Two days ago, on September 7, Wikipedia confirmed with an official statement that it was hit by a malicious attack a day before causing it to go offline in many countries at irregular intervals. The “free online encyclopedia” said the attack was ongoing and the Site Reliability Engineering team is working to curb the attack and restore access to the site.
According to downdetector, users across Europe and parts of the Middle East experienced outages shortly before 7pm, BST on September 6.
The UK was one of the first countries that reported a slow and choppy use of the site. This was followed by reports of the site then being down in several other European countries, including Poland, France, Germany, and Italy.
Source: Downdetector.com
By Friday evening, 8.30 pm (ET), the attack extended to an almost-total outage in the United States and other countries. During this time, there was no spokesperson available for comment at the Wikimedia Foundation.
⚠️ Alert: #Wikipedia is now down across the #US and much of the world, following hours of intermittent disruption caused by a major #DDoS attack; incident ongoing #WikipediaDown 📉
📰 https://t.co/OyuN6MwxIH pic.twitter.com/WxdX4ZQE5o
— NetBlocks.org (@netblocks) September 7, 2019
On September 6, at 20:53 (UTC) Wikimedia Germany then informed users by tweeting that a “massive and very” broad DDoS (Distributed Denial of Service) attack on the Wikimedia Foundation servers, making the website impossible to access for many users.
Die Wikimedia-Server der @Wikimedia Foundation, auf denen auch Wikipedia gehostet wird, werden gerade durch einen massiven und sehr breit angelegten DDoS-Angriff lahm gelegt. #Wikipedia und ihre Schwesterprojekte sind daher vorübergehend nicht erreichbar. Sorry! https://t.co/fAemzOGhfm
— WikimediaDeutschland (@WikimediaDE) September 6, 2019
The official statement on the Wikimedia foundation reads, “We condemn these sorts of attacks. They’re not just about taking Wikipedia offline. Takedown attacks threaten everyone’s fundamental rights to freely access and share information. We in the Wikimedia movement and Foundation are committed to protecting these rights for everyone.”
Cybersecurity researcher, Baptiste Robert, with the online name Elliot Anderson wrote on Twitter, “A new skids band is in town. @UKDrillas claimed they are behind the DDOS attack of Wikipedia. You’ll never learn… Bragging on Twitter (or elsewhere) is the best way to get caught. I hope you run fast.”
A new skids band is in town. @UKDrillas claimed they are behind the DDOS attack of Wikipedia.
You’ll never learn… Bragging on Twitter (or elsewhere) is the best way to get caught. I hope you run fast. pic.twitter.com/f97aj6ttwZ
— Elliot Alderson (@fs0c131y) September 6, 2019
taking a closer look at the Wikipedia DDOS using backscatter data from a new /16. in this data I'm seeing a spike in backscatter traffic from Wikipedia's AS14907, between 18:00 UTC Sept 6 and 00:30 Sept 7. two IPs that were attacked targeting two distinct TPC ports. pic.twitter.com/np2HzdbcvS
— Andree Toonk (@atoonk) September 7, 2019
To know about this news in detail, read Wikipedia’s official statement.
Other interesting news in Security
CircleCI reports of a security breach and malicious database in a third-party vendor account