WikiLeaks Disclosures Spur Massive DDoS Battle

The publication of more than 250,000 leaked diplomatic cables by WikiLeaks has sparked a war between vigilante hacker groups through a series of denial of service attacks, security experts say.

The WikiLeaks cable disclosures prompted massive international outcry and sparked two denial of service attacks that shut down the site for several hours last week. A hacker, or hacker group, known as The Jester, later came forward as the perpetrator of the WikiLeaks DDoS attacks, citing U.S. troop endangerment as the primary driver.

"TANGO DOWN—for attempting to endanger the lives of our troops, 'other assets' & foreign relations," The Jester said in his Twitter feed.

The Jester's attacks resulted in a total of 1 day, 3 hours and 50 minutes of downtime for the beleaguered WikiLeaks site, according to researchers at Panda Security, before it was later booted offline by upstream providers Amazon and EveryDNS.

The Jester had admitted that he used the Internet to coordinate DDoS attacks on Islamic Web sites after he witnessed soldiers being murdered by jihadists. The Jester said he launched the DDoS attacks with a special tool, called Xerxes, which he said could specifically hone in on the target Web site, without harming other Internet Service providers or servers.

Since then, another vigilante hacker group, a loosely coordinated international effort known as Anonymous, has gained attention for coming to the defense of WikiLeaks and its founder Assange by launching its own DDoS attacks against the site's critics, according to a Panda Security blog.

"While we don’t have much of an affiliation with WikiLeaks, we fight for the same reasons. We want transparency and we counter censorship. The attempts to silence WikiLeaks are long strides closer to a world where we cannot say what we think and are unable to express our opinions and ideas," according to the Anonymous Web site.

Forming an organized effort known as Operation Payback, also known as Operation Avenge Assange, the Anonymous cyber group launched its first attack against the PayPal blog shortly after the company announced that it permanently restricted the WikiLeaks account due to an Acceptable Use Policy violation.

Next: Operation PayBack Targets PayPal In DDos Attack

"PayPal has permanently restricted the account used by WikiLeaks due to a violation of the PayPal Acceptable Use policy, which states that our payment service cannot be used for any activities that encourage, promote, facilitate or instruct others to engage in illegal activity," PayPal said in a statement posted to its Web site.

The PayPal blog has since been restored, following total of 8 hours and 15 minutes of downtime, in addition to the numerous hours it took resolve a 403 error. The PayPal blog attack was followed by another attack against the main PayPal Web site on Monday.

Minutes after Operation Payback announced the second PayPal attack, hackers cut off access to the Anonymous site with a DDoS attack that shut down the site for hours on Monday.

This time, Operation Payback responded against postfinance.ch, the bank that took down WikiLeaks' founder Assange's defense fund, with another heavy DDoS attack that took down the site for at least 11 hours on Monday. The DDoS attack against PostFinance was complemented with a fax spamming campaign targeting PostFinance's corporate offices.

Sean-Paul Correll, threat researcher at Panda Security who follows the series of denial of service attacks launched by Anonymous' Operation Payback, said that the effort involved hundreds of individuals who coalesced to form a voluntary botnet.

"There are a lot of people involved in the attack. They have a lot of motivation," he said. "This is going against everything they stand for."

Correll contended that the WikiLeaks breach and the subsequent retaliation that sparked an all out war between vigilante hacker groups could set a precedent for public protests in the future.

First of all, it's easy, he said. "They can quickly mobilize, recruit over social networks. They get people into these chat rooms, and literally set them up with these instructions," he said. "It's very easy for people these days to join it. They don’t have to have any technical knowledge at all."

Noa Bar Yossef, senior security strategist for security firm Imperva, said that the Operation Payback attacks differed from others in that they were entirely internally organized and launched instead of stemming from an external hack.

"They are actually asking supporters to download the piece of code, the DDoSing malware itself, that upon wake-up call the computer engages in the DoS," he said. "There is no victimized machine as the participatants knowingly engage in what they call an act of defiance."

Correll said that down the road, denial of service attacks will likely increase as individuals realize their effectiveness in making a statement or getting across a political or religious message.

"It boils down to this, these people feel that they have no voice. They feel that any sort of legal protest really wouldn't do this any justice. They don’t have to stand in a picket line, they can use technology to fight back," he said. "A denial of service attack happens to be the most effective way to block an organization."