Kremlin Critics Say Russian Cyberspace Alive With DoS Attacks

Cyberunrest continues throughout Russia and the Baltic states with reports of media and political Web sites being shut down through attacks similar to those that took down parts of Estonia's cyberinfrastructure in late April and early May. The U.S. Computer Emergency Readiness Team, or US-CERT, Monday reported the presence of politically motivated cyberattacks occurring in Russian cyberspace.

The Web site for Russia's United Civil Front, run by former chess champ turned political activist Garry Kasparov, experienced problems staying online, and hackers tried to break into the main site of the Center for Journalism in Extreme Situations, Oleg Panfilov, the center's director, told InformationWeek. He added that the sites of the several organizations "engaged in the protection of human rights" were also exposed to hacker attacks.

Panfilov believes the cyberdisruptions are a political play to influence December's elections in the Russian Federation, the lower house of the Federal Assembly of Russia, the country's legislature. The country's presidential election is set to take place in March 2008.

The Web sites of Russian newspaper Kommersant and the Echo of Moscow radio station in early May suffered massive distributed denial-of-service attacks and were taken down in what Kommersant Web site's editor in chief speculated might be retaliation for the publication of a police interview with the exiled oligarch Boris Berezovsky.

Despite the proximity of the attacks to those on Estonia and the allegations that the attacks were against groups perceived to be in opposition to the Kremlin, one security researcher doesn't find the attacks to be an extraordinary situation.

"There are at least 35,000 denial-of-service attacks every day," Alan Paller, director of research for the SANS Institute, told InformationWeek.

The Palestinians and Israelis have fought via cyberchannels in the past, as have Taiwan and China, Paller added. The attacks on Estonia's cyberinfrastructure have simply put the spotlight on distributed denial-of-service attacks aimed at sovereign entities. He warned not to jump to conclusions regarding who authorized and carried out the attacks, adding, "It's not about governments, it's about people who pretend to be speaking for governments."

Organizations monitoring the Internet get wind of potential trouble when certain routers, known as the "traffic cops" of the Internet, reveal problems with certain routes. Monitoring Web site response times is another way of determining whether there's a problem in cyberspace. Within the security community information is shared quite freely and rapidly, so a security researcher in Russia who notes latency or nonresponsiveness at certain Russian Web sites might share that information with colleagues in other nations in an attempt to see if the problem is isolated or systemic, said Paul Schmehl, senior information security analyst with the University of Texas at Dallas.

"It doesn't take long to see a common denominator -- e.g., traffic to RU addresses on port 80 is displaying a higher than normal latency," he adds. And only the most significant events become general public knowledge.

"Think of the Internet as a living organism," Schmehl said. "When someone steps on your toe, your brain knows about it almost instantly. The body, then, reacts appropriately to fend off or prevent further attacks."

Denial-of-service attacks are the method of choice for disrupting the operations of one's enemy. "These attacks work for one reason: The bad guy has more energy than the good guy," Marty Lindner, a senior member of Carnegie Mellon Software Engineering Institute's technical staff, told InformationWeek. Warding off such attacks requires a diversified IT infrastructure and plenty of bandwidth. If an organization isn't willing to invest in both, they expose themselves to a successful DDoS attack. "Online businesses -- such as eBay or Amazon -- will make it very expensive and difficult to attack them," he added. "The bigger the pipe, the harder it is to clog."

Government entities are faced with the same choices as businesses in terms of how to defend themselves against DDoS attacks, "except they're using tax dollars to fund their priorities," Lindner said. "If you can't successfully run your business (or government agency) in the event of an attack, you need to re-think how you've set up your infrastructure."