During the South Ossetian conflict there have been a number of cyber attacks against both Russian and Georgian websites including a number of government websites and media outlets. This is not the first time malicious hacking has been used against a country. In 2007 another former soviet republic came under attack over the internet after Estonia moved the Bronze Soldier of Tallinn. the attack was believed to be done by pro-Kremlin groups, however there were suspicion that Russia maybe behind the attack. The sites were attacked with DDoS attacks using botnets, 100s of computers infected with malicious software form a virtual network used to hammer the victims servers making the website inaccessible. Other tactics included defacing websites, this is when a website’s home page (or all pages) are switched with an alternative, normally quite offensive, sometimes this can be quite harmless and just a prank or only show some propaganda, other times it can use malicious web pages that install malware on the visitors computers.
These same tactics have been used on Russian and Georgian websites. Websites attacked on the Georgian side include the Georgians presidents website. The website of the National Bank of Georgia was defaced with a gallery of dictators including the Georgian president. Several news websites have also been attacked including civil.ge, a website sponsored by USAID and the Swiss government. To keep going they set up a blogger blog where they are still posting articles. The Georgian foreign ministry was also attacked by DDoS attack and also had to set up a Blogger account to remain accessible to the outside world. In Russia the RIA Novosti news agencies website was unavailable for several hours due to attacks on there website and DNS server. Russia Today’s website was also attacked by a DDoS attack, security specialists said the IP address for the attacked was traced to Georgia.
There is speculation that the attacks could be state-sponsored by both sides. Russia has already been accused of state-sponsored cyberwarfare but there have been no evidence that the Kremlin has been behind any attacks. However Russia is believe to be home to a number of authors of worms that are capable of building huge botnets. Most notable been the Russian Business Network that is a cybercrime business, selling web hosting and internet access to all kinds of criminals. It operates under several alias in a number of countries from the UK to Panama. The leader and founder of the group “flyman” is believed to be a “powerful and well-connected Russian politician”. This is why many believe these attacks may be Russian back, this is because RBN are believed to be the authors of the Storm (or small.dam) worm, which is was first discovered in January 17, 2007 and is still spreading via e-mail today. This worm has built up a huge botnet that could be used to attack sites effectively. The Storm botnet is believed to be about 160,000 infected computers, but some estimates put the botnet’s site at 1,000,000 machines. Getting accurate figures of the botnet is difficult due to large growth.
Additionally censorship has been used in Georgia. All .ru domain names were blocked in Georgia but are now believed to be accessible again. Georgian websites civil.ge and other news websites were also blocked. Russian television channels were shut off, according to the Georgian government this was to avoid misinformed reports and Russian propaganda. It is not known if these channels are accessible again
0 comments:
Post a Comment