cyberwarfare

Cyber-attacks "came from Abkhazia"

A few Russian-language media are beginning to publish reports about the hacking attack against Twitter, Facebook, and other Internet services on August 6, making it clear that the Georgian Internet blogger was attacked for saying that he believed Russia began the conflict of August 2008, and had prepared for it in advance.  Some of the Russian-language news reports are also being hacked, like the one below, from RBC Ukraine. The page containing the news is accessible for a few seconds, but is immediately replaced by a blank page:

РБК-Украина 08.08.2009, Лондон 12:54

Атаки хакеров на популярные интернет-ресурсы Twitter и Facebook были направлены против одного пользователя. По сообщению Би-би-си, целью злоумышленников был грузинский юзер “сухуми”, известный и в “живом журнале”. Атака на его дневники и записи была настолько мощной, что отразилась на сервисах в целом…В своем последнем опубликованном тексте сухуми приводил данные о начале войны, которые, на его взгляд, свидетельствуют о том,что Россия заранее готовила нападение на Грузию. Сам блоггер уверен, что именно Россия стоит за хакерской атакой.

The New York Times quotes Bill Woodcock, research director of The Packet Clearing House, as saying there was evidence that the attacks had originated from Abkhazia, which is now, like South Ossetia, under the Kremlin’s control.

Report: cyberattacks on Georgia came from FSB and GRU

Via Axis News:

Security researchers from Greylogic published a report which concluded that the Main Intelligence Directorate of Armed Forces of the Russian Federation (GRU) and the Federal Security Service (FSB), rather than patriotic hackers, were likely to have played a key role in co-ordinating and organising the attacks, The Register writes. More circumstantial evidence has emerged linking the Russian authorities to cyber-attacks on Georgia that coincided with a ground war between the two countries in July and August last year.

The Stopgeorgia.ru forum, which became a fulcrum for attacks of key Georgian websites last year, uses an ISP located a few doors down from GRU headquarters. Greylogic reckons the site was added as a front for state-backed cyber-attacks under the cover of cybercrime.

The StopGeorgia.ru forum was part of a bulletproofed network that relied on shell companies and false WHOIS data to (a) prevent its closure through Terms of Service violations, and (b) to mask the involvement of the Russian FSB/GRU. By mimicking the structure of the Russian Business Network, a cyber criminal enterprise, it creates plausible deniability that it is a Kremlin-funded Information Operation. Greylogic’s study concludes: “The available evidence supports a strong likelihood of GRU/FSB planning and direction at a high level while relying on Nashi intermediaries and the phenomenon of crowdsourcing to obfuscate their involvement and implement their strategy.” Nashi is a youth group in Russia founded four years ago to counter anti-Russian and fascist tendencies in the country. The group is supposedly funded by Russian businessmen, but a pipeline from the Kremlin is suspected, The Register says. Long-standing rumours that Russia was behind cyber-attacks on neighbouring countries were recently fuelled when State Duma Deputy Sergei Markov claimed that one of his assistants was responsible for instigating cyber-attacks against Estonia in 2007. Shortly after this, Konstantin Goloskokov, a “commissar” in Nashi, claimed he and other associates were responsible for the month-long cyber-assault on Estonia. The Project Grey Goose Phase II report is a follow-up to an October report by the same group of security researchers on the Georgian cyber war.

See also: Moscow called on cyberterrorists to attack Georgian government networks

U.S. candidates hacked

Via Newsweek:

On Aug. 20 the Obama campaign got its briefing from the FBI. The Obama team was told that its system had been hacked by a “foreign entity.” The official would not say which “foreign entity,” but indicated that U.S. intelligence believed that both campaigns had been the target of political espionage by some country—or foreign organization—that wanted to look at the evolution of the Obama and McCain camps on policy issues, information that might be useful in any negotiations with a future Obama or McCain administration. There was no suggestion that terrorists were involved; technical experts hired by the Obama campaign speculated that the hackers were Russian or Chinese.

Domain name change

On September 25 the Ingushetian authorities closed down the Ingushetiya.ru web site, which was owned by Magomed Yevloyev,the Ingush journalist, lawyer and businessman who on August 31 this year was murdered, it is believed, on the orders of President Murat Zyazikov. However, the site immediately changed its domain name and switched to a server the United States. It can now be accessed at the new URL Ingushetia.org.

At Window on Eurasia,  with particular reference to a recent interview with Russian security and intelligence expert Anatoly Soldatov, Paul Goble demonstrates how Moscow is currently struggling in its attempts to control the Internet,

… senior Russian intelligence officials have repeatedly called on Western governments to reach an agreement with Moscow to close sites that the Russian government has identified as connected with extremism or terrorism. But to date, no Western country has agreed to do that.

Great Britain had been edging toward an accord, the Agentura.ru editor says, but backed away after the Litvinenko murder. And as a result, “it is possible to register in England, to put out a Russian Internet publication and no requests from the Russian side will be considered. Simply because there is no legal basis for this.”

As a result, Soldatov concludes, Moscow will not be able to continue its struggle with independent-minded Internet sites without the use of hackers, a conclusion that the experience of other Russian sites tends to confirm (www.forum.msk.ru/material/news/533859.html and www.compromat.ru/main/internet/filter.htm).

Moscow called on cyberterrorists to attack Georgian government networks

In a report on a British government statement which confirms that Britain faces a steadily increasing threat of cyber attack, particularly from Russia and China, the London Times points to evidence that reveals the Kremlin’s involvement in cyberterrorism against Georgia:

SecureWorks, an Atlanta-based company, said it had discovered communications suggesting that computers associated with Russian state-owned organisations called on known web-based criminal gangs to attack Georgian government networks hours before airstrikes began nearly two weeks ago. Lord West [Britain’s Security Minister] said that he could not comment on the claims.