DDOS attack of rare power behind WikiLeaks take-down
- By Kevin McCaney
- Aug 13, 2012
The cyber attack that has taken the WikiLeaks website offline for more than a week is a massive example of a distributed denial-of-service attack, which bombards a website with requests in order to render it unavailable.
The attack, claimed by a group called AntiLeaks, comes as WikiLeaks is in the process of releasing information gained during the hack late last year of Strategic Forecasting, an intelligence company whose clients include government agencies and contractors. The hacker group Anonymous hacked Stratfor on Christmas Eve, reportedly stealing some 5 million e-mails.
It then turned the information over to WikiLeaks, which began releasing e-mails in February, including some involving federal agencies such as the Homeland Security Department and Defense Intelligence Agency. Some federal agency e-mail addresses taken in the hack subsequently were targeted in phishing campaigns.
On Aug. 3, after WikiLeaks had released information on a reportedly secret, sophisticated surveillance operation, its started being hit with a steady stream of more than 10 gigabits/sec of traffic, WikiLeaks said in an update. The attackers also are using a “huge range” of IP addresses, suggesting they control or can simulate thousands of computers, the update said.
And although the volume of traffic makes it “impossible to filter without specialized hardware,” most hardware filters wouldn’t work anyway, because the traffic is more than simple packet flooding, the update said.
Several websites affiliated with WikiLeaks, such as Cabledrum, also have been shut down.
Just before the DDOS attack started, WikiLeaks had released information regarding TrapWire, an analytics system that reportedly collects surveillance video from commercial systems and uses an advanced for of facial recognition. Started by former officials from the CIA and other intell agencies, TrapWire bills itself as an anti-terrorism tool.
“TrapWire is a predictive software system designed to detect patterns indicative of terrorist attacks or criminal operations,” the company says on its site. “Utilizing a proprietary, rules-based engine, TrapWire detects, analyzes and alerts on suspicious events as they are collected over periods of time and across multiple locations.”
TrapWire’s description of itself doesn’t seem much different from that of the Domain Awareness System that the New York Police Department and Microsoft recently unveiled for parts of Manhattan. That system will receive feeds from about 3,000 surveillance cameras, which will be combined with data from license plate scanners, environmental sensors and law enforcement databases to create a real-time view of potential criminal or terrorist activity.
WikiLeaks said that TrapWire is part of a secret surveillance effort by the government. The website RT reported that, “Every few seconds, data picked up at surveillance points in major cities and landmarks across the United States are recorded digitally on the spot, then encrypted and instantaneously delivered to a fortified central database center at an undisclosed location to be aggregated with other intelligence.”
TrapWire is the creation of Abraxas, a company made up of a “who’s who” of former intelligence community officials, RT reported.
Kevin McCaney is a former editor of Defense Systems and GCN.