|
||
|
||
It seems like the online Russian population is getting mobilized. Like a meme spreading on the blogosphere, the mob is forming and starting to “riot”, attacking Georgia.
This seems very similar to the Estonian incident, only my current guess is natural evolution rather than grass-roots implanted—but I am getting more and more convinced of the similarities as more information becomes available. Determining exactly when the use of scripts by regular users started, is key to this determination.
So, this may possibly be in copy-cat fashion, filling in for the missing coordination that existed in Estonia’s case, or a duplicate after all. It is still too early to come to conclusions.
This information was received from Shadowserver, which posted a reduced public report on this subject on their wiki:
http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20080813
Great work from Shadowserver!
My Colleague Randy Vaughn, came up with the following theory, which is interesting to say the least, although still at this point contradictory to my own (but evidence is mounting):
“I would say more like the result of past training. That is, the .ee attacks served to set a behavioral response that will automatically trigger during any real or perceived conflict.”
Sponsored byWhoisXML API
Sponsored byVerisign
Sponsored byRadix
Sponsored byVerisign
Sponsored byDNIB.com
Sponsored byCSC
Sponsored byIPv4.Global
A World-Renowned Source for Internet Developments. Serving Since 2002.
Okay, so I love Gadi, but I have to disagree with him to a certain extent.
Yes, there are “hacktivist”, grass-roots elements which have arisen over the course of the past couple of days, and yes—they have been a component of the digital attacks on Georgian web properties. This is not in contention.
What _is_ (apparently) in contention, is that there is some Russian, state-sponsored participation, and/or whether some “previously-known” Russian/Ukrainian cyber criminals were somehow involved in this mess in the beginning. There was/is/are.
There are valid points to support this position.
There is substantial evidence that there was (and continues to be) involvement of “established” criminal operatives in attacking Georgian websites, manipulation of routing infrastructure, and ongoing maliciousness.
For instance, the use of “established” Botnets (some of which have been around for many months) were fingered as the culprits in the original DDoS attacks (TCP SYN and TCP RST attacks). Only later did we begin to observe “individual contributors” begin the grass-roots salvos.
So, this is a case of many issues converging into a big mess. Yes, there are hacktivist masses (as in the Estonian incidents). Yes, there is also the hand of established criminal elements. I draw no further connection, because it is virtually impossible to do so.
Let’s be real here—not everything is always as it appears. And vice versa.
- ferg