Who hit Spamhaus with DDoS strike?

The anti-spam organisation may have been hit with a DDoS by wikileaks.info organisers.

Security

Spamhaus was hit with a distributed denial of service (DDoS) attack after it released info about a WikiLeaks mirror site, but there is some confusion over who was behind the strike.

Last week, the anti-spam organisation put out a warning wikileaks.org was redirecting web traffic to third-party mirror site wikileaks.info a space Spamhaus said was a known hive of activity for Russian cyber criminals.

Spamhaus's main concern was the security of the website's Webalta's 92.241.160.0/19 IP address space it did not have any anti-WikiLeaks agenda.

"We do have an interest in preventing spam and related types of internet abuse however and hope that the WikiLeaks staff will quickly address the hosting issue to remove the possibility of cyber criminals using WikiLeaks traffic for illicit purposes," the organisation said.

On 18 December, Spamhaus was hit by a large DDoS attack and eyes turned towards the Anonymous hacking group, which has been known to target organisations who pulled support for WikiLeaks.

However, security professionals have indicated those running the WikiLeaks mirror site appeared to have been responsible.

"It was found to be PCs that had been hijacked by malware and were being used against their will to attack the Spamhaus services," explained Chester Wisniewski, senior security adviser at Sophos, in a blog.

"Those who commanded the attack are likely those that are hosting both wikileaks.info and the command-and-control servers used to instruct large quantities of zombied PCs to do their bidding."

Wisniewski advised those wanting to see the confidential cables to head to the official WikiLeaks site, which can be found at http://wikileaks.ch.

Last week, wikileaks.info rebuffed the claim it was hosting malicious activity.

"We find it very disturbing that Spamhaus labels a site as dangerous without even checking if there is any malware on it," the site's organisers said.

"We monitor the wikileaks.info site and we can guarantee that there is no malware on it."

In an update yesterday, wikileaks.info said it was unsure if a Spamhaus suggestion the mirror site's hosting provider Heihachi was behind the DDoS attack was true.

"Bottomline: we are a group that supports WikiLeaks with no connection to cyber criminals," the organisers added.

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Recommended

New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021
AWS launches HealthLake to help health care organizations query medical data
big data

AWS launches HealthLake to help health care organizations query medical data

16 Jul 2021
Most CISOs worry cloud software flaws aren’t being caught
cloud security

Most CISOs worry cloud software flaws aren’t being caught

7 Jun 2021
Cloudera to acquire Datacoral and Cazena before going through its own acquisition
Acquisition

Cloudera to acquire Datacoral and Cazena before going through its own acquisition

1 Jun 2021

Most Popular

The benefits of workload optimisation
Sponsored

The benefits of workload optimisation

16 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
IT Pro Panel: Why IT leaders need soft skills
professional development

IT Pro Panel: Why IT leaders need soft skills

26 Jul 2021