This was a bad idea on so many levels

Last Updated on Saturday, 20 June 2009 10:22 Written by admin Saturday, 20 June 2009 10:22

On the Weaponization of the Collaborative Web by Matthew Burton

Matt is a good man and a valued colleague and collaborator, but his rationale for engaging in a DDOS attack just fails on so many levels (some of which he himself mentions in his post).

My biggest concern is that as a self-identified past empolyee for a U.S. government intelligence agency, his engagement in an unauthorized computer Web site attack reflects on his former employer and on the U.S. government as a whole. Anyone engaged in collecting OSINT on U.S. gov employees will read Matt’s actions not as coming from a place of passion and sympathy but as the same kind of covert encouragement from State sources that we ascribe to the actions of Non-state hackers in geopolitical Web conflicts across the globe. This, of course, is NOT the case, but I’m sure that anyone reading this can see how easy it is to jump to that conclusion.

I’m glad that Matt’s final decision was to stop his attack. I just wish he didn’t make it in the first place.

Why I believe that the Kyrgyzstan Government hired Russian hackers to launch a DDOS attack against itself.

Last Updated on Wednesday, 4 February 2009 07:30 Written by admin Friday, 30 January 2009 11:32

The Kyrgyzstan cyber attacks of Jan 18 – ? have been getting a lot of press after my initial post about it on Jan 23, particularly since Don Jackson of SecureWorks blogged about it on January 28 and added his analysis. Don referenced my earlier post as well as the Grey Goose report (thanks Don), but I disagree with some of his findings. Here’s why.

1. This is not about denying U.S. forces access to the Manas air base in Kyrgyzstan. President Bakiyev is an ally of the Russian Federation. If Putin wanted to squeeze him into complying, he has many more effective options than a DDoS attack; the biggest stick right now being economic.

2. The most direct way to discover the motive behind the attacks is to look at what’s happening simultaneously WITH the attacks. I created a list here. All but one are related to the formation of the United Popular Movement (UPM), who are calling for the ouster of Bakiyev because of cronyism and his lack of democratic reforms, as well as his inability to fix the ailing economy of the country. Denying the UPM Internet access, along with arresting their leaders, is a classic one-two punch.

3. Almost this exact scenario happened in 2005 when Bakiyev, then an opposition leader, successfully led a regime change against then President Akayev. Cyber attacks occured then as well, effectively blocking access to opposition Web sites. 

4. Finally, the Kyrgyz government has the ability to combat this threat, and the office responsible has done nothing about it. The Kyrgyzstan Interior Ministry’s Ninth main directorate has been recently set up (in part) to counter cyber threats. Training is provided by Russian law enforcement agencies according to Taalay Kadyrkulov, deputy head of the Ninth Directorate (source: Bishkek AKIpress Online 12 Jan 09).

This is not a sophisticated attack, and its being routed through Russian servers. If Kadyrkulov or anyone else in the Kyrgyz government wanted it stopped, it would be a relatively easy matter for them to do so. The Russian government monitors and has full control over its servers at Golden Telecom Moscow and JSC Moscow, which represent a majority of the servers involved in this attack.

So in this case of competing hypotheses, I choose to believe the one with the least number of complexities and assumptions; that this is a simple case of an existing regime trying to retain power by silencing its opposition in every way possible, including hiring Russian hackers to launch DDOS attacks on their own Internet Service Providers.

UPDATE (2/4/09): Jose at Arbor Networks has an excellent post on this topic, and his point – that the attacks don’t appear via any of the usual channels – is another reason why I don’t believe that the Russian government is behind the DDoS attacks of January 18. It didn’t fit the profile of the past cyber attacks that have been attributed to Moscow.