Threat Management, Network Security, Network Security, Threat Management

WikiLeaks attacks fail to meet definition of cyberwar

Though some have labeled the website attacks surrounding the WikiLeaks controversy to be the first-ever global cyberwar, security experts say the truth is much less sensational.

The initial distributed denial-of-service (DDoS) attacks against WikiLeaks and its service providers, as well as the subsequent retaliatory attacks against organizations that cut ties with the whistleblower organization following its release of secret State Department cables, were notably unsophisticated, Craig Labovitz, chief scientist at security firm Arbor Networks, told on Tuesday.

“The WikiLeaks attacks were [using] modest bandwidth and not terribly sophisticated open source tools to attack,” Labovitz said.

Over the past year, a number of DDoS attacks have exceeded 50 gigabits per second (Gbps) in scale, with the largest DDoS measured at nearly 70 Gbps, according to Arbor Networks. These large flooding attacks in the 50 Gbps range are often enough to exceed the bandwidth capacity of an intended target and knock it offline.

Other DDoS offenders launch sophisticated, application-level attacks targeting the back-end computation, database and storage resources of a web service, Labovitz said. Botnets are used to overwhelm the web service with expensive web calls. The most advanced attackers also perform reconnaissance of a targeted web service to identify weak links in the infrastructure.

In comparison, the initial attacks against several WikiLeaks hosting sites, which began late last month, never exceeded three to four Gbps, according to Arbor Networks.

The retaliatory attacks are being launched by a simple-to-use downloadable program called Low Orbit Ion Cannon (LOIC), which sends dozens of web requests per second to victim websites, including MasterCard and PayPal. The attacks have not targeted critical, back-end infrastructure used for transactions.

In addition, the program does not even protect the IP addresses of the hundreds of mostly amateur volunteers that ran the software on their PCs. At least two Dutch teenagers have been arrested for their part in the attacks.

“Not to diminish the danger or voracity of the attackers in any way, but it was more of a cyber activist protest or a cyber hissy fit than an opening salvo in an organized battle,” Harry Sverdlove, CTO of application whitelisting provider Bit9, told in an email Tuesday.

Despite the hype, other security experts agreed that the WikiLeaks attacks – both the attacks on the WikiLeaks site and the retaliatory strikes against WikiLeaks opponent sites – were not the start of a cyberwar. 

“If we call this a war, what are we going to call it when two developed nations attack each other with cyberattacks launched by their armed forces?” Mikko Hypponen, chief research officer at anti-virus firm F-Secure, told on Tuesday.

Though the attacks were not sophisticated, they were surprisingly effective, he said.

“I don't think anybody really expected such a rudimentary attack to take down, but it did,” Hypponen said.

The incident illustrates that the threat of DDoS attacks is very real, Sverdlove said. Such attacks are easy to launch, and most companies have not invested in appropriate defenses to protect themselves from this often politically motivated, unpredictable threat.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.