The FSB’s Cyberwarriors (the RBN) attack Georgia
Last Updated on Sunday, 21 December 2008 01:51 Written by admin Saturday, 9 August 2008 08:14
UPDATE (11 August 2008): 2 news media outlets in Azerbaijan report being attacked by hackers under the direction of Russia’s Federal Security Services (FSB): ANS Press and the Azerbaijani Day.AZ news agency.
AP reports that the Georgian President’s Web site along with a Georgian television station’s site have been moved to a U.S. web hosting service in Atlanta, Georgia – Tulip Systems, Inc., however attacks (traced to Moscow and St. Petersburg) are continuing on the U.S. server.
—————-
The RBNExploit blog is in the forefront of reporting on the full scale cyberwar being conducted by Russia against Georgia. RBNExploit has been referenced by the McAfee Avert Labs blog as an authoritative source on this subject, along with the ShadowServer Foundation, Dancho Danchev, Brian Krebs, and David Bizeul. The following excerpts have been posted just a few hours ago:
Sat – 2008 08 09 5:00 EST: RBN (Russian Business Network) now nationalized, invades Georgia Cyber Space. As requested by community relay, the following is a report on the cyber war underway in parallel with conventional warfare. Many of Georgia’s internet servers were under external control from late Thursday, Russia’s invasion of Georgia commenced on Friday. It is further requested of any blog reader the information below is further relayed to the International Press and Community to ensure awareness of this situation. Also as much of Georgia’s cyberspace is now under unauthorized external control the following official press statement is circulated without modification. Report on the cyberwar is here.Sat – 2008 08 09 16:00 EST: RBN Georgia Cyberwarfare 2. To explain to everyone else this is a full cyber siege of Georgia’s cyber space. As an update; within the community, our friends in Germany had managed to pierce the siege and gain a direct routing to Georgia via AS3320 DTAG Deutsche Telekom for a few hours. this afternoon. For the time being AS8359 COMSTAR Direct Moscow region network CJSC COMSTAR Direct Smolenskaya Sennaya Sq, 27 block 2 119121 Moscow, Russia, have intercepted this and are redirecting this route of cyber traffic via their servers. The good news is other German servers are now also attempting to access Georgia servers directly.For those of a technical nature we show the latest server routing map (see diagram below) which clearly shows the Russian based servers AS12389 ROSTELECOM, AS8342 RTCOMM, and AS8359 COMSTAR, controlling all traffic to Georgia’s key servers. For example here AS28751 CAUCASUS NET AS Caucasus Network Tbilisi, Georgia & AS20771 DeltaNet Autonomous System DeltaNet ltd 0179 Tbilisi Georgia
Even the Turkish (often RBN controlled) server AS9121 TTNet is now being blocked via COMSTAR, we understand via colleagues in Istanbul, the Turkish authorities are trying to regain control of these servers and provide direct routing to Georgia.
At this time all Georgia government web sites are unobtainable from US, UK, FR, and DE cyber space, as examples. All blog colleagues elsewhere please contact us if you are able to gain direct web access inbound.
We also relay, as requested, the warning not to depend on any web sites that ‘appear’ of a Georgia official source, but are without any recent statements i.e. Friday / Saturday Aug 8/9, as these are likely to be fraudulent.(my emphasis added)
For detailed background on this topic, read Russia’s cyberwarfare doctrine and Is the Russian Business Network protected by the Federal’naya Sluzhba Bezopasnosti?.
For additional background on the RBN:
The ShadowServer Foundation Report AS40989
The ShadowServer Foundation Report RBN Rizing
David Bizeul’s The Russian Business Network Study
Excellent post, nice research, I’m sharing with others. Fascinating (and sobering) topic.
Thanks, Lewis. There’s a lot here for study, particularly the “nationalization” of the RBN and the opening gambit of a cyber attack.
[...] Whilst the world is attempting to halt the escalation of the conflict, the Georgian Ministry of Foreign Affairs seems to be getting intelligence reports out using blog networks. For the more technical blog reader, more information appears to be held on this post at IntelFusion. [...]
[...] IntelFusion calls the internet attacks “full scale cyberwar.” [...]
I’ve been able to access some .ge sites (including Georgia’s national tourism site) from Japan.
The TV stations are no longer working. They can’t get word out. No one in the country knows what is happening.
Someone needs to think about what actually happened in the beginning.
What would the United States do if Mexico had troops in the Southwestern United States and the President of Mexico told Washington that the Mexican troops were there to protect the Mexicans living the States because they had Mexican passports?
The Mexicans living there want this part of the United States to secede from the United States even though the land is part of the United States.
The United States then sends in a small number of troops to make the Mexican troops leave. Fighting breaks out because the Mexican troops won’t leave. The Mexican government then sends in the Mexican army to fight the US troops.
Who is at fault the US (Georgia) or Mexico (Russia)?
I think the answer is clear… Russia!
[...] Two Azerbaijani media outlets claim they’re under assault, too. And some Russian sites are getting hit, in what appears to be a bit of [...]
Great blog. I like layout!!!!
[...] public links >> cyberwar The FSB’s Cyberwarriors (the RBN) attack Georgia Saved by AllanahK on Fri 17-10-2008 Cyberwar, Russian-style Saved by ciprianbanica on Fri [...]
[...] • On 8 August, large-scale cyber attacks against sites in Georgia began. The source of the cyber attacks was uncertain. Some reports attributed them to an organization called the “Russian Business Network”. [It cites Jeff here] [...]