WikiLeaks knocked offline by Anonymous RefRef due Sept 17

WikiLeaks knocked offline by Anonymous - RefRef due Sept. 17

wikileaks.org taken offline during refref test

On Tuesday, WikiLeaks.org crashed, under what the organization called a heavy cyberattack. However, the developer behind RefRef, an application created for those associating with Anonymous to use instead of LOIC, said that WikiLeaks was taken offline during a test of the new tool. RefRef will be tested again Wednesday, before it is released on September 17.

RefRef is platform neutral tool, leveraging JavaScript and vulnerabilities within SQL to create a devastating impact on the targeted website. In late July, an Anon on IRC was promoting the tool, explaining to those in a room frequented by journalists that RefRef is pure JavaScript, and uses the target site’s own processing power against itself. In the end, the server succumbs to resource exhaustion due to RefRef’s usage.

As it turns out, the attack is launched client side, and will send a separate script in the connection request made to the target server. This request is actually the exploit itself, and once the server renders the code, it will continue to render it until crashing. In essence, the stronger the server, the faster it crashes. All from a JavaScript file that is no more than 52 lines of code.

At the time, The Tech Herald was able to get the Anon to open up some on the tool itself. “Imagine giving a large beast a simple carrot, [and then] watching the best choke itself to death,” explained the Anon promoting the tool.

Testing the code in July, a run of 17 seconds led to a 42 minute outage on Pastebin.com, which was confirmed by Pastebin on Twitter. The test on Tuesday, which targeted WikiLeaks.org, lasted just 72 seconds.

“WikiLeaks is currently under heavy attack. In order to fully protect the CableGate archives, we ask you to mirror it again,” the organization told Twitter followers.

It was assumed by the AP and other news organizations that WikiLeaks was down due to the controversy surrounding the latest batch of diplomatic cables.

As this was being written, the developers tested RefRef again, this time targeting 4Chan.org. The imageboard was offline for just a few minutes. This test lasted 16 seconds. StormFront.org was also an unwilling test subject. A 12 second test knocked the site offline for about two minutes.

In July, the Anon who announced RefRef told The Tech Herald that the tool itself exploits server vulnerabilities, and will work as long as the target server supports JavaScript and some type of SQL. Asked if the vulnerability being exploited could be patched, the Anon responded that it could, but added that administrators would have to “mass-patch” a file that actually affects many services.

As it turns out, this was incorrect. Originally, patching was unlikely to stop RefRef because, “most SQL servers are pulling from a master SQL host” and the tool itself targets “one of the most common SQL services, but also one of the most widespread,” the Anon added.

However, this has changed. Early Wednesday, the Anon who was testing RefRef before its release, said “…it seems they can patch it easily, not having to patch the SQL host.”

So once the SQL patch is released, and there is one coming, the tool itself will be useless. “A SQL patch will be out within a week, so we must all use it on the sites fast,” the Anon explained.

According to statements on Twitter, RefRef will be tested on Wednesday, against a high profile site, before its release to the public on September 17. Administrators wishing to get ahead of the game may want to watch for patch releases this month.