WikiLeaks has announced that its website is now operational again after “installing substantial extra capacity” and additional support through CloudFlare, a website security service capable of blocking threats and limiting “abusive bots and crawlers” from wasting “bandwidth and server resources.”
The media organization described how much difficulty they were having overcoming the attack on August 10:
The attack is well over 10Gbits/second sustained on the main WikiLeaks domains. The bandwidth is used is so huge it is impossible to filter without specialized hardware, however… the DDoS is not simple bulk UDP or ICMP packet flooding, so most hardware filters won’t work either. The rage of IPs used is huge. Whoever is running it controls thousands of machines or is able to simulate them. We have even tried moving behind http://Cloudflare.com but Cloudflare has pre-emptively banned WikiLeaks. Living in the wild wild west.
The announcement suggests WikiLeaks worked out something with CloudFlare in the past few days. Additionally, the attack was targeting the website’s “donations infrastructure” called the “Fund for Network Neutrality.” Cyber attacks on WikiLeaks have typically led to increases in donations, the organization claimed. This time that was stymied as the infrastructure was hit too.
This attack was claimed by a group that calls itself AntiLeaks. Like something out of a spoof, the group’s leader claimed his or her name is DietPepsi. The leader proceeded to add that the group was made up of “young adults, citizens of the United States of America,” who are “deeply concerned about the recent developments with Julian Assange and his attempt at asylum in Ecuador.” The leader went on to characterize Assange as “the head of a new breed of terrorist” and cast the attack as a “protest” against Assange’s attempt to escape justice into Ecuador.
AntiLeaks has denied it has any connections to federal government agencies. Today, they tweeted:
We have proven to two separate media organizations that we are behind these attacks by giving them advanced notice of our next target. We find the speculation that we are not behind these attacks and/or that we are CIA/NSA/FBI or even wikileaks themselves to be downright comical. We gave @wlpress a 5 minute advanced notice of our next attack to take down there backup mirror(http://mirror2.wikileaks-press.org) on August 10th. We also gave a 30 minute advanced notice of our attack on the President of Ecuador’s website to the german tech publication Gulli (http://www.gulli.com/news/19466-antileaks-ddos-angriffe-als-protest-gegen-wikileaks-2012-08-08). The logs of both servers will show an attack precisely when we said it would occur. These are irrefutable facts.
In the end we cannot prove individually to every person that doubts our claims that we are behind these attacks. There are a lot of people who still don’t believe we landed on the moon. We feel we have nothing left to prove to anybody.
Still, that does not mean this group of individuals is not tied with some shady outfit that has some connection to the federal government through contracts. It does not mean that some character like Aaron Barr of HBGary infamy could not be behind this attack. And it is not as if these people who work for security contractors aren’t individuals who are above adolescent acts. The name DietPepsi invites speculation that some security contracting employee came up with the name after looking at a vending machine at work.
Whether the group is a bunch of young hackers doing this on their own or some security contractors posing as adolescents, there is one reality that cannot be overlooked: there will be no US government investigation into who or what organization attacked WikiLeaks.
WikiLeaks released the remaining tens of thousands of diplomatic cables it had almost a year ago in August 2011. As the cables were published, it announced it was sustaining denial of service (DOS) attacks and had “regressed” to its backup servers. The attack prompted WikiLeaks to ask, “Are state directed Denial of Service attacks, legally, a war crime against civilian infrastructure?” There has been no public investigation.
The government has also refrained from indicting anyone for a massive DDoS attack on WikiLeaks that took place eight days before members of the hacktivist group Anonymous launched DDoS attacks on PayPal, Visa and MasterCard in December. In contrast, the FBI has rounded-up low-level hackers for the attacks on PayPal, Visa and Mastercard. In July 2011, sixteen individuals were arrested. The FBI raided homes seizing computers and computer-related accessories. The Justice Department claimed fourteen of the individuals had been part of the distributed denial of service (DDoS) attacks on PayPal back in December 2010, when PayPal suspended WikiLeaks’ accounts, making it impossible for the organization to receive donations via PayPal.
AntiLeaks claims it is a bunch of “young adults” from the United States. The FBI should be investigating this attack now. People should be arrested soon. Alas, this is unlikely to happen. Cyber attacks against WikiLeaks aren’t something worthy of US law enforcement resources, which increases the suspicion that characters with ties to the US government or US government contractors are behind the attacks.
Meanwhile, independent and alternative journalists and supporters of WikiLeaks managed to help the organization spread a bunch of emails from Stratfor that show how the firm was involved in pushing TrapWire, “a predictive software system designed to detect patterns indicative of terrorist attacks or criminal operations using video surveillance systems” that “was developed by former CIA staffers.”
Privacy SOS posted a great introductory explainer:
The services TrapWire offers to major corporations and governments can be broken down into three categories: critical infrastructure “hardening”, suspicious activity report management, and data mining.
Using open-source information it is very difficult to determine what kinds data-inputs the system accesses. The only confirmed sources of data to the system are CCTV cameras, license plate readers and open source databases. (The latter contain a wealth of information about each and every one of us, so the combination of these three data sets alone is troubling.)…
…Among the most disturbing emails in the Wikileaks GIF files is this one, written by a Stratfor analyst to the head of the firm. It gives us a troubling taste of how these private security companies view their role as intermediary between the government and the people:
Regarding SF landmarks of interest–they need something like Trapwire more for threats from activists than from terror threats.Both are useful, but the activists are ever present around here…
Ben Doernberg pieced together an exceptional Storify that documents many of the facts that those reading the emails have been able to glean.
WikiLeaks has openly speculated the cyber attack on the organization was a result of the release of Stratfor emails that revealed Stratfor’s TrapWire ties and efforts to market it to local, state and federal government agencies.
Here’s an email sent on September 22, 2010, by then vice president of TrapWire, R. Daniel Botsch, that describes some of how the system works:
…We have regional networks in which information sharing is limited to that network. If a network has 25 sites, those 25 sites match against each other’s reports. They can also send reports to any other site on the network and they can post reports to a network-wide bulletin board. Sites cannot share information across networks.
However, we do cross-network matching here at the office. If we see cross-network matches, we will contact each affected site, explain that the individual(s) or vehicle they reported has been seen on another network, and then offer to put the affected sites into direct contact. We have not yet had a cross-network match. I think over time the different networks will begin to unite. I’m not exactly being prescient here, as there is already talk in Vegas and LA of combining their two networks. Same here in DC…
The Guardian‘s tech editor has reported the Department of Homeland Security paid US department of homeland security “paid $832,000 to deploy the system in two cities.”
One of the more amusing details to come out so far is the fact that Stratfor Vice President of Intelligence Fred Burton was salivating at the thought of how TrapWire could make money after a Texas State Capitol shooting on July 21, 2010.
In an email sent just one day later, Burton reported in an update:
Positive developments with TrapWire in light of the Texas State Capital [sic] shooting. I chatted w/the DPS Director and lead Commissioner about the need to get this moving so one of my hand picked men was re-assigned today to move this off center. Thank goodness for crazy people. I wrote the master plan to cover all of the DPS bldgs statewide, so if we get one, the rest will fall in line. [emphasis added]
Terror and violence is necessary for TrapWire and Stratfor to flourish. When they are zealous but amateurish professionals, that seems especially true. It is also disaster capitalism. Crises are business opportunities. It is never too early after blood is shed or property is damaged to talk about what can be offered.