Who hit Spamhaus with DDoS strike?
By Tom Brewster,
Spamhaus was hit with a distributed denial of service (DDoS) attack after it released info about a WikiLeaks mirror site, but there is some confusion over who was behind the strike.
Last week, the anti-spam organisation put out a warning wikileaks.org was redirecting web traffic to third-party mirror site wikileaks.info – a space Spamhaus said was a known hive of activity for Russian cyber criminals.
Spamhaus’s main concern was the security of the website’s Webalta's 92.241.160.0/19 IP address space – it did not have any anti-WikiLeaks agenda.
“We do have an interest in preventing spam and related types of internet abuse however and hope that the WikiLeaks staff will quickly address the hosting issue to remove the possibility of cyber criminals using WikiLeaks traffic for illicit purposes,” the organisation said.
On 18 December, Spamhaus was hit by a large DDoS attack and eyes turned towards the Anonymous hacking group, which has been known to target organisations who pulled support for WikiLeaks.
However, security professionals have indicated those running the WikiLeaks mirror site appeared to have been responsible.
“It was found to be PCs that had been hijacked by malware and were being used against their will to attack the Spamhaus services,” explained Chester Wisniewski, senior security adviser at Sophos, in a blog.
“Those who commanded the attack are likely those that are hosting both wikileaks.info and the command-and-control servers used to instruct large quantities of zombied PCs to do their bidding.”
Wisniewski advised those wanting to see the confidential cables to head to the official WikiLeaks site, which can be found at http://wikileaks.ch.
Last week, wikileaks.info rebuffed the claim it was hosting malicious activity.
"We find it very disturbing that Spamhaus labels a site as dangerous without even checking if there is any malware on it," the site's organisers said.
"We monitor the wikileaks.info site and we can guarantee that there is no malware on it."
In an update yesterday, wikileaks.info said it was unsure if a Spamhaus suggestion the mirror site's hosting provider Heihachi was behind the DDoS attack was true.
"Bottomline: we are a group that supports WikiLeaks with no connection to cyber criminals," the organisers added.
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
What is your password worth?
Would you be tempted to sell off company passwords for a fee? If not, seems like you're in the minority, acccording to research.
- Macs under attack?
- Intel: security inside
- Are you spending too much on IT security?
- Does the government want to snoop on your data?
- Eurocrats versus the cyber criminals
- The truth about spam
- Google and privacy: What’s the problem?
- Q&A: Symantec’s CISO on the source code hack
- RSA: Back from the breach?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- UK regulator shuts down Angry Birds scam
- Apple iPad 3 vs iPad 2 head-to-head review
- IBM bans use of Siri on iPhones
- Chromebooks: What's gone wrong?
- HP plans massive job cuts
- EMC World 2012: Tucci declares Documentum is here to stay
- Dell EqualLogic PS6100XS review
- Macs and Android under malware threat
- RIM loses its head of sales
- Local fibre broadband needs common standards
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
