In First, Cyberattack Takes Wikipedia Offline; Outages Still Reported Across Globe

Millions across the world could not access Wikipedia over the weekend in what some say was the first successful cyber attack against the online encyclopedia

A map showing Wikipedia outages during the attack.

A cyberattack took Wikipedia offline over the weekend and prevented millions across the globe from accessing the free encyclopedia, in what experts say is the first successful attempt to block access to the site wholesale through “smart” objects connected to the internet.

Haaretz Weekly Ep. 39Haaretz

“Today, Wikipedia was hit with a malicious attack that has taken it offline in several countries for intermittent periods. The attack is ongoing and [our team is] working hard to stop it and restore access to the site,” the Wikimedia foundation that oversees Wikipedia wrote in a statement Saturday. 

On Friday, users across the globe started to report that they could not access Wikipedia. Two internet access watchdogs confirmed the attack, with Down Detector, which traces online outages, reporting access issues persisting as late as Saturday evening throughout Europe and the Middle East. Countries still affected include Israel, Saudi Arabia, Kuwait, The Netherlands, Poland and Ukraine.

“On Friday afternoon we identified Wikipedia disruptions in the Americas and Europe. Users began reporting that articles wouldn't load or were loading slowly around this time. For others, things were working just fine but the outages progressed to a near-total loss of access to all Wikipedia language editions in some regions. These outages had an impact across much of Europe, as well as parts of the Middle East and South Asia for several hours,” said Alp Toker, who heads NetBlocks, an internet access watchdog that also confirmed the existence of the attack.

According to Toker, “millions” of people arround the globe were effect by the attack, that lasted at least nine hours. “Our data suggest at least two regional networks were targeted, in the U.S. and in Europe, causing different parts of the world to be out at different times,” he says. 

Though access to Wikipedia has been blocked in the past - for example, there was an outage this May and another in September 2017 - this is the first time Wikimedia has confirmed that the cause was an attack. 

“We condemn these sorts of attacks. They’re not just about taking Wikipedia offline. Takedown attacks threaten everyone’s fundamental rights to freely access and share information,” the Wikimedia foundation said.

Indeed, Toker says that initially the disruptions “sparked fears of government censorship in some countries and led others to believe the entire internet had gone down.” Indeed Wikipedia has been blocked locally in a number of countries: In 2017 it was blocked in its entirety in Turkey (at the time, Haaretz revealed it was four different articles that had angered the regime in Ankara); and it has been blocked in China since this May, after years in which Beijing would block access to the website ahead of the anniversary of the Tiananmen Square protests.

However, this time, the attack was claimed by a hacker called UkDrillas. Though Wikipedia or its affiliates did not confirm that the hacker was behind the attack, the German chapter of Wikimedia tweeted that it was a DDoS attack that had hit the site, very much in line with the hackers’ tweets. In a string of tweets, the online saboteur laid out a timeline of his attacks and said he also targeted the site switch. In a subsequent tweet, he claimed he was only “testing some new IOT devices.” His twitter account was blocked on Saturday night. 

According to experts like Toker, this type of attack, as well as the timeline tweeted out by the hacker, matches technical data from the outages, helping to establish a credible link between them.

A DDoS attack is when a number of computers are infected with a virus that sends them en masse to a single website, in an attempt to flood its servers and cause them to crash. 

“In effect, Wikipedia is so busy serving those fake requests that it can't meet demand from real visitors, and service is denied,” Toker explains. 

In this case, it looks like a relatively new type of attack of this nature was used, but instead of personal computers being infected and harnessed, objects connected to the internet as part of the so-called Internet of Things were used. 

“The internet has a problem,” Toker explains, “the same open architecture that facilitated innovation and growth is leaving critical services and infrastructure vulnerable to attack. The IoT devices filling our homes are ticking time bombs.

“Organizations like the Wikimedia Foundation seek to maintain a direct relationship with users in the interest of privacy, which means they can't readily opt for commercial DDoS protection services. Developing defenses against large-scale attacks while running a free and open service is an unsolved technical problem.”

The hacker has vowed the attacks will be renewed tomorrow.