[ISN] Botnets linked to political hacking in Russia

From: InfoSec News (alerts@private)
Date: Sun Dec 16 2007 - 22:15:06 PST


http://www.theregister.co.uk/2007/12/14/botnet_hacktivism/

By John Leyden
The Register
14th December 2007

Security researcher Jose Nazario has uncovered circumstantial evidence 
of the use of botnets in politically-motivated denial of service 
attacks.

Political events in the wider world are sometimes accompanied by hacking 
incidents in cyberspace, such as defacements and the like. Nobody paid 
much attention to the issue until the Estonian DDoS events of earlier 
this year when government and commercial sites in the small Baltic 
country were taken offline for days in April amid a row with Russia 
about relocation of a Soviet-era memorial to fallen soldiers and war 
graves.

Botnets orchestrated by Russian hackers are reckoned to have been used 
to fire up the Estonian attacks. Involvement of elements from the 
Russian government is suspected by some, though there's nothing by way 
of evidence that the Kremlin had a hand in the assaults.

Nazario, a senior security researcher at Arbor Networks, has documented 
how botnets have featured in more recent politically motivated DDoS 
events. Attacks on the Ukrainian pro-Russian site of the Party of 
Regions, a party led by the Ukrainian Prime Minister Viktor Yanukovych, 
over the last three months were traced by Nazario back to networks of 
compromised machines.

Earlier DDoS attacks against the site of Ukraine President Viktor 
Yushchenko, a moderate Ukrainian nationalist, were not traced back to 
botnet activity.

Last week, Nazario traced attacks on the site of Gary Kasparov, famed 
Russian chess grand master turned anti-establishment politician, and 
namarsh.ru, another dissident site, back to a botnet. Both targeted 
sites seem to have weathered the assault largely unscathed (though the 
graphics on Kasparov's site failed to load properly).

The motives, much less the perpetrators, of the attacks remain unclear. 
"I can dream up scenarios where Russian hackers attack Russian dissident 
websites and politicians websites (and why, for example, a Ukrainian 
site that is pro-Russian is attacked), but I dont know who is at the 
keyboard," Nazario writes. "Ill keep watching these attacks and seeing 
what I can figure out, but so far its just a matter of guessing at 
motivations."


__________________________________________________________________      
Visit InfoSec News
http://www.infosecnews.org/



This archive was generated by hypermail 2.1.3 : Sun Dec 16 2007 - 22:30:42 PST