By ROBERT MACKEY
http://thelede.blogs.In The Guardian, Danny Bradbury writes that before Kyrgyzstan made news this week by threatening to evict the United States military from a leased airbase, the country apparently endured a two-week attack on its Internet service by what one Web security expert called a "cyber-militia" based in Russia.
Mr. Bradbury reports that from Jan. 18 until last weekend, Kyrgyzstan, a former Soviet republic, was "pummeled by a massive distributed denial of service attack." In The Wall Street Journal last week, Christopher Rhoads reported that Don Jackson, the director of threat intelligence at an Atlanta-based Internet security firm called SecureWorks, pointed the finger at "Russia's cyber underground." As Mr. Rhoads wrote in The Journal:
The denial-of-service attack — which swamps Web sites with so many hits that they are forced to shut down — has targeted the two main Internet service providers in the country, which account for more than 80 percent of Kyrgyzstan's bandwidth, according to Mr. Jackson. The episode has shut down Web sites and made e-mailing impossible, he said.
On Mr. Jackson's SecureWorks blog, he summed up his findings last week:
The two primary Kyrgyzstan ISPs (www.domain.kg, www.ns.kg) have been under a massive, sustained DDoS attack almost identical in some respects to those that targeted Georgia in August 2008. Few alternatives for Internet access exist in Kyrgyzstan. With just two smaller IPSs left to handle the load, these attacks from Russian IP address space1,2 have essentially knocked most of the small Central Asian republic offline.
Last August, it was widely reported that, as CNET reported, the Georgian government had "accused forces within Russia of launching a coordinated cyberattack against Georgian Web sites, to coincide with military operations in the breakaway region of South Ossetia." On his blog, Mr. Jackson quotes Alexander Denezhkin, from the Russian firm Cybersecurity.ru, who said at the time, "Cyber-attacks are part of the information war, making your enemy shut up is a potent weapon of modern warfare."
(For more background on the August attacks on Georgian ether, see The Times' Mike Nizza's reporting for The Lede, and John Markoff's poston our sibling blog (blogling?) Bits.)
But Mr. Bradbury reports that another Web security expert, Jeffrey Carr, does not share Mr. Jackson's belief that the Russian government is responsible for the attacks. In a post on Mr. Carr's blog — headlined "Why I believe that the Kyrgyzstan Government hired Russian hackers to launch a DDOS attack against itself" — he explains that he thinks this is part of a government crackdown on an opposition party in Kyrgyzstan that uses the Internet to organize. Mr. Carr writes:
The most direct way to discover the motive behind the attacks is to look at what's happening simultaneously WITH the attacks. I created a list here. All but one are related to the formation of the United Popular Movement (UPM), who are calling for the ouster of Bakiyev because of cronyism and his lack of democratic reforms, as well as his inability to fix the ailing economy of the country. Denying the UPM Internet access, along with arresting their leaders, is a classic one-two punch.
Almost this exact scenario happened in 2005 when Bakiyev, then an opposition leader, successfully led a regime change against then President Akayev. Cyber attacks occured then as well, effectively blocking access to opposition Web sites.
Finally, the Kyrgyz government has the ability to combat this threat, and the office responsible has done nothing about it.
"This is not a sophisticated attack, and its being routed through Russian servers," Mr. Carr continued, adding that if the Kyrgyz government wanted to stop the attack, "it would be a relatively easy matter for them to do so."
If the government is indeed using cyber-militias to suppress political opposition, that would be a sad end to the story of the country's president, Kurmanbek Bakiyev, who led the "so-called Tulip Revolution" that forced the previous president out of office in 2005, and who was then elected president himself with nearly 90 percent of the vote. (Doubts about that revolution's true nature were raised within days, though: Craig Smith reported from Kyrgyzstan for The New York Times in 2005 that "the uprising a week ago begins to look less like a democratically inspired revolution and more like a garden-variety coup.")
Whatever the motive behind the attacks, a blogger at HostExploit.com sees describes the attacks on Kyrgyzstan as the drawing of a "Cyber Iron-Curtain" across the Internet as it runs through Russia to other countries that were once part of the Soviet Union.
Posts
No comments:
Post a Comment