WikiLeaks Lesson: DDoS Threatens Cloud Computing

Literally moments after releasing more than a quarter-million sensitive U.S. diplomatic documents, WikiLeaks issued a distress call via Twitter that sounded like something out of Star Trek. It essentially read: “We’re under attack.”

The assault aiming to block access to the classified documents was nothing more than a distributed denial of service attack – commonly called DDoS. In hacking circles, DDoS is one of the oldest and relatively simplest of attacks. It leverages the Syn-Ack handshake that establishes all Internet connections. If you send enough connections to a single domain, it overwhelms the server by forcing it to respond to the flood of packets asking for the handshake.

DDoS attacks are potent, especially when launched from a botnet with tens of thousands of zombie machines. When such an attack is launched, it literally sends a flood of packets at a Web server from multiple sources, making it exceedingly hard to filter by IP address. Mild DDoS attacks simply slow down a site’s responsiveness. Major attacks nuke a site from the Internet until the flood receeds.

The WikiLeaks DDoS attack was launched by a patriotic hacker seeking to punish the site for disclosing pilfered State Department cables. It was a fruitless effort, given that WikiLeaks had shared the documents in advance with The New York Times and The Guardian newspapers. WikiLeaks isn’t the only site or entity to come under attack; sites such as Pirate Bay and Twitter, as well as the governments of South Korea and Republic of Georgia, have been targets.

DDoS attacks aren’t just a threat to websites and domains, but also a threat to Web services. What the WikiLeaks attacks and others like them demonstrate is the ability of hackers to disrupt operations through relatively simple means. Today it’s websites and social networks; tomorrow it could be Microsoft Office 365, Salesforce.com and Google Apps.

Interestingly, the cloud may be part of the solution. Reports have surfaced that at least part of WikiLeaks treasure-trove of information is hosted on Amazon Web Service. Given the distributed nature of the Amazon network, it’s proven exceedingly difficult to block access to specific bits of information and resources.

Security remains one of the top inhibitors to the adoption of cloud computing. Businesses fear having their data compromised through a breach of a third-party provider and the inability to prove regulatory compliance. The threat of DDoS attacks to disrupt operations and access to information takes that concern to a different level. Security has always been about the CIA Triad: confidentiality, integrity and availability. In the cloud computing world, availability will trump confidentiality and integrity, and hackers know that.