Wednesday, January 28, 2009

Another Cyberwar? DDoS attack boots Kyrgyzstan from net

(the Register) The central Asian republic of Kyrgyzstan was effectively knocked offline for more than a week by a Russian cybermilitia that continues to flood the country's internet providers with crippling data attacks, a security expert said.

The attacks, which began on January 18, bear the signature of pro-Russian nationalists believed to have launched similar cyber assaults on the republic of Georgia in August, said Don Jackson, a researcher with Atlanta-based security provider SecureWorks. The attacks on Kyrgyzstan were so potent that most net traffic in and out of the country was completely blocked during the first seven days.

Over the past 48 hours, ISP have managed to mitigate some of the damage by relocating the servers of their biggest customers to different IP address ranges and employing a technique known as source filtering, which is designed to block harmful traffic while still allowing friendly packets through. Some media organizations and government opposition groups in the country of 5.3 million have not been so fortunate.

"If you're still one of those online media sites or you're still one of the targets by domain names, it's going to be hit or miss," Jackson told The Register. "A lot of the web services are still unavailable."

[...]

The culprits in the attacks on Kyrgyzstan are most likely a group of technically capable Russian citizens recruited by Russian officials, Jackson said. The vast majority of the drones that are bombarding the Kyrgyz targets are located in Russia. The geographic concentration makes source blocking a more effective countermeasure than when the bots are scattered throughout the world.

Jackson speculated the attacks are designed to silence opponents of Kyrgyz President Kurmanbek Bakiyev, who are demanding the leader reverse his plans to close an airbase to the US military in its war in Afghanistan. The Russian government wants the base closed, Jackson said.

* * * * * *
The article on theregister.co.uk is the most complete one. If you want to read more, here are some additional links:
http://www.boingboing.net/2009/01/24/report-kyrgystan-und.html
http://www.secureworks.com/research/blog/index.php/2009/01/28/kyrgyzstan-under-ddos-attack-from-russia/ (very good article with an explanation of the political situation between Kyrgyzstan and Russia and US)

Here you find a few articles (mainly from Wired and Wired Blog) on recent "Cyberwars" (from Estonia to Georgia)

No comments: