DoS attacks hammer WikiLeaks for second day running

Attackers have upped their game, says Internet traffic researcher

WikiLeaks, the focus of attention since it released a quarter-million U.S. diplomatic cables two days ago, is again under a denial-of-service (DoS) attack, Internet researchers said today.

The site remained online with some short interruptions, however, as did a secondary site,, where nearly 300 U.S. State Department internal messages have been published thus far.

[The attackers] have upped their game," said Craig Labovitz, chief scientist at Arbor Networks, a supplier of anti-DoS technology.

"This looks like a different attack from yesterday. It's a more complex attack, with multiple components, and it's a more significant attack," added Labovitz.

WikiLeaks echoed Labovitz's take on today's attack. According to the organization's Twitter account, Tuesday's attack quickly reached 10Gbit/sec (gigabits-per-second), or two-and-a-half to five times larger than Monday's.

Labovitz estimated yesterday's DoS, which was launched by a single hacker, at between 2Gbit/sec and 4Gbit/sec.

WikiLeaks has been under assault since shortly after it began publishing diplomatic cables from a trove of more than 250,000 messages. The group provided several newspapers with the complete cache, but is releasing the cables to the public in small dribbles on In the U.S., the New York Times has been writing about the contents of the cables.

Both WikiLeaks' main site, , and the Cablegate site were being attacked today, said Labovitz.

Labovitz declined to go into specifics on the extent of Tuesday's DoS, saying that he was still compiling data from Arbor's ATLAS (Active Threat Level Analysis System) network, which collects Internet traffic data from approximately 120 carriers and providers worldwide.

U.K.-based Netcraft, however, spelled out its findings in detail.

According to Netcraft's traffic measurements, WikiLeaks and Cablegate were both hit hard today, with the latest failures of the sites occurring about 6 a.m. ET.

Netcraft explained how WikiLeaks and Cablegate remained operational for the most part during the DoS attacks.

"The cablegate hostname is still configured to use three different IP addresses on a round-robin basis, essentially acting as a load balancer," said Netcraft's Paul Mutton in a post to the company's blog Tuesday.

Labovitz had a different idea.

"They've been moving their hosting around," said Labovitz, referring to WikiLeaks. "They seem to have gone from using small providers to using larger providers, which have better capabilities to deal with these attacks."

Most large hosting companies use one or more technologies or techniques to fend off DoS attacks, Labovitz continued. "DoS is part and parcel of the Internet today," he said. "There's nothing unique to WikiLeaks except the amount of publicity it's received. There are enterprises that [undergo] much larger DoS attacks on a regular basis."

Yesterday, WikiLeaks shifted its site to servers operated by

Although a single hacker, who goes by the nickname of "The Jester" -- penned in leetspeak as "th3j35t3r" -- claimed responsibility for Monday's attack, which one security expert said was not launched via a botnet, today's DoS looked more coordinated, said Labovitz. He wasn't able to tell, however, whether it originated from a single source or from a botnet.

"There's enough publicity surrounding WikiLeaks [and the leaked cables] that this will be an ongoing event for them," Labovitz said.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags governmentsecurityinternetGoogletwitterarbor networksGovernment/IndustriesCybercrime and Hacking

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld (US)
Show Comments



Victorinox Werks Professional Executive 17 Laptop Case

Learn more >



Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?