Kremlin Critics Say Russian Cyberspace Alive With DoS Attacks
One organization suggests recent surges in Internet disruptions are a political play to influence December's elections in the Russian Federation.
Cyberunrest continues throughout Russia and the Baltic states with reports of media and political Web sites being shut down through attacks similar to those that took down parts of Estonia's cyberinfrastructure in late April and early May. The U.S. Computer Emergency Readiness Team, or US-CERT, Monday reported the presence of politically motivated cyberattacks occurring in Russian cyberspace.
The Web site for Russia's United Civil Front, run by former chess champ turned political activist Garry Kasparov, experienced problems staying online, and hackers tried to break into the main site of the Center for Journalism in Extreme Situations, Oleg Panfilov, the center's director, told InformationWeek. He added that the sites of the several organizations "engaged in the protection of human rights" were also exposed to hacker attacks.
Panfilov believes the cyberdisruptions are a political play to influence December's elections in the Russian Federation, the lower house of the Federal Assembly of Russia, the country's legislature. The country's presidential election is set to take place in March 2008.
Despite the proximity of the attacks to those on Estonia and the allegations that the attacks were against groups perceived to be in opposition to the Kremlin, one security researcher doesn't find the attacks to be an extraordinary situation.
"There are at least 35,000 denial-of-service attacks every day," Alan Paller, director of research for the SANS Institute, told InformationWeek.
The Palestinians and Israelis have fought via cyberchannels in the past, as have Taiwan and China, Paller added. The attacks on Estonia's cyberinfrastructure have simply put the spotlight on distributed denial-of-service attacks aimed at sovereign entities. He warned not to jump to conclusions regarding who authorized and carried out the attacks, adding, "It's not about governments, it's about people who pretend to be speaking for governments."
Organizations monitoring the Internet get wind of potential trouble when certain routers, known as the "traffic cops" of the Internet, reveal problems with certain routes. Monitoring Web site response times is another way of determining whether there's a problem in cyberspace. Within the security community information is shared quite freely and rapidly, so a security researcher in Russia who notes latency or nonresponsiveness at certain Russian Web sites might share that information with colleagues in other nations in an attempt to see if the problem is isolated or systemic, said Paul Schmehl, senior information security analyst with the University of Texas at Dallas.
"It doesn't take long to see a common denominator -- e.g., traffic to RU addresses on port 80 is displaying a higher than normal latency," he adds. And only the most significant events become general public knowledge.
"Think of the Internet as a living organism," Schmehl said. "When someone steps on your toe, your brain knows about it almost instantly. The body, then, reacts appropriately to fend off or prevent further attacks."
Denial-of-service attacks are the method of choice for disrupting the operations of one's enemy. "These attacks work for one reason: The bad guy has more energy than the good guy," Marty Lindner, a senior member of Carnegie Mellon Software Engineering Institute's technical staff, told InformationWeek. Warding off such attacks requires a diversified IT infrastructure and plenty of bandwidth. If an organization isn't willing to invest in both, they expose themselves to a successful DDoS attack. "Online businesses -- such as eBay or Amazon -- will make it very expensive and difficult to attack them," he added. "The bigger the pipe, the harder it is to clog."
Government entities are faced with the same choices as businesses in terms of how to defend themselves against DDoS attacks, "except they're using tax dollars to fund their priorities," Lindner said. "If you can't successfully run your business (or government agency) in the event of an attack, you need to re-think how you've set up your infrastructure."
IT's Reputation: What the Data SaysInformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
What The Business Really Thinks Of IT: 3 Hard TruthsThey say perception is reality. If so, many in-house IT departments have reason to worry. InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business views IT's performance in delivering services - and, more important, powering innovation. The news isn't great.