A View from Christopher Mims
Wikileaks Switches to Amazon After Distributed Hacker Attack
Whoever is trying to take down Wikileaks with a denial of service attack is now attacking Amazon.com.
As of this moment, according to Wikileaks itself, the site is under a distributed denial of service (DDoS) attack “now exceeding 10 Gigabits a second.” These kinds of attacks are typically carried out by a widely distributed “botnet” of zombie computers under the control of a single or a group of hackers. They are par for the course on the web, and have been used in everything from extortion efforts against businesses to cyberattacks on neighboring countries.
What’s interesting about this attack is that Wikileaks’ webmasters have switched from their usual host, Swedish company PRQ, which has at times also hosted the media pirating site The Pirate Bay, to Amazon’s cloud services.
According to network analyst Andree Tonk, who posted his observations on the mailing list of the esteemed North American Network Operators’ Group, Wikileaks moved to Amazon hosting, in particular Amazon’s EU cluster in Dublin, some time Sunday, when the first denial of service attack was launched against the site.
Without this fall-back in place, it appears that the first distributed denial of service attack against Wikileaks would have succeeded. PRQ was forced to “nullroute the IP” of Wikileaks in response to this first attack - making it completely inaccessible to the outside world.
Amazon’s servers, by contrast, seem to be having no trouble at all mopping up the extra traffic - as of this writing, and for the overwhelming majority of the time since the first attack, Wikileaks.org has been up and available, according to Netcraft.
One way to thwart a distributed denial of service attack is simply to over-provision the server and bandwidth resources allotted to a particular IP address (i.e. website), and Amazon’s cloud services are in a way a perfect solution for any webmaster wishing to deal with a DoS attack in this way
As DDoS attacks go, 10 gigabits a second is big, but by no means at the upper end of the scale of such attacks. A 2008 study would put an attack of this scale somewhere in the middle of the pack, with the largest ever attack as of two years ago topping out at 40 gigabits / second.
Whatever happens to Wikileaks.org - whether it’s shut down by law enforcement or by hackers and governments who wish its current “cablegate” trove to remain out of the public eye, it appears that the site’s creators have already released an encrypted archive of the entirety of the cablegate documents or perhaps all of Wikileaks.