|
|
1) Spread of DDoS to include Cyber-censorship and cyber-terrorism/war
In May 2007 either the biggest instance of cyber-terrorism, or the first instance of cyber-war occurred. The Estonian government moved a Russian World War 2 statue, amid huge protest from Russia and Russians within Estonia. Shortly afterwards, Estonian government websites, Estonian banks, and Estonian VoIP infrastructure were taken offline for a couple of weeks from DDoS attacks. The only way Estonia could get their sites back up was to block all traffic outside Estonia. Your readers may have read the headlines so no point re-hashing old info, but what didn’t make the news is that there were chat rooms in Russia promoting the download of software to have your laptop ‘join the attacking force against Estonia’ - first instance of volunteer DDoS recruitment that I've heard of.
Around the same time as the attacks on Estonia were taking place, DDoS attacks on Russian online media / opposition political party websites started, and continue to this day. Putin is pretty well known to not be an advocate of free speech, and this is a logical extension of his policy of shutting down independent physical newspaper operations. It has also started to spread outside of Russia – the Daily Telegraph of the UK ran an anti-Putin report a month ago and was taken offline from a DDoS attack until they found Prolexic. This cyber-censorship trend will likely be copied by other regimes in the future (would think Venezuela for one).
DDoS is particularly suited to either of these activities; the target can be attacked immediately with an available botnet, and as tracking down the command and control server becomes harder, the attackers more easily maintain their anonymity. The Russian government was accused of aiding the Estonian attack but denied any knowledge, saying that attacking IPs within the Kremlin were spoofed.
2) Interesting visitor stats
If you type 'ddos' into google, we tend to come up first under the sponsored links (nothing exciting there as we pay for the privilege). We've been tracking who comes to our sites for a few months now, for marketing effectiveness purposes.
We believe that a percentage of our hits come from potential attackers wanting to learn how to create a DDoS attack. We believe this more strongly when there is a large percent of 'bounced' visits - people spending less than a minute on our site. One plausible explanation is that the visitor realizes that we're DDoS defense vs DDoS offense, and moves on. Since we've began tracking it, we've had a huge number of hits from China (where DDoS has become a well-known business - whether botnets for hire or scripts for sale to create-your-own-botnet). As penalties for attacking intra-China vs externally to China are vastly different (execution for an intra-China attack vs a letter then maybe a small fine for attacking a foreign country), our feeling is that many of the Chinese hits are of a 'how to DDoS' variety.
We noticed a 100% increase in visits from Russia in February this year - 2 months before the cyber-censorship/terrorism attacks detailed above.
Between May and June 2007, the majority of our website visits are either coming from China or from three cities: Rabat Morocco, Riyadh Saudi Arabia, and Istanbul Turkey. May 2007 in comparison to Dec 2006 visitor stats to Prolexic's website are:
Rabat - 3900% increase in hits
Riyadh - 2700% increase in hits
Istanbul - 900% increase in hits
Morocco and Saudi Arabia are known recruitment areas for al-Qaeda. I don't know what Turkey might mean, except that when we helped the FBI put a Russian DDoS extortionist in jail a few years back, we were told that the rest of the group fled to Turkey, and we have seen attacks out of Turkey since.
Of course, all of the above could have some other explanation, and we don't have enough correlated data to be statistically significant (i.e. Russian visits > Russian based DDoS attacks). However, we may also be heading for some interesting times in the realm of DDoS. We’ve approached some law enforcement agents but haven’t really heard much back – if you have law enforcement contacts that would be interested, I’d be happy to give them more details.
Kind regards
Keith Laslop
President
www.prolexic.com
|
|
|
 |
|
No Comments Allowed for Anonymous, please register |
|
| |
|
Login |
|
 |
|
|
|
|
· New User? · Click here to create a registered account.
|
|
|
Article Rating |
|
|
|
|
|
|
Average Score: 4.66
Votes: 9
|
|
|
