Despite claims by WikiLeaks that they were under a mass DDoS attack, the 2–4 Gbps attack on Sunday was relatively modest, according to Arbor Networks data. Large-scale DDoS attacks can run in the hundreds of Gbps.
The small-scale DDoS attack was able to take down the WikiLeaks site because it targeted the application level, Labovitz wrote on his security blog.
“Application level attacks are not geared toward using up available bandwidth but to attack the most complicated thing a web server or a database can do, and then have a limited number of machines attack that repeatedly. Application level attacks tend to be lower bandwidth and more difficult to spot, but they can have significant impact on any type of commercial, web hosting, or other type of service”, Labovitz told Infosecurity.
After the attack, which began at 10:05 a.m. EST on Sunday, WikiLeaks redirected DNS configurations from its Swedish hosting provider to sites hosted by Amazon’s Elastic Cloud Computing service in Ireland and the US, according to a report by SC Magazine. As a result of these steps, the WikiLeaks site was able to publish the leaked documents on Sunday.
A hacker named Jester claimed responsibility for the WikiLeaks DDoS attack. Labovitz said that it was likely Jester because he or she has claimed responsibility for similar small-scale DDoS attacks, such as a 2008 attack against WikiLeaks shortly before they released leaked Swiss bank documents.
Labovitz said that there has been an escalation of application-level DDoS attacks, as opposed to the large-scale DDoS “flooding” attacks, which use botnets to consume bandwidth or overwhelm routers or firewalls. “This is especially true as more and more services move to the cloud because services are distributed. They are more resilient to flooding attack, but they are in some cases more susceptible to application-level attacks.”
The Arbor Networks chief scientist warned that cybercriminals can use DDoS attack to threaten businesses. “We have seen a growing number of reports of cybercriminals using [DDoS attacks] for extortion and other types of financial manipulation”, he said.