On 21 October 2016, major sites across the internet were disabled as a result of a massive DDoS (Distributed Denial of Service) attack by unknown actors. By the end of the day, some extraordinary statements appeared on Twitter. They claimed the attack was in retaliation to events surrounding the fate of WikiLeaks and its founder, Julian Assange.
But the attack could have gone on for much longer if WikiLeaks hadn’t made it clear that Assange was not in danger, and asked for an end to the DDoS attack. And unless Assange’s safety is proven, a similar attack could well be on the cards.
How the attack worked
A ‘botnet‘ was at the heart of the attack. This is when hackers infect a computer network (bot) with malicious software without the users’ knowledge so that they can control the computers remotely to perform automated tasks.
Motherboard explains that
At one point during the outage, Hacktivist group Anonymous tweeted that the attack would continue. It then became clear that this was no ‘routine’ attack, but was affecting millions of people around the world.
Continue reading below...
But who was behind the attack? And why did it take place?
The warning signs
In the week leading up to the attack, various events took place:
- On 15 and 16 October, Julian Assange’s internet connection was partly cut. WikiLeaks said the Ecuadorian government had taken this action as it was concerned about the organisation’s interference in the US elections. Ecuador confirmed this, but insisted the restriction was only temporary and that “the circumstances that led to the granting of [Assange’s] asylum remain”.
- On 16 October, as a result of the restriction, WikiLeaks transmitted via Twitter three coded messages – or ‘Contingency Plans‘. It refers to these as ‘insurance files’, in case WikiLeaks or Assange come under direct threat.
On 17 October, Donald Trump advisor Roger Stone tweeted that the US had threatened Ecuador with “grave consequences” if Assange wasn’t silenced. He also claimed the US had asked the UK to revoke Ecuador’s diplomatic status, and that British forces were preparing to storm the embassy.
Then, a picture appeared of armed police outside the Ecuadorian Embassy in London on 18 October. WikiLeaks, meanwhile, released a detailed report on how there had been an attempt by online ‘dating agency’ ToddAndClare (T&C) to frame Assange – to make it look like Assange had been paid $1m by the Russian government. (For more on the ToddAndClare case, and its apparent relationship with a private intelligence-gathering agency in San Francisco linked to Hillary Clinton, see here.)
All these events combined set retaliation attempts in motion.
On 21 October, the DDoS attack brought down major internet sites like Twitter and Netflix. A number of Twitter accounts related the attack directly to Julian Assange, calling it a warning ‘not to touch a hair on his head’.
Hours later, WikiLeaks tweeted:
Mr. Assange is still alive and WikiLeaks is still publishing. We ask supporters to stop taking down the US internet. You proved your point. pic.twitter.com/XVch196xyL
— WikiLeaks (@wikileaks) October 21, 2016
Not long after that tweet, the DDoS attack ceased and sites were accessible again.
No one has claimed responsibility for what happened. But the reality is that it could have been even bigger and more dramatic than it was. If reports that Julian Assange was dead had been true, what we witnessed on 21 October would have been nothing compared with the cyber-firestorm that could have taken place. And with some supporters still unconvinced, WikiLeaks is now looking for ways to prove he is alive and well. If it can’t do this, another cyber-attack could be just around the corner.
– Read up on the latest from WikiLeaks.
– Donate to the Electronic Frontier Foundation.
– Request President Obama provides clemency to Edward Snowden.
Since you're here ...
We know you don't need a lecture. You wouldn't be here if you didn't care.
Now, more than ever, we need your help to challenge the rightwing press and hold power to account. Please help us survive and thrive.