PayPal suffers DoS for spurning Wikileaks

PayPal was attacked last night in a denial-of-service attack which took its blog offline for about eight hours, according to security researchers.
Written by Darren Pauli, Contributor

update PayPal was attacked last night in a denial-of-service attack which took its blog offline for about eight hours, according to security researchers.

Julian Assange

Wikileaks co-founder, Julian Assange(Julian Assange image, by New Media Days, CC BY-SA 2.0)

The attacks came in response to a move by the payment giant to stop providing services to whistleblower website Wikileaks for donations.

PayPal said Wikileaks had breached its user policies which prevent its services being used to support criminal activity. Wikileaks is in the process of leaking more than 250,000 US diplomatic cables it leaked last week, which has brought censure from many nations, as well as investigations into the legality of the leaks.

"ThePayPalBlog.com is now back up after 75 service interruptions and 8 hours 15 minutes of total downtime. This report doesn't take into account the many hours that ThePayPalBlog.com resolved to a 403 error," PandaBlogs researcher Sean-Paul Correll said in a blog post.

The attack on the blog site was only launched by a few users, Correll said.

PayPal has confirmed that the blog, which sits on a different server to the main site, was down for a few hours and said that the matter was under investigation. It believed that the service interruption was due to internal infrastructure issues.

Correll said on his blog that he believed that those involved in a DoS campaign against the music industry called "Operation: Payback", were involved in the attack.

"On the other side of the attack spectrum, the anonymous attackers involved in Operation: Payback have vowed to take a temporary break from their mega-assault on the entertainment industry in order to spend some time helping Wikileaks."

Although few users were said to be involved, the attack might be the forerunner of a larger DoS campaign in support of Wikileaks.

A poster has appeared on a file upload site which appears similar to those used to coordinate and promote official Anonymous DoS campaigns. Forum posts have also given suggestions on how to handle a campaign.

Wikileaks has had a hard week. Users struggled to access the site after its domain name system services were cut off by US provider EveryDNS.net, after which the Pirate Party and other supporters opened mirror web sites across Europe.

The website was earlier dumped from Amazon's cloud hosting service after two large DoS attacks against the site.

Founder Julian Assange is under fire for his role in leaking the cables. The Australian citizen has also reportedly said that he received death threats.

Wikileaks said it would release a 'bomb' of sensitive information if the site is taken offline. The cables have reportedly been encrypted and sent to thousands of users around the world. It has also said it intends to release confidential documents reportedly revealing criminal activity at a major US bank.

Updated at 10:55am, 7 December 2010: added comment from PayPal.

Editorial standards