On 4 August, a new account on Twitter under the name of Anti Leaks announced, “Tango down wikileaks.org.” For more than a week, WikiLeaks remained either down or severely disrupted. Finally, on 13 August, WikiLeaks announced, “WikiLeaks is back open after installing substantial extra capacity and additional help from @cloudflare caching http://wikileaks.org/.”
During the attack, WikiLeaks said it faced a DDoS of well over 10Gbits/second and directed by someone able to control or simulate thousands of machines. It added, “We have even tried moving behind http://Cloudflare.com but Cloudflare has [p]re-emptively banned WikiLeaks.”
This, it seems, was procedural rather than decisive. WikiLeaks is now protected by CloudFlare. “CloudFlare CEO Matthew Prince told [TechCrunch] that Wikileaks switched over to CloudFlare [on Monday] and was back online within minutes.”
Traffic for CloudFlare’s customers are routed through CloudFlare servers which block any illegitimate traffic. In this way, CloudFlare is effectively a cloud-based firewall; but with the advantage that it learns as it goes. “We throw ourselves in the way of DOS attacks because it makes our network more resilient,” said Prince. “It’s like strengthening your immune system.” And so far it is working.
The battle, however, is not over. Anti Leaks taunted CloudFlare on Twitter, “You must feel really good about yourselves #CloudFlare for hiding and protecting criminals like Wikileaks and Lulzsec. #Bloodmoney.” (CloudFlare had earlier protected the hacking group LulzSec, but “We don’t discriminate against customers based on a political belief of what’s good or bad,” explained Prince. “We try hard not to play censor.”) But yesterday an Anti Leaks spokesperson known as DietPepsi indicated the attacks would continue. “I am in the process of finding the actual IP address of WikiLeaks web server. I have a couple of leads and believe I will be able to do it, however it will take some time,” he said in an email to The Register.