Cyber Incident Victim: WikiLeaks
Date:
Jul 2016
Location:
United States of America
Summary
A hacker group executed a distributed denial-of-service (DDoS) attack against a prominent transparency organization's website, temporarily disrupting its operations. The attackers cited retaliation against Anonymous, another collective, which had previously published personal information about the group following an earlier compromise of the same target. The perpetrators claimed Anonymous members continued harassing them, prompting renewed offensive actions. Service was restored after the attack subsided, though mitigation challenges persist with such incidents. The conflict originated from prior adversarial interactions between the two hacking entities, with the victim organization caught in the crossfire of their dispute.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On July 6, 2016, the hacker group OurMine executed a Distributed Denial of Service (DDoS) attack against the WikiLeaks website, temporarily disrupting its availability. This incident marked the second time OurMine targeted WikiLeaks, following an initial attack in December 2015 when the group had reportedly taken down the site using similar methods. The July 2016 attack occurred amidst an ongoing conflict between OurMine and the decentralized hacker collective Anonymous. According to OurMine, the attack was retaliation against Anonymous for persistent harassment by one of its members, which had continued since the initial 2015 incident. The group specifically cited Anonymous's previous doxxing campaign against them – the public release of personal information allegedly identifying OurMine members – as a key motivator, though OurMine maintained the leaked information was inaccurate.
The DDoS attack overwhelmed WikiLeaks' servers with artificially generated traffic, causing temporary service disruption. OurMine proactively notified technology news outlet The Next Web about their actions, framing the attack as revenge against Anonymous. WikiLeaks restored service after mitigating the attack, though the article noted the inherent challenges in rapidly countering DDoS techniques. Anonymous did not respond to media requests for comment regarding the incident. This conflict originated when OurMine, then operating as an indiscriminate hacking group, first targeted WikiLeaks in 2015, prompting Anonymous to demand cessation of attacks and subsequently doxx OurMine members. The 2016 attack represented an escalation in this rivalry, with WikiLeaks becoming collateral damage in the dispute between the two hacker collectives.