WikiLeaks Attacks Face DDoS Resistance from Online Activists

Wikileaks is a political whistleblower site known for leaking classified information or other sensitive data. Wikileaks also waged DDoS attacks against Amazon, PayPal, Visa and Mastercard as a form of retaliation against those organizations for preventing supporters from donating to their cause. The attacks reportedly led to significant corporate losses due to disruption of web services.

On October 21, 2016, three consecutive distributed denial-of-service attacks were launched against the Domain Name System (DNS) provider Dyn. The attack caused major Internet platforms and services to be unavailable to large swathes of users in Europe and North America.[3][4] The groups Anonymous and New World Hackers claimed responsibility for the attack, but scant evidence was provided.[5]

WikiLeaks Attacks Cause Rival DDoS Retaliation

In correspondence with the website Politico, hacktivist groups SpainSquad, Anonymous, and New World Hackers claimed responsibility for the attack in retaliation against Ecuador's rescinding Internet access to WikiLeaks founder Julian Assange, at their embassy in London, where he had been granted asylum.[5] This claim has yet to be confirmed.[5] WikiLeaks alluded to the attack on Twitter, tweeting "Mr. Assange is still alive and WikiLeaks is still publishing. We ask supporters to stop taking down the US internet. You proved your point."[40] New World Hackers has claimed responsibility in the past for similar attacks targeting sites like BBC and ESPN.com.[41]

Network based volumetric attacks have the effect of exhausting server resources and consuming available bandwidth. The end result is a denial of service to a legitimate user. Examples of volumetric attack vectors include User Datagram Protocol (UDP), Internet Control Message Protocol (ICMP) and other attacks that flood a network with spoofed requests. Thus, first thing to consider while defending on a network layer is to ensure enough network bandwidth to easily deal with massive amounts of traffic. If you are not able to purchase enough capacity on your own because it will go unused most of the time, many cloud services can get you access to the extra bandwidth you need to absorb the attack. Another thing is to filter the attack traffic to allow legitimate traffic and discard illegitimate one, such as excessive TCP SYN packets, floods of ICMP packets or UDP packets without application payloads.

According to LockBit, Entrust is responsible for DDoSing its website, but the company is least likely to admit it even if it is actually involved because of being a legit cybersecurity-oriented firm. It could also be the work of a rival ransomware group that wanted to target LockBit operators and blame Entrust. 2ff7e9595c