Cloud support brings WikiLeaks back online

We're working on it says AntiLeaks


After being taken out for ten days by a DDoS attack the WikiLeaks site is back online, thanks to some cloudy support from CloudFlare.

The organization said that it had approached CloudFlare about hosting its site, since it has massive capacity and good systems for spotting an blocking DDoS attacks. WikiLeaks said it was originally turned down, but this was due to an error, the hosting company explained in a tweet.

Now WikiLeaks is back online and from the postings the organization is making its mood is combative.

Meanwhile, what of AntiLeaks, which claims to be responsible for the takedown? The spokesman for the group earlier said that the attacks on the site would continue indefinitely, but the shift to the cloud on Tuesday has caused some problems and the group is working on a way to bring down the WikiLeaks site again.

"WikiLeaks web server is now hidden behind five CloudFlare servers. CloudFlare isn't actually hosting WikiLeaks content itself but acts as a reverse web proxy. This makes it especially difficult to attack WikiLeaks, as each CloudFlare server can handle 10gb/second," AntiLeaks spokesman DietPepsi said in an email to El Reg.

"I am in the process of finding the actual IP address of WikiLeaks web server. I have a couple of leads and believe I will be able to do it, however it will take some time."

Meanwhile, in Ecuador

In the meantime there's been considerable kerfuffle over the fate of Julian Assange's future.

The UK's Guardian newspaper reported on Tuesday that the Ecuadorian government has decided to grant Assange political asylum in their country. Assange is approaching his 60th day trapped in the Ecuadorian embassy in London and a senior government source told the paper that Assange had been cleared.

"We see Assange's request as a humanitarian issue. The contact between the Ecuadorean government and WikiLeaks goes back to May 2011, when we became the first country to see the leaked US embassy cables completely declassified," the official said.

"It is clear that when Julian entered the embassy there was already some sort of deal. We see in his work a parallel with our struggle for national sovereignty and the democratisation of international relations."

However, the story brought a sharp rebuttal from the Ecuadorian president, who said the situation was still being considered. ®

Broader topics


Other stories you might like

  • Cloudflare says it thwarted record-breaking HTTPS DDoS flood
    26m requests a second? Not legit traffic, not even Bill Gates doing $1m giveaways could manage that

    Cloudflare said it this month staved off another record-breaking HTTPS-based distributed denial-of-service attack, this one significantly larger than the previous largest DDoS attack that occurred only two months ago.

    In April, the biz said it mitigated an HTTPS DDoS attack that reached a peak of 15.3 million requests-per-second (rps). The flood last week hit a peak of 26 million rps, with the target being the website of a company using Cloudflare's free plan, according to Omer Yoachimik, product manager at Cloudflare.

    Like the attack in April, the most recent one not only was unusual because of its size, but also because it involved using junk HTTPS requests to overwhelm a website, preventing it from servicing legit visitors and thus effectively falling off the 'net.

    Continue reading
  • Man gets two years in prison for selling 200,000 DDoS hits
    Over 2,000 customers with malice on their minds

    A 33-year-old Illinois man has been sentenced to two years in prison for running websites that paying customers used to launch more than 200,000 distributed denial-of-services (DDoS) attacks.

    A US California Central District jury found the Prairie State's Matthew Gatrel guilty of one count each of conspiracy to commit wire fraud, unauthorized impairment of a protected computer and conspiracy to commit unauthorized impairment of a protected computer. He was initially charged in 2018 after the Feds shut down 15 websites offering DDoS for hire.

    Gatrel, was convicted of owning and operating two websites – DownThem.org and AmpNode.com – that sold DDoS attacks. The FBI said that DownThem sold subscriptions that allowed the more than 2,000 customers to run the attacks while AmpNode provided customers with the server hosting. AmpNode spoofed servers that could be pre-configured with DDoS attack scripts and attack amplifiers to launch simultaneous attacks on victims.

