The Russia vs Georgia Cyber Attack

Last month's lone gunman DDoS attack against Georgia President's web site seemed like a signal shot for the cyber siege to come a week later. Here's the complete coverage of the coordination phrase, the execution and the actual impact of the cyber attack so far - "Coordinated Russia vs Georgia cyber attack in progress" :

"Who’s behind it? The infamous Russian Business Network, or literally every Russian supporting Russia’s actions? How coordinated and planned the cyber attack is, and do we actually have a relatively decent example of cyber warfare combining PSYOPs (psychological operations), and self-mobilization of the local Internet users by spreading “For our motherland, brothers!” or “Your country is calling you!” hacktivist messages across web forums. Let’s find out, in-depth. With the attacks originally starting to take place several weeks before the actual “intervention” with Georgia President’s web site coming under DDoS attack from Russian hackers in July, followed by active discussions across the Russian web on whether or not DDoS attacks and web site defacements should in fact be taking place, which would inevitably come as a handy tool to be used against Russian from Western or Pro-Western journalists, the peak of DDoS attack and the actual defacements started taking place as of Friday."

Some of the tactics used :
distributing a static list of targets, eliminate centralized coordination of the attack, engaging the average internet users, empower them with DoS tools; distributing lists of remotely SQL injectable Georgian sites; abusing public lists of email addresses of Georgian politicians for spamming and targeted attacks; destroy the adversary’s ability to communicate using the usual channels -- Georgia's most popular hacking portal is under DDoS attack from Russian hackers.

Some of the parked domains acting as command and control servers for one of the botnets at 79.135.167.22 :
emultrix .org
yandexshit .com
ad.yandexshit .com
a-nahui-vse-zaebalo-v-pizdu .com
killgay .com
ns1.guagaga .net
ns2.guagaga .net
ohueli .net
pizdos .net
googlecomaolcomyahoocomaboutcom.net

Actual command and control locations :
a-nahui-vse-zaebalo-v-pizdu .com/a/nahui/vse/zaebalo/v/pizdu/
prosto.pizdos .net/_lol/

Consider going through the complete coverage of what's been happening during the weeked. Considering the combination of tactics used, unless the conflict gets solved, more attacks will definitely take place during the week. Continue reading →

Hacktivism Tensions - Israel vs Palestine Cyberwars

Oops, they did it again. The most recent case of hacktivism recently occurred :

"Shortly after IDF tanks rolled into Gaza, another old front of conflict was reopened early Wednesday morning, but in this battle Kassam rockets and artillery shells were replaced by worms and viruses as pro-Palestinian hackers shut down approximately 700 Israeli web domains. A range of different Web sites were targeted by the group, including Web sites of banks, medical centers, car manufacturers and pension funds.Well-known companies and organizations, including Bank Hapoalim, the Rambam Medical Center, Bank Otsar Ha-Hayal, BMW Israel, Subaru Israel and Citr en Israel, real estate company Tarbut-Hadiur and the Jump fashion Web site all found their Web sites shut down and replaced by the message: Hacked by Team-Evil Arab hackers u KILL palestin people we KILL Israel servers."

Zone-H has naturally covered the event and mirrored it, in between receiving an official PR release from the defacement group -- guess it's not just terrorists with cheap marketing teams given the badly structured press release. What these folks don't seem to be able to realize is that if they were to deface every web site hosting the infamous Muhammad cartoons, they would end up with a full-time job doing so. What's worth mentioning is the nature of defaced servers, banks, hospitals, private sector companies, my point is that if they were really up to causing havoc, they had the necessary privileges to do so. Let's not think on loud on worst case "what if" analysis though.

Defacements are a great example of PSYOPS , most importantly the indirect way of undermining a country's population confidence in their abilities to win any war or political campaign. During WWII brochures were laying around everywhere, and planes were dropping them across various cities to, either undermine, of influence the opinion of the locals towards their vision. The power of the Internet echo is what they're aiming to achieve, and while I may be whispering their "achievements" even further, the visitors of the affected sites partly got exposed to their propaganda. It's also to interesting to think of PSYOPS in reverse, that is users in countries with restrictive regimes trying to reach out the rest of world through malware -- beneficial malware, or beneficial PSYOPS?

What the current, emerging and future state of Hacktivism? In her outstanding research titled "Hacktivism and the Future of Political Participation", Alexandra Samuel points out some of the key points to keep in mind, and constructively speculates on the future trends.

At the bottom line, what's all the fuss about? No, it's not because an Israeli covert operative was kidnapped and held hostage, but because of an 18 years old "destruction machine" which reminds me of the way we used to argue and wage wars on the sand around the same age. The type of, "the wind has just blown your soldier way beyond the DMZ, and therefore we have no other choice but to attack you with all our forces. Resistance is futile!" conflicts.

Go to school, hell, even go to an ethical hacking one, or else you'll end up like a walking sausage having to squeeze yourself with a belt so tight in order not to have your pants fall down! Automated defacement tool shot courtesy of WebSense. And btw, how was your July Morning?

Related resouces :
Israeli-Palestinian Cyberconflict (IPCC) - the complete coverage back in 2001!
The Israeli-Palestinian Cyberconflict
Activism, Hacktivism, and Cyberterrorism : The Internet as a Tool for Influencing Foreign Policy
The Cycle of Cyber Conflict
Cyber Attacks During the War on Terrorism
Examining the Cyber Capabilities of Islamic Terrorist Groups
Cyberprotests : The Threat to the U.S Information Infrastructure
Analysis: U.S.-China 'cyberwar' fires blanks
Techno Imperialism and the Effect of Cyberterrorism
Cyberterrorism - don't stereotype and it's there!
Cyberterrorism - recent developments Continue reading →