The FSB’s Cyberwarriors (the RBN) attack Georgia

Last Updated on Sunday, 21 December 2008 01:51 Written by admin Saturday, 9 August 2008 08:14

UPDATE (11 August 2008): 2 news media outlets in Azerbaijan report being attacked by hackers under the direction of Russia’s Federal Security Services (FSB): ANS Press and the Azerbaijani Day.AZ news agency.

AP reports that the Georgian President’s Web site along with a Georgian television station’s site have been moved to a U.S. web hosting service in Atlanta, Georgia – Tulip Systems, Inc., however attacks (traced to Moscow and St. Petersburg) are continuing on the U.S. server.

—————-

The RBNExploit blog is in the forefront of reporting on the full scale cyberwar being conducted by Russia against Georgia. RBNExploit has been referenced by the McAfee Avert Labs blog as an authoritative source on this subject, along with the ShadowServer Foundation, Dancho Danchev, Brian Krebs, and David Bizeul. The following excerpts have been posted just a few hours ago:

Sat – 2008 08 09 5:00 EST: RBN (Russian Business Network) now nationalized, invades Georgia Cyber Space. As requested by community relay, the following is a report on the cyber war underway in parallel with conventional warfare. Many of Georgia’s internet servers were under external control from late Thursday, Russia’s invasion of Georgia commenced on Friday. It is further requested of any blog reader the information below is further relayed to the International Press and Community to ensure awareness of this situation. Also as much of Georgia’s cyberspace is now under unauthorized external control the following official press statement is circulated without modification. Report on the cyberwar is here.

Sat – 2008 08 09 16:00 EST: RBN Georgia Cyberwarfare 2. To explain to everyone else this is a full cyber siege of Georgia’s cyber space. As an update; within the community, our friends in Germany had managed to pierce the siege and gain a direct routing to Georgia via AS3320 DTAG Deutsche Telekom for a few hours. this afternoon. For the time being AS8359 COMSTAR Direct Moscow region network CJSC COMSTAR Direct Smolenskaya Sennaya Sq, 27 block 2 119121 Moscow, Russia, have intercepted this and are redirecting this route of cyber traffic via their servers. The good news is other German servers are now also attempting to access Georgia servers directly.  

For those of a technical nature we show the latest server routing map (see diagram below) which clearly shows the Russian based servers AS12389 ROSTELECOM, AS8342 RTCOMM, and AS8359 COMSTAR, controlling all traffic to Georgia’s key servers. For example here AS28751 CAUCASUS NET AS Caucasus Network Tbilisi, Georgia & AS20771 DeltaNet Autonomous System DeltaNet ltd 0179 Tbilisi Georgia

Even the Turkish (often RBN controlled) server AS9121 TTNet is now being blocked via COMSTAR, we understand via colleagues in Istanbul, the Turkish authorities are trying to regain control of these servers and provide direct routing to Georgia.

At this time all Georgia government web sites are unobtainable from US, UK, FR, and DE cyber space, as examples. All blog colleagues elsewhere please contact us if you are able to gain direct web access inbound.

We also relay, as requested, the warning not to depend on any web sites that ‘appear’ of a Georgia official source, but are without any recent statements i.e. Friday / Saturday Aug 8/9, as these are likely to be fraudulent.(my emphasis added)

For detailed background on this topic, read Russia’s cyberwarfare doctrine and Is the Russian Business Network protected by the Federal’naya Sluzhba Bezopasnosti?.

For additional background on the RBN:

The ShadowServer Foundation Report AS40989

The ShadowServer Foundation Report RBN Rizing

David Bizeul’s The Russian Business Network Study