Inside Cyber Warfare - Jeffrey Carr [57]
An HTTP-query DDoS eats up a server’s resources by sending more hits than it can process to its website.
The frailties of the networks involved didn’t factor into Cyxymu’s thinking on the subject. Cyxymu, a Georgian professor who blogs in Russian, is convinced that the impact of the attacks (knocking three large services offline) is evidence that the Russian government is behind it. According to an article in the Guardian on August 7, 2009, Cyxymu told the reporter:
“Maybe it was carried out by ordinary hackers but I’m certain the order came from the Russian government,” said the blogger, whose moniker is a Latin version of the Russian spelling of Sukhumi, the capital of Georgia’s other breakaway republic, Abkhazia.
“An attack on such a scale that affected three worldwide services with numerous servers could only be organised by someone with huge resources.”
To date, none of the individuals responsible has been identified, but there remains a great deal of animosity between the two countries.
There was a definite lack of chatter on Russian hacker forums about this incident—which is quite different from the Russia-Georgia cyber war of 2008—implying that this was more likely to be a locally contained feud orchestrated by a small group of individuals rather than the rallying call to cyber arms that was seen previously.
The lack of chatter and the virulent animosity that such an attack demonstrated led Project Grey Goose investigators to look at the possible involvement of Russian youth associations, which have been linked to the Estonia and Georgia attacks, as well as attacks against anti-Kremlin websites, organizations, and individuals.
PGG research revealed that Georgia is still a highly volatile issue among some Nashi members. Eurasia.net reported that a motorcade of five vehicles containing approximately 20 Nashi members were stopped by Georgian authorities as they attempted to cross into the country on April 15, 2009. Nashi “commissar” Aleksandr Kuznetsov was detained and questioned about the group’s plans. Kuznetsov produced a letter from Vasili Yakemenko, head of Russia’s Committee for Youth Affairs, which endorsed the motorcade’s mission and asked Russian officials who came into contact with Kuznetsov to assist him. Yakemenko is a former Nashi leader and the creator of another Russian youth group, Walking Together, established in May 2000.
This incident on the Georgian border was preceded by a Nashi-organized protest at the Georgian embassy in Moscow on April 9, 2009, the day before the motorcade left Moscow for Tbilisi. In addition, according to Georgian authorities who interviewed Kuznetsov, some of the 20 Nashi members were armed with weapons and were prepared to engage Georgian authorities on the border if prevented from reaching their destination.
The animosity against Georgian blogger Cyxymu is longstanding, with the first DDoS attack occurring in October 2008, which also knocked LiveJournal offline. The fact that he has a wide readership and blogs in Russian makes him a popular target for anti-Georgian factions within Russia.
By taking a closer look at the historical record, Project Grey Goose investigators were able to better refine the players involved and make a more informed assessment of who was behind the attacks and why. Investigators concluded that this was a likely Nashi-orchestrated action against a highly visible and controversial blogger, symbolizing their anti-Georgian position on the anniversary of the Russia-Georgia war. The fact that it brought down two social networks in the process was more a reflection of Twitter and LiveJournal’s fragile architecture than the power of the attack.
Ingushetia Conflict, August 2009
Ingushetia is one of the poorest, most corrupt, and violent of the