Friday, December 3, 2010

Under Biggest-Ever Cyberattack, WikiLeaks Searches For New Hosts

http://blogs.forbes.com/andygreenberg/2010/12/01/under-biggest-ever-cyberattack-wikileaks-searches-for-new-hosts/?boxes=Homepagelighttop

Under Biggest-Ever Cyberattack, WikiLeaks Searches For New Hosts
Dec. 1 2010 - 2:58 pm | 577 views | 1 recommendation | 1 comment
By ANDY GREENBERG
Founder of the Wikileaks website Julian Assang...

Image by AFP/Getty Images via @daylife

Updated below.

WikiLeaks founder Julian Assange, since enraging governments the world over and facing rape charges in Sweden, has been searching for a nation that will offer him asylum. Now his website is seeking refuge, too–from the largest cyberattack it’s ever faced.

A WikiLeaks source who asked not to be named says that half of WikiLeaks servers have gone offline under a two-day flood of fraudulent traffic, what’s commonly known as a denial of service attack. WikiLeaks is actively searching for new hosts for its Web servers, ideally offered free-of-charge by volunteers, according to the source. The source also said that the attack was the largest in the whistleblower site’s history, and the first to “actually cause harm” to WikiLeaks, although none of the site’s private data has been compromised.

On Wednesday afternoon, WikiLeaks.org was buckling under the attack, apparently offline. The WikiLeaks source says that it may take hours to resuscitate.

Update: As of 4pm Wednesday, WikiLeaks.org was back online.

Though the traffic seemed to originate in France, the source says, it could easily have been redirected through France from another country.

The Associated Press has reported that WikiLeaks “appears to have lost or left” Amazon, its main Web hosting service. WikiLeaks later wrote on its twitter feed that its servers had been banished from Amazon.

“WikiLeaks servers at Amazon ousted,” the tweet reads. “Free speech the land of the free–fine our $ are now spent to employ people in Europe.

“If Amazon are so uncomfortable with the first amendment,” WikiLeaks later added on twitter, “they should get out of the business of selling books.”

But the WikiLeaks source says that some of the site’s servers continue to run in Amazon’s data center, as well as on other previously known WikiLeaks hosts including PRQ and Bahnhof in Sweden, and another host in Iceland.

Update: the Guardian reports that WikiLeaks’ site has indeed been exiled from Amazon’s data center as a direct result of political pressure led by Senator Joe Lieberman.

A blog post from security researcher Craig Labovitz at Arbor Networks measured the attack, beginning Tuesday, at between two and three gigabytes per second of junk traffic aimed at servers in “Europe and the US West Coast.” WikiLeaks has written on its twitter feed that the attack was far larger, more than 10 gigabytes a second. Either number would be far larger than the more primitive denial of service attack that hit WikiLeaks on Sunday, prior to its publication of a quarter-million diplomatic cables leaked from the U.S. State Department.

As I wrote Sunday, even this larger attack can’t effectively censor WikiLeaks. The New York Times and others continue to release tranches of its latest document dump, even with WikiLeaks offline. And in future “megaleaks,” including what Assange told me would be a flood of tens of thousands of documents from a major U.S. bank in early 2011, WikiLeaks will no doubt create similar partnerships with mainstream media.

But in the mean time, the attack is no doubt draining the site’s limited, donation-funded resources–its twitter feed has called repeatedly for more donations in the face of legal and technological attacks. If WikiLeaks’ enemies can’t plug its leaks, it seems, then perhaps they hope to bleed it dry.

No comments: