The Tech Herald

WikiLeaks knocked offline by Anonymous - RefRef due Sept. 17

by Steve Ragan - Sep 1 2011, 11:45

On Tuesday, crashed, under what the organization called a heavy cyberattack. However, the developer behind RefRef, an application created for those associating with Anonymous to use instead of LOIC, said that WikiLeaks was taken offline during a test of the new tool. RefRef will be tested again Wednesday, before it is released on September 17.

RefRef is platform neutral tool, leveraging JavaScript and vulnerabilities within SQL to create a devastating impact on the targeted website. In late July, an Anon on IRC was promoting the tool, explaining to those in a room frequented by journalists that RefRef is pure JavaScript, and uses the target site’s own processing power against itself. In the end, the server succumbs to resource exhaustion due to RefRef’s usage.

As it turns out, the attack is launched client side, and will send a separate script in the connection request made to the target server. This request is actually the exploit itself, and once the server renders the code, it will continue to render it until crashing. In essence, the stronger the server, the faster it crashes. All from a JavaScript file that is no more than 52 lines of code.

At the time, The Tech Herald was able to get the Anon to open up some on the tool itself. “Imagine giving a large beast a simple carrot, [and then] watching the best choke itself to death,” explained the Anon promoting the tool.

Testing the code in July, a run of 17 seconds led to a 42 minute outage on, which was confirmed by Pastebin on Twitter. The test on Tuesday, which targeted, lasted just 72 seconds.

“WikiLeaks is currently under heavy attack. In order to fully protect the CableGate archives, we ask you to mirror it again,” the organization told Twitter followers.

It was assumed by the AP and other news organizations that WikiLeaks was down due to the controversy surrounding the latest batch of diplomatic cables.

As this was being written, the developers tested RefRef again, this time targeting The imageboard was offline for just a few minutes. This test lasted 16 seconds. was also an unwilling test subject. A 12 second test knocked the site offline for about two minutes.

In July, the Anon who announced RefRef told The Tech Herald that the tool itself exploits server vulnerabilities, and will work as long as the target server supports JavaScript and some type of SQL. Asked if the vulnerability being exploited could be patched, the Anon responded that it could, but added that administrators would have to “mass-patch” a file that actually affects many services.

As it turns out, this was incorrect. Originally, patching was unlikely to stop RefRef because, “most SQL servers are pulling from a master SQL host” and the tool itself targets “one of the most common SQL services, but also one of the most widespread,” the Anon added.

However, this has changed. Early Wednesday, the Anon who was testing RefRef before its release, said “…it seems they can patch it easily, not having to patch the SQL host.”

So once the SQL patch is released, and there is one coming, the tool itself will be useless. “A SQL patch will be out within a week, so we must all use it on the sites fast,” the Anon explained.

According to statements on Twitter, RefRef will be tested on Wednesday, against a high profile site, before its release to the public on September 17. Administrators wishing to get ahead of the game may want to watch for patch releases this month.

Comment on this Story

comments powered by Disqus


Lucky Escape from Out of Control Truck

This man had a lucky escape on a New Jersey Turnpike when he had to stop on the road du...

Concept Car Videos from Detroit Auto Show

As at every big car show manufacturers at the Detroit Auto Show 2015 were keen to give us th...

Concept Car Pictures from Detroit Auto Show

Well we still had a few pics from the in Detroit Auto Show to put up. These are some of...

Nissan #withdad Super Bowl Commercial Teaser

Nissan have revealed the first glimpse of their #withdad Super Bowl commercial set to s...

This Is What A Horror 150-Car Pile-up In Snow Looks Like (VIDEO)

This incredible footage shows the terrifying unfolding of a massive 150-car pile-up tha...