Spamhaus suffers DDoS attack

Anti-spam outfit Spamhaus has found itself under DDoS attack after sending out a warning that could be hosted by "Russian crminals".

Steve Linford of Spamhaus sent this to a private anti-spam list and asked that the message get out far and wide: 'For speaking out about the crime gangs located at the mirror IP, Spamhaus is now under ddos by AnonOps. As our site cannot be reached now, we can not continue to warn Wikileaks users not to load things from the Heihachi IP. ...

AnonOps did not like our article update, here is what we said and what brought the ddos on us.'"

"Spamhaus continues to warn Wikileaks readers to make sure they are viewing and downloading documents only from an official Wikileaks mirror site. We’re not saying 'don’t go to Wikileaks' we’re saying 'Use the server instead.'" Here is Spamhaus's full warning.

In a statement released today on entitled "Spamhaus' False Allegations Against", the person running the site (which is not connected with Julian Assange or the real Wikileaks organization) called Spamhaus's information on his infamous cybercrime host "false" and "none of {your} business" and called on people to contact Spamhaus and "voice your opinion". Consequently Spamhaus has now received a number of emails some asking if we "want to be next", some telling us to stop blacklisting Wikileaks (obviously they don't understand that we never did) and others claiming we are "a pawn of US Government Agencies".

None of the people who contacted us realised that the "Wikileaks press release" published on was not written by Wikileaks and not issued by Wikileaks - but by the person running the site only - the very site we are warning about. The site data, disks, connections and visitor traffic, are all under the control of the Heihachi cybercrime gang. There are more than 40 criminal-run sites operating on the same IP address as, including,,, and bank phishes and

Because they are using a Wikileaks logo, many people thought that the "press release" was issued "by Wikileaks". In fact there has been no press release about this by Wikileaks and none of the official Wikileaks mirrors sites even recognise the mirror. We wonder how long it will be before Wikileaks supporters wake up and start to question why is not on the list of real Wikileaks mirrors at

Currently is serving highly sensitive leaked documents to the world, from a server fully controlled by Russian and German malware cybercriminals, to an audience that faithfully believes anything with a 'Wikileaks' logo on it.

Spamhaus continues to warn Wikileaks readers to make sure they are viewing and downloading documents only from an official Wikileaks mirror site. We're not saying "don't go to Wikileaks" we're saying "Use the server instead".

Update 18 December

A DDOS attack was launched on today in retaliation for us warning Internet users about the Russian-German cyber criminals behind the Wikileaks mirror

Spamhaus is currently under a 2.1Gbps DDOS attack which began at 05:20 CET. As we are used to DDOS attacks from cybercriminals our anti-ddos defences are holding and our web servers are still operating, a little slower than normal.

By no coincidence, the 'AnonOps' DDOS group is also hosted by the same Heihachi Russian-German cybercrime gang in the same CIDR as = =

In addition to the LOIC and *OIC tools issued to dimwitted script kiddies to DDOS "enemies of Anon" with, AnonOps is now escalating its DDOS attacks using dedicated criminal botnets (botnets of illegally hijacked PCs), and now appears to be directing DDOS attacks not at "enemies of Wikileaks" but at "enemies of our criminal bosses".

There is palpable irony in a DDOS being used to prevent exposure of a probably-false Wikileaks mirror that could potentially harm Wikileaks and Wikileaks readers. We hope that AnonO