A massive co-ordinated series of cyber attacks has forced hundreds of major websites from Amazon to Twitter offline across the globe – and WikiLeaks believes its supporters were responsible.
It urged its backers to ‘stop taking down the US internet’, saying ‘Mr Assange is still alive and WikiLeaks is still publishing’.
It then tweeted: ‘The Obama administration should not have attempted to misuse its instruments of state to stop criticism of its ruling party candidate.’
The Ecuadorian government switched off Assange’s internet service in its UK embassy Sunday after he released another tranche of emails showing the contents of a speech given by Hillary Clinton to Goldman Sachs.
WikiLeaks accused John Kerry and the US Government of asking Ecuador to shut down Assange’s internet connection, but the South American country denied it came under any pressure from the US or any other government.
The Department of Homeland Security has already launched an urgent investigation into the Friday’s crash, amid claims it could be a precursor to an attempt to disrupt the US Presidential election further.
The White House called the disruption malicious and a hacker group claimed responsibility, though its assertion couldn’t be verified.
Wikileaks has already come under fire for its decision to publish around 20,000 emails from John Podesta, Clinton’s campaign chair.
Internet service company Dyn, which controls the ‘address book’ of the internet for dozens of major companies, said that it had suffered its first denial of service (DDoS) attack shortly after 6AM ET (11AM BST), in an attack that mostly affected the east coast of the US.
It told CNBC the attack is ‘well planned and executed, coming from tens of millions of IP addresses at same time.’
It confirmed a second attack at 1PM ET, which appeared to be centered on UK servers, and later said ‘several’ attacks were underway on servers across the globe, with the west coast being particularly badly hit.
‘The complexity of the attacks is what is making it so difficult for us,’ said Kyle York, the company’s chief strategy officer. ‘What they are actually doing is moving around the world with each attack.’ He said an East Coast data center was hit first; attacks on an offshore target followed later.
Dyn said Friday evening a third cyber attack ‘has been resolved’.
It was not immediately clear who was responsible and Gillian Christensen of the U.S. Department of Homeland Security said the agency was ‘investigating all potential causes.’
Political commentor Keith Olbermann even raised the possibility it could be a precursor to an attack on election day.
‘Say, not to panic anybody, but what if the (attacks) today were practice for 11/8 ?’ he tweeted.
Despite WikiLeaks’ claims its supporters were behind the attacks, members of a shadowy collective that calls itself New World Hackers claimed responsibility for the attack via Twitter.
They said they organized networks of connected ‘zombie’ computers called botnets that threw a staggering 1.2 terabits per second of data at the Dyn-managed servers.
‘We didn’t do this to attract federal agents, only test power,’ two collective members who identified themselves as ‘Prophet’ and ‘Zain’ told an AP reporter via Twitter direct message exchange.
It was not immediately possible to verify the claim.
Dyn officials said they have received no claim of responsibility, but are working with law enforcement.
The collective, @NewWorldHacking on Twitter, has in the past claimed responsibility for similar attacks against sites including ESPN.com in September and the BBC on December 31. The attack on the BBC marshaled half the computing power of Friday’s onslaught.
The collective has also claimed responsibility for cyberattacks against ISIS. The two said about 30 people have access to the @NewWorkdHacking Twitter account. They claim 20 are in Russia and 10 in China.
‘Prophet’ said he is in India. ‘Zain’ said he is in China. The two claimed to their actions were ‘good’, presumably because they highlighted internet security problems.
Another collective member the AP previously communicated with via direct message called himself ‘Ownz’ and identified himself as a 19-year-old in London. He told the AP that the group — or at least he — sought only to expose security vulnerabilities.
Dyn first became aware of an attack Friday morning, focused on data centers on the East Coast of the U.S. Services were restored about two hours later. But then attackers shifted to offshore data centers, and problems continue.
The second attack broadened its net, affecting the U.S. West Coast. ‘Prophet’ of New World Hackers said hacktivists of the broad, more amorphous Anonymous collective piled on in the third wave on Friday afternoon.
‘We’ve stopped all our attacks,’ he said at mid afternoon.
The cyber attack meant that millions of internet users could not access the websites of major online companies such as Netflix and Reddit as well as the crafts marketplace Etsy and the software developer site Github, according to media reports.
The website Gizmodo said it had received reports of difficulty at sites for media outlets including CNN, The Guardian, Wired, HBO and People as well as the money transfer service PayPal.
‘This has prevented some of our customers from being able to pay with PayPal in certain regions,’ said Paypal spokeswoman Amanda Miller.
‘PayPal was not attacked directly, nor were any of our core services to business impacted in the disruption.’
Amazon.com Inc’s web services division, one of the world’s biggest cloud computing companies, also disclosed an outage that lasted several hours on Friday morning.
Doug Madory, director of internet analysis at Dyn, told Reuters he was not sure if the outages at Dyn and Amazon were connected.
‘We provide service to Amazon but theirs is a complex network so it is hard to be definitive about causality at the moment,’ he said.
Amazon could not immediately be reached for comment.
New Hampshire-based Dyn said its server infrastructure was hit by a distributed denial-of-service attack, which works by overwhelming targeted machines with malicious electronic traffic.
The level of disruption caused was hard to gauge, but Dyn provides internet traffic optimization to some of the biggest names on the web.
‘This morning, October 21, Dyn received a global DDoS attack on our Managed DNS infrastructure in the east coast of the United States,’ said Scott Hilton, executive vice president for products at Dyn, in a statement.
‘DNS traffic resolved from east coast name server locations are experiencing a service degradation or intermittent interruption during this time,’ Hilton added.
‘We have been aggressively mitigating the DDoS attack against our infrastructure.’
DDoS attacks are a primitive form of hacking using botnets – networks of computers that hackers bring under their control.
They do this by getting users to inadvertently download software, typically by following a link in an email or agreeing to download a corrupted file.
These botnets are then used to bombard the servers with simple requests for information carried out simultaneously, causing them to become overwhelmed and shut down.
The attack was first reported on website Hacker News, which named social media giant Twitter along with music service Spotify among a list of ‘sites down’.
‘O-M-G… Twitter is down.That’s what you may have heard many of your friends, family members and work colleagues saying today if they were based in the US and some other parts of the world,’ said Lee Munson, security researcher for Comparitech.com.
‘The reason being, online criminals have once again gone after a significant site with a DDoS attack.
‘Not Twitter, or other popular and equally affected sites such as Spotify, Reddit, Github and SoundCloud though, but rather DNS provider Dyn.
‘And that highlights a problem – any company running its own website may well have its own technology in place to mitigate DDoS attacks, but it’s all for nought if the DNS provider itself is not applying a sufficient enough level of protection to its own servers and data centres.’
Users in the UK were mostly unaffected by the issue.