposes THEM, of course. Then it's GODDAMN WAR!!
You're talking about Julian Assange, right?
Re: (Score:1)
It's funny how everyone says they like the truth, openness, honesty, free speech--all that shit. Well, until someone dares actually exercise any of that stuff when it exposes THEM, of course. Then it's GODDAMN WAR!!
Yes, your indignation is even more funny since Wikileaks supporters have DDoSed others for exercising their rights to free speech and free association, too.
Re: (Score:2)
Why couldn't it just be some anons doing it for lulz? Or some other country that doesn't like to preach about "openness, honesty, free speech"? After all, Wikileaks has released documents on more than one country.
Also, don't forget the two verses of the Slashdot Gospel: 1) ip address is insufficient to identify people, 2) we cannot jump to conclusions since more than one entity can benefit from this act, and this could very well be a false flag to discredit a country.
(source: 1) every slashdot article about
Re: (Score:1)
But we are only supposed to be skeptical of things that aren't our sacred cows. This is why this very same person will handwave away any evidence that disproves AGW denialism (even when it comes from studies consucted and funded by other denialists) but if Julian Assange or Wikileaks says anything he attacks anyone who dares question them.
Re: (Score:2)
What makes you think that DietPepsi [theregister.co.uk] is not the leader's real name? ;)
Re: (Score:3)
"it's perfectly rational to want to protect information that could be damaging to you."
Yes, but it's not acceptable for the elected government of a supposedly free democratic republic to suppress information because it exposes their incompetence and/or malfeasance.
Government should have very few secrets in general and should never suppress information simply because it might be "damaging" to them in terms of "reputation" or might conflict with the official narrative they are trying to sell to the American p
Bravo Cloudflare! (Score:5, Interesting)
I've been using Cloudflare [cloudflare.com] for my DNS hosting since the beta days and they are an outstanding group of individuals. Their free DNS hosting is top-notch, with no pressure to upgrade to the paid option. They are some of the same people behind Project Honeypot [projecthoneypot.org]. It's good to see firms like Cloudflare stand up and be counted when free and open access to information is threatened.
Re: (Score:2)
"Massive" DDoS attack (Score:3, Interesting)
I think we need another term to describe DDoS attack other than massive. Every DDoS attack is massive, that's kind of how they work. How about megalithic, prodigious, elephantine or gargantuan? Other suggestions?
Re:"Massive" DDoS attack (Score:4, Insightful)
How about childish, old fashioned, pointless?
I mean seriously, even if you manage to "kill" a large entity on the internet with a DDoS, all you do is give them more publicity and a few hours of people going "What? Where did it go? Oh, I'll check again to see if it works later." Shut a site down for days, keep it troubled for weeks, and you've expended great amounts of resources at.... giving them more publicity. If you've caused them any pain it's miniscule, they've regrouped, patched a few systems, installed a couple of load balancers, whatever it is they do... and then they are back. And the attack is over.
It always ends.
The only entity that a DDoS could be expected to be truly effective against would be one too small to be worth using it against.
Re: (Score:2)
"The only entity that a DDoS could be expected to be truly effective against would be one too small to be worth using it against."
Depends what you mean by "effective". Knocking out a site permanently? Of course not. Putting it out of service at a time that's critical to the business? It happens.
I read an article where a gambling site was being extorted by a group threatening to do a DDoS attack at critical moments, say, right before some big sporting event. It was actually very effective.
Re: (Score:2)
Fair enough, for an extremely small subset of sites I can see how it would have a worrisome impact on their bottom line, namely as you mentioned betting sites if properly timed. I'm sure there are one or two other use-cases I'm missing, but the point remains... DDoS has become the hammer of the "angry child on the internet" toolbox. To them, every problem looks like a nail. To most of us, we just roll our eyes at them and get on with our lives. Maybe we have some interesting discussions on internet security
Re: (Score:2)
If you've caused them any pain it's miniscule, they've regrouped, patched a few systems, installed a couple of load balancers, whatever it is they do.
You need sufficiant bandwidth to receive all the traffic (legit and DDoS) and then sufficient hardware to return legitimate responses for the legimate traffic while dealing with the DDoS traffic. Depending on the details of the DDoS traffic it may be possible to filter it or it may have to be dealt with as if it was legitimate traffic. For a large scale DDoS attack you are unlikely to have these resources in-house so you will have to find a company (likely a content delivery network) to do it for you. Unles
Re: (Score:2)
Yes, it is indeed a foregone conclusion that the attacker will break first, if the company/entity they are attacking is anything but small to mid sized. Anything larger than that should be able to absorb the costs you talk about as a roadbump. A significant loss, quite possibly, but in business school they taught us to always be prepared for unexpected loss.
Your hosting provider won't let you sit back and wait? Do they also hold you responsible for lightning strikes? I think you need to switch hosting provi
Re:"Massive" DoS attack (Score:3)
Well, when talking about a Denial-Of-Service (DOS) attack, if you want to elaborate with a new prefix, you need to address several things. One, the scope - is this a localized source, is it international, etc? Secondly, the scale - are we dealing with a large-scale attack, a small-scale attack, etc? Third, is it an automated attack with centralized control, such as a botnet or LOIC, or is it more akin to a "flash mob" DOS? In this particular case, we're dealing with a (G)lobal, (L)arge-scale and (A) aut
Re: (Score:2)
I like "Jovian". Has a ring of absurdity to it.
Ice T said it best... (Score:4, Interesting)
"Freedom of Speech... Just watch what you say"
http://en.wikipedia.org/wiki/The_Iceberg/Freedom_Of_Speech..._Just_Watch_What_You_Say [wikipedia.org]!
I think the album cover is most appropriate in this situation.
When you're in the business of pissing people off (Score:2)
When you're in the business of pissing off companies, governments, and occasionally people, it's a bit naive to assume that they won't respond in some way..