Home / Blogs

Mobilizing Russian Population Attacking Georgia: Similar to the Estonian Incident?

Gadi Evron

It seems like the online Russian population is getting mobilized. Like a meme spreading on the blogosphere, the mob is forming and starting to "riot", attacking Georgia.

This seems very similar to the Estonian incident, only my current guess is natural evolution rather than grass-roots implanted — but I am getting more and more convinced of the similarities as more information becomes available. Determining exactly when the use of scripts by regular users started, is key to this determination.

So, this may possibly be in copy-cat fashion, filling in for the missing coordination that existed in Estonia's case, or a duplicate after all. It is still too early to come to conclusions.

This information was received from Shadowserver, which posted a reduced public report on this subject on their wiki:

http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20080813

Great work from Shadowserver!

My Colleague Randy Vaughn, came up with the following theory, which is interesting to say the least, although still at this point contradictory to my own (but evidence is mounting):

"I would say more like the result of past training. That is, the .ee attacks served to set a behavioral response that will automatically trigger during any real or perceived conflict."

By Gadi Evron, Security Strategist
Follow CircleID on
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

Re: Mobilizing Russian Population Attacking Georgia: Similar to the Estonian Incident? Fergie  –  Aug 14, 2008 1:30 AM PDT

Okay, so I love Gadi, but I have to disagree with him to a certain extent.

Yes, there are "hacktivist", grass-roots elements which have arisen over the course of the past couple of days, and yes — they have been a component of the digital attacks on Georgian web properties. This is not in contention.

What _is_ (apparently) in contention, is that there is some Russian, state-sponsored participation, and/or whether some "previously-known" Russian/Ukrainian cyber criminals were somehow involved in this mess in the beginning. There was/is/are.

There are valid points to support this position.

There is substantial evidence that there was (and continues to be) involvement of "established" criminal operatives in attacking Georgian websites, manipulation of routing infrastructure, and ongoing maliciousness.

For instance, the use of "established" Botnets (some of which have been around for many months) were fingered as the culprits in the original DDoS attacks (TCP SYN and TCP RST attacks). Only later did we begin to observe "individual contributors" begin the grass-roots salvos.

So, this is a case of many issues converging into a big mess. Yes, there are hacktivist masses (as in the Estonian incidents). Yes, there is also the hand of established criminal elements. I draw no further connection, because it is virtually impossible to do so.

Let's be real here — not everything is always as it appears. And vice versa.

- ferg

To post comments, please login or create an account.

Related

Topics

IP Addressing

Sponsored byAvenue4 LLC

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byAfilias

Cybersecurity

Sponsored byVerisign

DNS Security

Sponsored byAfilias