
WikiLeaks suffers a DNS poisoning attack; The Guardian claims they were “hacked” - akvadrako
https://twitter.com/wikileaks/status/903196002202550272
======
bortzmeyer
No, nothing indicates it was a poisoning attack. Please check the facts.
[http://www.bortzmeyer.org/observations-
wikileaks.html](http://www.bortzmeyer.org/observations-wikileaks.html)

------
akvadrako
This looks like a typical DNS cache poisoning attack[1], which takes advantage
of insecure DNS caching servers. Users of those caching servers will be sent
to the wrong IP, so it is a successful attack of sorts. But there isn't much
the target website can do to prevent it.

[1]
[https://en.wikipedia.org/wiki/DNS_spoofing](https://en.wikipedia.org/wiki/DNS_spoofing)

~~~
bortzmeyer
What makes you tell it looks like DNS poisoning? It if were DNS poisoning,
some resolvers would have been poisoned but not all, while, here, everybody
saw the attacker's IP address. [http://www.bortzmeyer.org/observations-
wikileaks.html](http://www.bortzmeyer.org/observations-wikileaks.html)

~~~
akvadrako
You may be right - I was basing that information off statements that it was
only some users seeing the attack. I wasn't aware of a historic data source
that could show otherwise.

Your analysis looks pretty good but I disagree that DNSSEC would have stopped
the attack, because many users don't use validating resolvers.

