The Kyrgyzstan Cyber Attack That No One Is Talking About
Last Updated on Thursday, 22 January 2009 09:51 Written by admin Wednesday, 21 January 2009 09:56
A colleague alerted me a couple of days ago to a massive DDOS attack against Kyrgyzstan ISPs www.ns.kg and www.domain.kg which essentially shut them down on January 18, 2009. There are only 4 ISP providers for the entire country so this attack was clearly sending a message. Since the attacking IPs were Russian, and since the Russian government supports the current Kyrgyzstan President, I’m thinking that its a message to the opposition party.
A Kyrgyz journalist writes today (under a pseudonym) that the government is targeting opposition groups as they unite to form a new coalition, the United Peoples Movement (UPM). Here’s an excerpt:
As Kyrgyzstan’s feeble opposition unites into a new coalition, its leaders are coming under increasing pressure from the authorities.
The state general prosecutor has launched criminal investigations involving at least four opposition leaders in recent weeks. This past weekend, opposition leader Omurbek Tekebayev, chairperson of the Ata Meken Party, was arrested on vague weapons charges as he headed for a meeting in the northwestern Talas region. He has since been released.
Analysts are calling the inquiries politically motivated.
In late December, most opposition parties — from the left and right — joined to form the United People’s Movement (UPM). In its founding charter, the coalition seeks a new political system for Kyrgyzstan and the removal of President Kurmanbek Bakiyev from office. Complaining of widespread corruption, increasing human rights abuse, and the deterioration of living standards, the UPM is planning a series of protests for February and March. The broad movement boasts a prestigious membership roster, including two former prime ministers and two former foreign ministers.
According to this news release, “Kyrgyz opposition parliament deputies from the Social Democratic Party have not been allowed to use the parliament’s press center to brief journalists.” Interrupting Internet access seems to be an extension of the same repression of dissent.
A Grey Goose inquiry into the attacking IPs is ongoing to see if there are any connections with those used in past Russian-attributed cyber attacks.
UPDATE: An analyst colleague just pointed out that pressure from Russia towards Kyrgyz Presdident Bakiyevk to close U.S. access to a key airbase intensified on the same day as the DDOS attacks.
A group to counter cyber threats has been set up under the Kyrgyz Interior Ministry’s ninth main directorate, the deputy head of the ninth directorate said at a news conference on 12 January, according to the Kabar Kyrgyz news agency.
[...] We’ve shared the data with Project Grey Goose: http://intelfusion.net/wordpress/?p=509 [...]
[...] Die kirgisische cyberattacke über die niemand spricht (en) [...]
[...] The Kyrgyz parliament is set to vote on a bill that will close the US airbase in that country. Russia has been putting deep financial pressure on Kyrgyzstan to close the base, offering a significant financial carrot to do so in the way of loans and aid. But there’s also been a stick involved: a cyber-attack similar to those on Estonia and Georgia. [...]
[...] massive denial of service attacks. For a recap with analysis you will not see elsewhere see The Kyrgyzstan Cyber Attack That No One Is Talking About . This is not the first time that a major nation state has been accused of launching attacks like [...]