GCN LAB IMPRESSIONS

WikiLeaks attackers misfire badly

But a second salvo hit the target

On Nov. 28, the day WikiLeaks disclosed the contents of more than a quarter of a million State Department diplomatic cables, the ones that they had been talking about for months, some anonymous hackers took a shot at them: at the moment of revelation, the WikiLeaks website was unavailable due to a mass distributed denial-of-service attack.

Boy, if that isn’t fuel for the average conspiracy theorist, I don’t know what is. But although the timing of the two events is highly suspect, at the very least the attacker(s) did not aim very well.

While the main site was either unavailable or very slow to respond when people tried to visit it,  the actual “Cablegate” website suffered no apparent ill effects. This was in no small way attributed to the fact that this part of the website was being served from three separate IP addresses.

Let me go off on a tangent here and discuss the name with which WikiLeaks has decided to grace this disclosure event. Haven’t we had enough “-gates” already? That movie was right – the most lasting legacy of Richard Nixon’s administration is that any scandal automatically gets the suffix “-gate” attached to its name. (History lesson: "Watergate" was the hotel in which Nixon's White House operatives tried to burglarize National Democratic Headquarters. The word has no inherent connection to political scandal, and yet "-gate" is almost automatically attached to every political scandal of the past 40 years. It’s the gift that keeps on giving.)

So, back to the actual attack. If the attackers had an issue with the cable documents being released, they failed in trying to stop the flow of documents – they merely took down the main site while allowing the subdomain distributing the actual information to stay in operation.

That is, the first time. But there was another attempt on Nov. 30 that did succeed in taking down the "cablegate" site for a few hours, until the WikiLeaks team switched the main hosting location, reports CBS News.

My guess is that, because the cablegate domain was being served in parallel from at least two different countries, taking it down turned out to be impossible for the attackers in the Sunday attempt, so they hit the main site instead. I guess they ended up making a statement of some sort, but to no real effect. Or perhaps the computers being hijacked for the DDOS attack were programmed months before, so that when finally activated, they were pointing to the wrong target.

In any case, my point is that, if you can’t use your criminal/terrorist hacking skills to actually prevent whatever atrocity has you all fired up, then your attack is essentially just general vandalism, more akin to what bored high school kids do from time to time. Maybe you shouldn’t bother.

But the second attempt worked. So we wonder, did the attackers figure out their mistake and come back for a more successful second try? Or did someone else decide to show them how it's done?

Thanks to the anonymity of the hacker world, we may never know.

Reader Comments

Thu, Dec 30, 2010

Of course there is also the possibility that especially the first attack wasn't commited by opponents of wikileaks. An attack on the main site that doesn't actually inhibit the real purpose makes a pretty good piece of propoganda doesn't it?

Thu, Dec 9, 2010 Josh

To Robin, I doubt you really know the hacker in question, but if you do, he is not a patriot or an honerable man. People who hack and perform DDS web attacks are not polite, nice people. They are scumbags. So is he. And performing a DDS attack is not that big a deal either, so he may not even be that talented.

Thu, Dec 2, 2010

Hmmmm...They cannot keep even confidential state department information secret yet they want us to believe our medical records will be safe? ...MikeH

Thu, Dec 2, 2010 Dr. Mc

WHY?!

Wed, Dec 1, 2010 inquiring_mind

Me? I am anxiously awaiting the "Bankgate" releases. The reaction(s) to THAT should be very intersting.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above