Experts suspect 'patriotic' hacker behind attacks on WikiLeaks site

By Ellen Nakashima
Washington Post Staff Writer
Tuesday, November 30, 2010; 11:09 PM

Somebody doesn't like WikiLeaks.

Since Sunday, the online site dedicated to exposing government and corporate secrets has suffered two computer assaults, each of which has overwhelmed its servers and rendered the site temporarily inaccessible.

Some observers immediately speculated the attacker might be the U.S. government, which has condemned WikiLeaks' posting of more than 250,000 diplomatic cables.

Experts said a more likely culprit is a "patriotic" hacker incensed by WikiLeaks' publication of massive amounts of classified government material.

"You have ethical hackers who are really opposed to the notion that you should be the one to decide what information should be disseminated," said Mark D. Rasch, a former federal cyber-crime prosecutor and now a security consultant.

The "denial of service" attacks, in which a site is bombarded by data, have been small to medium in scope, said Craig Labovitz, chief scientist at Arbor Networks, a security firm. The first assault registered two to four gigabits of data per second - "modest in the relative scheme of recent attacks against large Web sites," he said in a blog post.

The second attack, which began Tuesday, was larger. WikiLeaks, on its Twitter feed, said that it exceeded 10 gigabits per second. But it "still doesn't rise to some of the really large attacks we've seen on a regular basis," Labovitz said in an interview.

A Twitter user whose handle is "Jester" and who has a history of denial-of-service attacks claimed responsibility for the first attack, Labovitz said.

According to cyber-threat researcher Richard Stiennon, Jester is a former Special Forces soldier who has gone after sites he associates with al-Qaeda and terrorists. "He has real capability," Stiennon said. "If he says he took down WikiLeaks, he took down WikiLeaks."

Stewart A. Baker, a former general counsel for the National Security Agency, said it would be pointless for the government to attack a site such as WikiLeaks, because "all you'll do is turn it into a gypsy Web site. They'll find someplace to go."

Plus, he said, it would be a public relations coup. "They'll portray their every move as a victory over 'the man,' " he said.

Shortly after the first denial-of-service incident, WikiLeaks shifted its site from a Swedish hosting service to servers in Ireland and the United States, Labovitz said.

The government is more restricted in its ability to target Web sites when they are domestically based, in part because of First Amendment protections, said a government official familiar with cyber policy.

Although the recording industry can ask Web sites to remove material deemed to infringe on copyrights, no such law exists for national security purposes, Baker said. Government agencies, however, can ask Web sites to remove material that is in violation of their terms of service - a call for the assassination of Americans, for example.

WikiLeaks hardly falls into that category, the government official said, adding: "This leak is embarrassing, but it's not really a national security threat."

© 2010 The Washington Post Company