[133849] in North American Network Operators' Group
Spamhaus under DDOS from AnonOps (Wikileaks.info)
daemon@ATHENA.MIT.EDU (Steve Linford)
Sat Dec 18 07:58:34 2010
From: Steve Linford <linford@spamhaus.org>
To: NANOG list <nanog@nanog.org>
Date: Sat, 18 Dec 2010 12:58:27 +0000
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
As many of you know, both Trend Micro and Spamhaus have published =
warnings about a Wikileaks mirror site 'wikileaks.info' which is run by =
the person or persons behind 'AnonOps' from an IP address of a Russian =
dedicated cybercrime host (Heihachi) on which there is nothing but =
malware and other cybercrime. Innocent people seeking to read or =
download Wikileaks documents are being directed to the rogue =
wikileaks.info server and into the hands of the crime gangs located =
there.
For trying to warn about the crime gangs located at the wikileaks.info =
mirror IP, Spamhaus is now under ddos by AnonOps. The criminals there do =
not like our free speech at all.
As our site can't be reached now, you can not read our article on this, =
and we can not continue to warn Wikileaks users not to load things from =
the Heihachi IP. If you know journalists who would get this message out =
to Wikileaks users, please forward this message (entire) to them.
The anonymous folks at AnonOps did not like our article update, here's =
what we said and what brought the ddos on us:
----
In a statement released today on wikileaks.info entitled "Spamhaus' =
False Allegations Against wikileaks.info", the person running the =
wikileaks.info site (which is not connected with Julian Assange or the =
real Wikileaks organization) called Spamhaus's information on his =
infamous cybercrime host "false" and "none of our business" and called =
on people to contact Spamhaus and "voice your opinion". Consequently =
Spamhaus has now received a number of emails some asking if we "want to =
be next", some telling us to stop blacklisting Wikileaks (obviously they =
don't understand that we never did) and others claiming we are "a pawn =
of US Government Agencies".
None of the people who contacted us realised that the "Wikileaks press =
release" published on wikileaks.info was not written by Wikileaks and =
not issued by Wikileaks - but by the person running the wikileaks.info =
site only - the very site we are warning about. The site data, disks, =
connections and visitor traffic, are all under the control of the =
Heihachi cybercrime gang. There are more than 40 criminal-run sites =
operating on the same IP address as wikileaks.info, including =
carder-elite.biz, h4ck3rz.biz, elite-crew.net, and bank phishes =
paypal-securitycenter.com and postbank-kontodirekt.com.
Because they are using a Wikileaks logo, many people thought that the =
"press release" was issued "by Wikileaks". In fact there has been no =
press release about this by Wikileaks and none of the official Wikileaks =
mirrors sites even recognise the wikileaks.info mirror. We wonder how =
long it will be before Wikileaks supporters wake up and start to =
question why wikileaks.info is not on the list of real Wikileaks mirrors =
at <a href=3D"http://wikileaks.ch/mirrors.html">wikileaks.ch</a>.
Currently wikileaks.info is serving highly sensitive leaked documents to =
the world, from a server fully controlled by Russian malware =
cybercriminals, to an audience that faithfully believes anything with a =
'Wikileaks' logo on it.
Spamhaus continues to warn Wikileaks readers to make sure they are =
viewing and downloading documents only from an official Wikileaks mirror =
site. We're not saying "don't go to Wikileaks" we're saying "Use the =
wikileaks.ch server instead".
----
Steve Linford
The Spamhaus Project
http://www.spamhaus.org
