May 24, 2007

Web Sites Under Attack in a Murky War

By Natalya Krainova
Staff Writer
Moscow Times

Estonia has created a stir with its accusations that Kremlin-based hackers targeted government web sites. But it is not alone in grappling with cyber attacks.

Hackers in recent months have targeted outspoken pro-Kremlin youth groups, opposition forces, ultranationalist organizations and media outlets, crashing their web sites with what is known as Distributed Denial of Service, or DDoS, attacks -- the same type of attack that Estonia says was launched against its sites.

And by all appearances, cyber attacks are becoming a popular means of silencing political opponents, and some observers see the recent wave of attacks as a rehearsal for upcoming State Duma and presidential elections.

Targeted organizations almost without exception blame political opponents.

"It's clear that the attacks were inspired and ordered by the Kremlin, no matter who executed them," Alexander Averin, spokesman for the banned National Bolshevik Party, said of a DDoS attack on his group's web site that left it offline for about 30 days in February and March. "It was an attempt to suppress the opposition's resources."

Hackers this year have also attacked the sites of groups as politically disparate as the ultranationalist Movement Against Illegal Immigration; the pro-Kremlin youth groups Nashi, Young Russia and Mestniye; and The Other Russia, the opposition coalition that has organized a series of Dissenters' Marches this year.


Alexander Kalugin, a spokesman for Young Russia, said a six-hour DDoS attack on his group's web site in March was likely the work of Estonian nationalists angered over its protests outside the Estonian Embassy over plans to relocate a Soviet World War II monument in central Tallinn that sparked a recent diplomatic dispute.

"We were burning Estonian banners and trampling an effigy of the Estonian president," Kalugin said.

The Movement Against Illegal Immigration had 40 of its regional web sites struck by DDoS attacks from early February to early April, said Alexander Belov, the organization's leader.

Belov blamed the security services for carrying out the attacks under the pretext of battling extremism.

Not only political organizations have been attacked. Two of the country's last independent-minded media outlets -- the Kommersant newspaper and Ekho Moskvy radio -- both had their web sites targeted earlier this month.

Kommersant web editor Pavel Chernikov said the May 2 attack was likely retribution over the transcript of self-exiled businessman Boris Berezovsky's questioning by Russian investigators in London over the poisoning death of former KGB officer Alexander Litvinenko.

Ekho Moskvy editor Alexei Venediktov said the attacks, which paralyzed the station's site from May 1 to May 4, were the work of "political forces not interested in people's free access to information."

"This attack was a rehearsal ahead of State Duma elections on how to subdue an informational web site," Venediktov said.

The radio station has appealed to the Interior Ministry to open a criminal investigation into the attacks.

Oleg Panfilov, head of the Center for Journalism in Extreme Situations, echoed Venediktov's assessment, calling the attacks on opposition web sites an "information war" aimed at "suppressing freedom of speech on the Internet."

But experts say there is little chance that the hackers will be brought to justice in these attacks, or those on Estonian sites.

At the height of the Russian-Estonian dispute this month over the relocation of the Soviet monument, Estonian Foreign Minister Urmas Paet issued a sharply worded statement that "cyber terrorist attacks" against Estonian government web sites had been traced to computers in the Russian presidential administration.

NATO has since sent a computer expert to Estonia to assess the ongoing attacks, which Estonia says started April 27, and Estonian Defense Minister Madis Mikko has likened them to military strikes.

In a DDoS attack, hackers use a so-called botnet, a network of computers that have been covertly infected to run malicious software. The botnet bombards a web site or server with requests from thousands of computers across the globe, thus making it inaccessible to legitimate web traffic. A computer owner might not even know that his computer is infected and sending the requests to a target server.

This is why the Estonian claim that the attacks came from the Russian presidential administration "may have some grounds and may not," said Mikhail Polyakov, who, when reached by telephone, identified himself as a top adviser in the administration.

Polyakov's name appeared as a contact on a list of IP addresses from which Estonia says the DDoS attacks have been conducted, a copy of which the Estonian Foreign Ministry provided to The Moscow Times.

The list includes the names, phone numbers and the work addresses for people who had registered with the IP addresses, and one of the addresses included is 4 Staraya Ploshchad, where the headquarters of the presidential administration are located.

The IP addresses in the Estonian list belong to various Russian government structures, including the Duma and the Federation Council, Polyakov said.

But even that doesn't mean Duma deputies or senators were somehow associated with the attacks, experts said.

"A professional connects to the server through anonymous IP addresses, and in this case there's no way he can be tracked down," said Yury Mashevsky, a computer virus expert with Moscow-based Kaspersky Lab.

"It's rare to find the true criminal," said Paul Sop, chief technology officer of the London-based Prolexic Technologies, which specializes in mitigating the consequences of DDoS attacks.

According to the Russian Criminal Code, anyone convicted of hacking can face up to two years in prison, while spreading computer viruses carries a maximum three-year sentence.

Political analyst Stanislav Belkovsky suggested that Vladislav Surkov, the powerful deputy head of President Vladimir Putin's administration, was running a "special department" orchestrating the attacks in order to "block information" ahead of the Duma elections in December and the presidential vote in March.

Kremlin spokesman Dmitry Peskov firmly denied such possibility, however.

"As far as I know, among the departments that Surkov supervises there are no departments in charge of the Internet," Peskov said.

Commenting on the information about attacks on Estonian web sites coming from the Russian president's administration, Peskov said: "I've repeatedly said that it doesn't represent the facts. These are very serious accusations. Estonia should have proof of them."

Peskov could not explain, however, why web sites of the Russian president's administration were detected by the Estonian security systems. Asked whether hackers could have used the presidential administration web sites like that, he said: "That's impossible."

1 comment:

Jackline said...

Hi Nice Blog .If your time is less valuable, then it is probably less worthwhile to web time clock .