GCN LAB IMPRESSIONS
WikiLeaks attackers misfire badly
But a second salvo hit the target
- By Greg Crowe
- Nov 30, 2010
On Nov. 28, the day WikiLeaks disclosed the contents of more than a quarter of a million State Department diplomatic cables, the ones that they had been talking about for months, some anonymous hackers took a shot at them: at the moment of revelation, the WikiLeaks website
was unavailable due to a mass distributed denial-of-service attack.
Boy, if that isn’t fuel for the average conspiracy theorist, I don’t know what is. But although the timing of the two events is highly suspect, at the very least the attacker(s) did not aim very well.
While the main site was either unavailable or very slow to respond when people tried to visit it, the actual “Cablegate” website suffered no apparent ill effects. This was in no small way attributed to the fact that this part of the website was being served from three separate IP addresses.
Let me go off on a tangent here and discuss the name with which WikiLeaks has decided to grace this disclosure event. Haven’t we had enough “-gates” already? That movie was right – the most lasting legacy of Richard Nixon’s administration is that any scandal automatically gets the suffix “-gate” attached to its name. (History lesson: "Watergate" was the hotel in which Nixon's White House operatives tried to burglarize National Democratic Headquarters. The word has no inherent connection to political scandal, and yet "-gate" is almost automatically attached to every political scandal of the past 40 years. It’s the gift that keeps on giving.)
So, back to the actual attack. If the attackers had an issue with the cable documents being released, they failed in trying to stop the flow of documents – they merely took down the main site while allowing the subdomain distributing the actual information to stay in operation.
That is, the first time. But there was another attempt on Nov. 30 that did succeed in taking down the "cablegate" site for a few hours, until the WikiLeaks team switched the main hosting location, reports CBS News.
My guess is that, because the cablegate domain was being served in parallel from at least two different countries, taking it down turned out to be impossible for the attackers in the Sunday attempt, so they hit the main site instead. I guess they ended up making a statement of some sort, but to no real effect. Or perhaps the computers being hijacked for the DDOS attack were programmed months before, so that when finally activated, they were pointing to the wrong target.
In any case, my point is that, if you can’t use your criminal/terrorist hacking skills to actually prevent whatever atrocity has you all fired up, then your attack is essentially just general vandalism, more akin to what bored high school kids do from time to time. Maybe you shouldn’t bother.
But the second attempt worked. So we wonder, did the attackers figure out their mistake and come back for a more successful second try? Or did someone else decide to show them how it's done?
Thanks to the anonymity of the hacker world, we may never know.