Cybercrime , DDoS Protection , Fraud Management & Cybercrime

Wikipedia Investigates DDoS Attack

Sites in Europe, Middle East Affected Over the Weekend
Wikipedia Investigates DDoS Attack

The Wikimedia Foundation, which oversees the popular online encyclopedia, is investigating a distributed denial-of-service attack that temporarily blocked access to several of its regional sites over the weekend in parts of Europe as well as the Middle East.

See Also: Value Drivers for an ASM Program

In a statement, the foundation said that by Monday, access to all of the Wikipedia sites affected by the DDoS attack had been restored, and the not-for-profit organization was continuing to restore its infrastructure as well as investigate the cause of the attack.

The attack, which started sometime on Friday, affected several Wikipedia sites in Europe - including Poland, France, Germany and Italy - as well as parts of the Middle East, including Israel, according to Wikipedia remains one of the world's most popular websites, ranking in the Top 10, according to an analysis by Amazon Alexa.

"As one of the world's most popular sites, Wikipedia sometimes attracts 'bad faith' actors," Wikemedia Foundation says in its statement. "We condemn these sorts of attacks. They’re not just about taking Wikipedia offline. Takedown attacks threaten everyone's fundamental rights to freely access and share information. We in the Wikimedia movement and foundation are committed to protecting these rights for everyone.”

On Friday night, the official Twitter account for Wikipedia in Germany tweeted about the attack, noting the online encyclopedia's servers has been hit by a "massive and very broad DDoS attack."

Netblocks, an internet access watchdog group, also took notice of the attack, noting on Twitter that it appeared to have been amplified through the use of unsecure internet of things devices.

Claiming Responsibility

It's not clear where the attack against Wikipedia sites started, although at least one person claimed responsibility.

A Twitter user who goes by the handle "UkDrillas" claimed responsibility for the attack, according to a report in the Israeli publication Haaretz. In a series of tweets, the user laid out a timeline of his attacks. In a later tweet, he claimed he was only "testing some new IoT devices." After that, however, the user's Twitter account was blocked on Saturday night, according to

In its statement, The Wikimedia Foundation did not specify who may have been behind the attack, and spokesperson declined to discuss the issue further on Monday.

Terry Ray, a senior vice president and CTO at security firm Imperva, tells Information Security Media Group that since the motives behind these various DDoS attacks vary, security leaders need to ask themselves what's the cost of preventing an attacks versus the long-term damage to a company's image or brand that could result if the issue is not resolved quickly enough.

"The reason DDoS attacks are successful are simply because DDoS isn’t always perceived as a cybersecurity issue," Ray says. "Consider that DDoS doesn’t actually steal anything itself, beyond slowing or stopping businesses in some cases. DDoS is more of an up[time and reliability factor for businesses. Companies have to ask themselves what the cost is for downtime and media attention for these types of attacks - is the cost of mitigation worth the cost of downtime and brand? It’s a simple equation and one most businesses have already done. Wikipedia likely determined the cost of protection was more than the cost of DDoS business impact."

DDoS Attacks Increasing

While individual Wikipedia pages have previously been defaced and some countries have blocked access to the sites, this weekend's incidents may be the first time that the online encyclopedia has sustained a large-scale DDoS attack, Haaretz reports.

Those who wage DDoS attacks against websites and internet service providers sometimes attempt to use these incidents to make a profit. For example, earlier this year, a British man pleaded guilty and was sentenced to prison following an attack in the West African country of Liberia. He claims he was paid $100,000 by a rival internet service provider to conduct the attack (see: UK Sentences Man for Mirai DDoS Attacks Against Liberia).

Meanwhile, a defendant who prosecutors say helped co-create the notorious Satori botnet pleaded guilty earlier this month to computer crime charges. Kenneth Currin Schuchman admitted that he and others attempted to rent out various botnets for DDoS attacks that others could use (see: Satori Botnet Co-Creator Pleads Guilty).

After a decrease in DDoS attacks in 2018, the numbers have increased during the first part of this year, according to a Kaspersky report. The total number of attacks climbed by 84 percent in the first quarter of 2019 compared to the fourth quarter of 2018, Kaspersky says. In addition, the number of attacks that lasted more than 60 minutes doubled quarter-over-quarter.

Kaspersky researchers attributed the fall in DDoS attack numbers at the end of 2018 to a market vacuum in botnet distribution. The researchers say the supply deficit was linked to the clamping down on DDoS attacks, the closure of sites selling related services and the arrest of some major players over the past year.

"Now it seems the vacuum is being filled: Such explosive growth in the indicators is almost certainly due to the appearance of new suppliers and clients of DDoS services," the Kaspersky report states.

About the Author

Apurva Venkat

Apurva Venkat

Special Correspondent

Venkat is special correspondent for Information Security Media Group's global news desk. She has previously worked at companies such as IDG and Business Standard where she reported on developments in technology, businesses, startups, fintech, e-commerce, cybersecurity, civic news and education.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.