The Patriot Files Forums  

Go Back   The Patriot Files Forums > Warfare > Cyber

Post New Thread  Reply
 
Thread Tools Display Modes
  #1  
Old 08-12-2008, 12:26 PM
David's Avatar
David David is offline
Administrator
 

Join Date: Aug 2001
Posts: 46,797
Distinctions
Special Projects VOM Staff Contributor 
Default Russian hackers continue attacks on Georgian sites

AP


NEW YORK - Attacks by Russian hackers against Georgian Web sites, including one hosted in the United States, continued Tuesday even as Russian President Dmitri Medvedev ordered a halt to hostilities against Georgia.

Tom Burling, acting chief executive of Atlanta-based Web-hosting firm Tulip Systems Inc., said the Web site of the president of Georgia was the target of a flood of traffic from Russia aiming to overwhelm the site. Burling said bogus traffic outnumbered legitimate traffic 5000 to 1 at president.gov.ge.

"Literally, our people aren't getting any sleep," Burling said.

Tulip's firewall was blocking most of the malicious traffic. The site has been periodically inaccessible, though it was working midday Tuesday. Burling said the attacks have been reported to the FBI.

The site was transferred from servers in Georgia, the small nation south of Russia, on Saturday. Georgian-born Nino Doijashvili, Tulip's chief executive and founder, happened to be in the country on vacation when fighting broke out Thursday. Doijashvili offered help to the government when it became apparent that Russian hackers were getting the upper hand, shutting down several government and news sites.

The U.S.-based Shadowserver Foundation, which tracks Internet attacks, said they had noticed commands to attack Georgian sites being issued over the weekend to "botnets," or networks of computers that have been surreptitiously subverted by hackers. The computers are used to send bogus traffic to targeted sites, slowing them or in some cases bringing them down.

The same botnets are also targeting Russian news sites and the Web site of Gary Kasparov, the Russian chess player and political activist, according to Steven Adair at Shadowserver.

On Monday, hackers took over the Web site of Georgia's parliament and replaced it with an image that drew parallels between Georgian president Mikhail Saakashvili and Adolf Hitler, Adair said.
sendpm.gif Reply With Quote
Sponsored Links
  #2  
Old 08-12-2008, 04:48 PM
Waffa's Avatar
Waffa Waffa is offline
Junior Member
 

Join Date: Aug 2008
Location: Web Wide World
Posts: 26
Default

"Tulip's firewall was blocking most of the malicious traffic. The site has been periodically inaccessible, though it was working midday Tuesday. Burling said the attacks have been reported to the FBI." - well, FBI knows its a laugh because they can not to anything against RBN (russia skilled hackers + (real)mafia - protected by russian goverment)
__________________
It's nice to be important, but it's more important to be nice! :)
sendpm.gif Reply With Quote
  #3  
Old 08-12-2008, 05:19 PM
Waffa's Avatar
Waffa Waffa is offline
Junior Member
 

Join Date: Aug 2008
Location: Web Wide World
Posts: 26
Default

"
Starting last Saturday, and appearing to have ended recently, the President of Georgia's governmental website has been hit hard by sustained distributed denial of service (DDoS) attacks.
The unwanted network activity has come from one (or more) big botnets directed by a HTTP based command and control server based in US. This server used a bot-herding tool called MachBot, to flood www.president.gov.ge with HTTP, ICMP and TCP DDoS attacks. The website, inundated with connection requests, was shutdown for a period of time, but is now back online. Apparently the host site for the C&C server began blocked its network access. Security specialists from the Shadowserver Foundation suppose that the C&C server has only been up for a few weeks, and has only ever been used in this DDoS campaign.
There is no hard evidence that the instigators behind these attacks were affiliated with the Russian government. Quite possibly, the attackers could have been politically motivated (and bored) teenagers. However this recent attack follows in the footsteps of similar DDoS campaigns that took place against a number of Lithuanian sites last month, not to mention the Great Estonia Cyber-War of 2007, and before that, the attacks against the democracy-leaning Ukrainian government (led by the dioxin-poisoned President Viktor Yuschenko), which has endeavored to gain favor with the NATO states."

"
The C&C server involved in these attacks is on the IP address 207.10.234.244, which is subsequently located in the United States. Beaconing traffic from your network to this host may indicate that you have infected machines on your network and are most likely participating in this DDoS attack. We would recommend blocking and/or monitoring for traffic to this address.
Update (7/20/2008: 1:36 PM EST): It appears the host site for 207.10.234.244 has taken action against this system and appears to now be blocking access to it. However, the server being targeted by the C&C is still unreachable.
Update (8/10/2008: 10:34 AM EDT): With the recent events in Georgia, we are now seeing new attacks against .ge sites. www.parliament.ge & president.gov.ge are currently being hit with http floods. In this case, the C&C server involved is at IP address 79.135.167.22 which is located in Turkey. We are also observing this C&C as directing attacks against www.skandaly.ru. Traffic from your network to this IP or domain name of googlecomaolcomyahoocomaboutcom.net may indicate compromise and participation in these attacks. [SemperSecurus]"

http://www.shadowserver.org/wiki/pmw...endar.20080720



Comments:
Thomas Burling
"Just trying to get the word out. Because of the conflict between Russia and the Republic of Georgia we are getting hammered. We broadcast, for expatriots, three Georgian television stations and a special announcement site for the Georgian President Mikhail Saakashvili (president.gov.ge) if you are carrrying any Georgian based material be careful, we are receiving attacks all across the spectrum, not only on our Georgian websites but all of our issued IPs. Fortunately we have the equipment and technicians who can handle it.

We agreed to host the President's site because Russian hackers had taken down the entire internet in Georgia. These people are nuts. Our techs are getting no sleep at all. It's one thing to attack the .ge site. It is another to take our table out of ARIN and try to take the whole network down."
"We agreed to host the President's site because Russian hackers had taken down the entire internet in Georgia. These people are nuts. Our techs are getting no sleep at all. It's one thing to attack the .ge site. It is another to take our table out of ARIN and try to take the whole network down."

(ARIN - The American Registry for Internet Numbers )

Russian Business Network (RBN) http://rbnexploit.blogspot.com/

Target list for RBN: http://3.bp.blogspot.com/_SvDjzn4xfy...ite+081008.jpg
__________________
It's nice to be important, but it's more important to be nice! :)
sendpm.gif Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Similar Threads
Thread Thread Starter Forum Replies Last Post
Iran Worried Over Georgian Conflict darrels joy General Posts 2 08-11-2008 05:36 PM
Colonel suggests using hackers' tool against them David Cyber 1 08-11-2008 03:46 PM
Good Hackers? HARDCORE General Posts 3 12-31-2004 01:53 PM
Georgian soldiers willing pupils as U.S. troops take time to teach thedrifter Marines 0 10-15-2003 06:04 AM
Hackers Steal 13,000 Credit Card Numbers Navy Says No Fraud Has Been Noticed thedrifter Marines 2 08-23-2003 12:57 PM

All times are GMT -7. The time now is 11:26 PM.


Powered by vBulletin, Jelsoft Enterprises Ltd.