Hackers Overwhelm WikiLeaks Servers The website WikiLeaks is having trouble staying online. The site, which recently released a large amount of sensitive State Department correspondence, has had to switch servers a number times in the last few weeks due to "denial of service" attacks. Guy Raz talks with Kevin Poulsen, editor of Wired Magazine's Threat Level blog about WikiLeaks' troubles.
NPR logo

Hackers Overwhelm WikiLeaks Servers

  • Download
  • <iframe src="https://www.npr.org/player/embed/131790969/131790940" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript
Hackers Overwhelm WikiLeaks Servers

Hackers Overwhelm WikiLeaks Servers

  • Download
  • <iframe src="https://www.npr.org/player/embed/131790969/131790940" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript

GUY RAZ, host:

High-level corruption in Afghanistan is just part of what the WikiLeaks cables have brought to light. And tens of thousands of those State Department documents are yet to be released.

Now if you've tried to see them for yourself at WikiLeaks.org, you might have run into some problems. In fact, you probably got an error message. That's in part because all the files and website itself have been jumping around several different servers all over the world.

In some cases, WikiLeaks has been kicked off those servers. In others, there's a shutdown because of what are called denial-of-service attacks, basically computer hackers overwhelming the system.

So how does WikiLeaks manage to stay online at all? For more on that, I'm joined by Kevin Poulsen, he's a senior editor at Wired.com. Kevin, welcome.

Mr. KEVIN POULSEN (Wired.com): Thank you.

RAZ: First of all, what explains the fact that for much of today, you couldn't even find the WikiLeaks page?

Mr. POULSEN: Well, the latest problem that WikiLeaks had has to with a service called a domain name system server. Basically, it's a shared server that does the basic lookup of translating a name like WikiLeaks.org that you type into your Web browser into the numeric address that the Internet actually uses to get you to the website.

The DNS provider that was serving WikiLeaks decided that it could no longer perform that function because it was being hammered so hard by these denial-of-service attacks.

RAZ: How do they overwhelm a server?

Mr. POULSEN: A denial-of-service attack, basically, they're hackers that have secret control over thousands, or in some cases millions, of ordinary PCs around the world. Your own computer might be under a hacker's control right now.

RAZ: I hope not.

(Soundbite of laughter)

Mr. POULSEN: One of the things that they can do is they can direct thousands, or in some cases, millions of computers around the world all at once to flood any arbitrary target on the Internet with traffic. And so it overloads it. It's like jamming a switchboard.

It takes such a small level of will to do this. If you already have what they call a botnet, if you already have a network of hacked computers at your disposal, launching a denial-of-service attack on WikiLeaks is as simple as typing WikiLeaks' address into your computer.

RAZ: Now, who do we think is attacking these servers that are carrying the WikiLeaks page?

Mr. POULSEN: The first round of them that occurred Sunday, just as WikiLeaks was getting ready to launch the State Department cables, that's been attributed to a self-styled hactivist who calls himself The Jester.

He's for a while now been launching these attacks against jihadist websites. This time, apparently, he was offended by what WikiLeaks was doing, so he launched this attack. It was not a very powerful attack, but WikiLeaks was unprepared for it, and so they were down for some hours.

Since then, there have been more attacks, and the attribution on those is a little sketchier. They've gotten a little bit more powerful.

RAZ: Can we assume that there are governments involved with some of this?

Mr. POULSEN: I think there's no evidence that governments are involved. And there are so many other likely suspects. There are just so many people with the capability of launching distributed denial-of-service attacks, there's no reason to think that there's a state actor.

RAZ: The latest was that WikiLeaks.org was basically taken offline and changed to WikiLeaks.ch, which is for Switzerland.

Mr. POULSEN: Right. They've set up on at least four regional WikiLeaks addresses. So now they're at WikiLeaks.de, .fi, .nl, and they're back on .ch. So they're everywhere now, everywhere except WikiLeaks.org.

RAZ: Kevin, thanks so much.

Mr. POULSEN: Thanks for having me.

RAZ: That's Kevin Poulsen. He's a senior editor at Wired.com.

Copyright © 2010 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.

NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.