    Continue reading
  • Malaysia-linked DragonForce hacktivists attack Indian targets
    Just what we needed: a threat to rival Anonymous

    A Malaysia-linked hacktivist group has attacked targets in India, seemingly in reprisal for a representative of the ruling Bharatiya Janata Party (BJP) making remarks felt to be insulting to the prophet Muhammad.

    The BJP has ties to the Hindu Nationalist movement that promotes the idea India should be an exclusively Hindu nation. During a late May debate about the status of a mosque in the Indian city of Varanasi – a holy city and pilgrimage site – BJP rep Nupur Sharma made inflammatory remarks about Islam that sparked controversy and violence in India.

    Continue reading
  • Mega's unbreakable encryption proves to be anything but
    Boffins devise five attacks to expose private files

    Mega, the New Zealand-based file-sharing biz co-founded a decade ago by Kim Dotcom, promotes its "privacy by design" and user-controlled encryption keys to claim that data stored on Mega's servers can only be accessed by customers, even if its main system is taken over by law enforcement or others.

    The design of the service, however, falls short of that promise thanks to poorly implemented encryption. Cryptography experts at ETH Zurich in Switzerland on Tuesday published a paper describing five possible attacks that can compromise the confidentiality of users' files.

    The paper [PDF], titled "Mega: Malleable Encryption Goes Awry," by ETH cryptography researchers Matilda Backendal and Miro Haller, and computer science professor Kenneth Paterson, identifies "significant shortcomings in Mega’s cryptographic architecture" that allow Mega, or those able to mount a TLS MITM attack on Mega's client software, to access user files.

    Continue reading
  • HashiCorp tool sniffs out configuration drift
    OK, which of those engineers tweaked the settings? When infrastructure shifts away from state defined by original code

    HashiConf HashiCorp has kicked off its Amsterdam conference with a raft of product announcements, including a worthwhile look into infrastructure drift and a private beta for HCP Waypoint.

    The first, currently in public beta, is called Drift Detection for Terraform Cloud, and is designed to keep an eye on the state of an organization's infrastructure and notify when changes occur.

    Drift Detection is a useful thing, although an organization would be forgiven for thinking that buying into the infrastructure-as-code world of Terraform should mean everything should remain in the state it was when defined.

    Continue reading
  • End of the road for biz living off free G Suite legacy edition
    Firms accustomed to freebies miffed that web giant's largess doesn't last

    After offering free G Suite apps for more than a decade, Google next week plans to discontinue its legacy service – which hasn't been offered to new customers since 2012 – and force business users to transition to a paid subscription for the service's successor, Google Workspace.

    "For businesses, the G Suite legacy free edition will no longer be available after June 27, 2022," Google explains in its support document. "Your account will be automatically transitioned to a paid Google Workspace subscription where we continue to deliver new capabilities to help businesses transform the way they work."

    Small business owners who have relied on the G Suite legacy free edition aren't thrilled that they will have to pay for Workspace or migrate to a rival like Microsoft, which happens to be actively encouraging defectors. As noted by The New York Times on Monday, the approaching deadline has elicited complaints from small firms that bet on Google's cloud productivity apps in the 2006-2012 period and have enjoyed the lack of billing since then.

    Continue reading
  • UK Home Office signs order to extradite Julian Assange to US
    WikiLeaker-in-chief to appeal Priti Patel's decision

    UK Home Secretary Priti Patel today signed an order approving the extradition of Julian Assange to America, where he faces espionage charges for sharing secret government documents.

    Assange led WikiLeaks, a website that released classified files including footage of US airstrikes and military documents from the Iraq and Afghanistan war that detailed civilian casualties.

    It also distributed secret files revealing the torture of detainees at Guantanamo Bay, and sensitive communications from the Democratic National Committee and Hillary Clinton's campaign manager, John Podesta, during the 2016 US presidential election. 

    Continue reading

Biting the hand that feeds IT © 1998–2022