Wikileaks, Dodging DDoS, Bounces Back to Amazon

Type threatpost
Reporter Paul Roberts
Modified 2013-04-17T16:35:38


WikileaksThe Web site of Wikileaks was moving quickly to stay out of the way of large scale denial of service attacks on Sunday and Monday, following the release of a trove of sensitive U.S. diplomatic cables.

The controversial site, which has spent months trying to find a home secure from government seizure, now appears to be hosted on servers that are part of U.S. firm’s giant hosted Web Services infrastructure based in Seattle, Washington.

Wikileaks posted its collection of more than 250,000 sensitive government documents Sunday evening, dubbing the operation “cablegate.” Even before the release, however, the group was being targeted by DDoS attacks. A Twitter post from Wikileaks on Sunday said the group was suffering under a “massive denial of service attack.”

However, the site was soon back up, with requests returning an IP Address that resolves to Amazon’s Amazon Web Services (AWS) infrastructure in Seattle. The move reverses an effort by Wikileaks to migrate off of Amazon’s infrastructure to a single server belonging to Web hosting firm Octopuce in France, according to an analysis by Internet security firm Netcraft. That ended Sunday, as the pending leak of the the U.S. diplomatic cables – part of a massive trove of sensitive documents relating to U.S. military and diplomatic activity allegedly provided by U.S. service member Bradley Manning.

Following its release of Iraq War documents, Wikileaks has pursued numerous options for hosting its Web servers as it readied further releases of sensitive documents. Wikileaks founder Julian Assange reportedly struck a deal with Sweden’s Pirate Party in August to host the Web site on Servers located within that country’s Parliament, which enjoys immunity from prosecution.

However, the site was soon on the move again, in search of infrastructure that could support both the high level of legitimate traffic and efforts by unknown parties to take the site offline. That road appears to have led back to Amazon’s massive EC2 hosted infrastructure.

Stay tuned for more coverage of Wikileaks cablegate on Threatpost.