Was Turkey behind the latest cyber attack against WikiLeaks?

Following the recent failed military coup in Turkey, WikiLeaks announced it was releasing 300,000 emails obtained a week prior from a source with access to the ruling party’s (AKP) email database. Shortly after announcing this, though, the site came under a sustained DDoS (distributed denial of service) attack and is now blocked in Turkey, though proxies can still be used to access it from there. The block comes even as the government dismissed the leak as a meaningless collection of “spam” taken from akparti.org.tr.

Was Turkey the first country to hit WikiLeaks with a DDoS attack?

Before we address whether the Turkish government orchestrated the attack, it is important to note this is not the first time a WikiLeaks dump has been prefaced by a DDoS attack. In November 2010, WikiLeaks was hit twice in quick succession, with the initial wave coming in at 2-4Gbps and then followed by another at 10Gbps. The attacks succeeded in getting the site’s then-host, EveryDNS.net, to drop WikiLeaks because of the disruptions. Amazon Web Services also dropped the site, citing “terms of service” violations while denying that pressure from the U.S. government influenced its decision. The latter move deprived WikiLeaks of its backstop on the Amazon EC2 cloud service, used to help weather the November attacks.

The next major attack was in 2012. Shortly after releasing material on the “TrapWire” commercial surveillance system, the site was hammered for several days with an attack that used — or appeared to use — several thousand computers to spam the servers with 10Gbps a second. And in 2015, the site was taken down briefly during a spat between rival hacking collectives Anonymous and OurMine.

However, digital forensics have not conclusively linked any of these attacks to state actors. It is unclear who is coordinating the current assault over the “AKP Emails,” or if past actions were staged by government proxies, “anti-leak” hackers, or simple cybercriminals and pranksters. In the public eye, at least, state agencies have instead preferred to block access to the site, either as a full-country ban like Turkey’s, censorship of news outlets covering leaked files, or prohibiting government employees from visiting the site.

International government coordination against WikiLeaks has primarily been carried out through legal measures (lawsuits), lobbying campaigns, and direct financial pressure. In an attempt to starve the site of operating funds, MasterCard, VISA, PayPal, Western Union, and several banks stopped handling donations for the site, also citing “terms of service” violations. This “blockade,” however, cracked open in 2013 when a lawsuit argued before Icelandic court found that MasterCard was in breach of contract for blocking donations.

Supporters of WikiLeaks, including those identifying as members of Anonymous, also stage DDoS actions in support of the site. The forensics of these DDoS attacks, as they target governments and large companies with the resources to track and prosecute hackers, are very well documented. These generally follow as a response to actions against WikiLeaks: the aforementioned financial institutions’ websites were hit with DDoS attacks in 2010 for blocking donations. Government websites in the U.S., Middle East, and the EU have also been subjected to pro-WikiLeaks DDoS-ing in retaliation for content bans or legal actions taken against the site and its staff. WikiLeaks “neither condemn(s) nor applaud(s) these attacks” when they occur, though has offered advice to hackers in the past on how to maximize their impact.


. . . . . . . .

Leave a Reply