|
Home | Forums | Gallery | Register | Video Directory | FAQ | Members List | Calendar | Games | Today's Posts | Search | Chat Room |
|
Thread Tools | Display Modes |
#1
|
||||
|
||||
Russian hackers continue attacks on Georgian sites
AP
NEW YORK - Attacks by Russian hackers against Georgian Web sites, including one hosted in the United States, continued Tuesday even as Russian President Dmitri Medvedev ordered a halt to hostilities against Georgia. Tom Burling, acting chief executive of Atlanta-based Web-hosting firm Tulip Systems Inc., said the Web site of the president of Georgia was the target of a flood of traffic from Russia aiming to overwhelm the site. Burling said bogus traffic outnumbered legitimate traffic 5000 to 1 at president.gov.ge. "Literally, our people aren't getting any sleep," Burling said. Tulip's firewall was blocking most of the malicious traffic. The site has been periodically inaccessible, though it was working midday Tuesday. Burling said the attacks have been reported to the FBI. The site was transferred from servers in Georgia, the small nation south of Russia, on Saturday. Georgian-born Nino Doijashvili, Tulip's chief executive and founder, happened to be in the country on vacation when fighting broke out Thursday. Doijashvili offered help to the government when it became apparent that Russian hackers were getting the upper hand, shutting down several government and news sites. The U.S.-based Shadowserver Foundation, which tracks Internet attacks, said they had noticed commands to attack Georgian sites being issued over the weekend to "botnets," or networks of computers that have been surreptitiously subverted by hackers. The computers are used to send bogus traffic to targeted sites, slowing them or in some cases bringing them down. The same botnets are also targeting Russian news sites and the Web site of Gary Kasparov, the Russian chess player and political activist, according to Steven Adair at Shadowserver. On Monday, hackers took over the Web site of Georgia's parliament and replaced it with an image that drew parallels between Georgian president Mikhail Saakashvili and Adolf Hitler, Adair said. |
Sponsored Links |
#2
|
||||
|
||||
"Tulip's firewall was blocking most of the malicious traffic. The site has been periodically inaccessible, though it was working midday Tuesday. Burling said the attacks have been reported to the FBI." - well, FBI knows its a laugh because they can not to anything against RBN (russia skilled hackers + (real)mafia - protected by russian goverment)
__________________
It's nice to be important, but it's more important to be nice! :)
|
#3
|
||||
|
||||
"
Starting last Saturday, and appearing to have ended recently, the President of Georgia's governmental website has been hit hard by sustained distributed denial of service (DDoS) attacks. The unwanted network activity has come from one (or more) big botnets directed by a HTTP based command and control server based in US. This server used a bot-herding tool called MachBot, to flood www.president.gov.ge with HTTP, ICMP and TCP DDoS attacks. The website, inundated with connection requests, was shutdown for a period of time, but is now back online. Apparently the host site for the C&C server began blocked its network access. Security specialists from the Shadowserver Foundation suppose that the C&C server has only been up for a few weeks, and has only ever been used in this DDoS campaign. There is no hard evidence that the instigators behind these attacks were affiliated with the Russian government. Quite possibly, the attackers could have been politically motivated (and bored) teenagers. However this recent attack follows in the footsteps of similar DDoS campaigns that took place against a number of Lithuanian sites last month, not to mention the Great Estonia Cyber-War of 2007, and before that, the attacks against the democracy-leaning Ukrainian government (led by the dioxin-poisoned President Viktor Yuschenko), which has endeavored to gain favor with the NATO states." " The C&C server involved in these attacks is on the IP address 207.10.234.244, which is subsequently located in the United States. Beaconing traffic from your network to this host may indicate that you have infected machines on your network and are most likely participating in this DDoS attack. We would recommend blocking and/or monitoring for traffic to this address. Update (7/20/2008: 1:36 PM EST): It appears the host site for 207.10.234.244 has taken action against this system and appears to now be blocking access to it. However, the server being targeted by the C&C is still unreachable. Update (8/10/2008: 10:34 AM EDT): With the recent events in Georgia, we are now seeing new attacks against .ge sites. www.parliament.ge & president.gov.ge are currently being hit with http floods. In this case, the C&C server involved is at IP address 79.135.167.22 which is located in Turkey. We are also observing this C&C as directing attacks against www.skandaly.ru. Traffic from your network to this IP or domain name of googlecomaolcomyahoocomaboutcom.net may indicate compromise and participation in these attacks. [SemperSecurus]" http://www.shadowserver.org/wiki/pmw...endar.20080720 Comments: Thomas Burling "Just trying to get the word out. Because of the conflict between Russia and the Republic of Georgia we are getting hammered. We broadcast, for expatriots, three Georgian television stations and a special announcement site for the Georgian President Mikhail Saakashvili (president.gov.ge) if you are carrrying any Georgian based material be careful, we are receiving attacks all across the spectrum, not only on our Georgian websites but all of our issued IPs. Fortunately we have the equipment and technicians who can handle it. We agreed to host the President's site because Russian hackers had taken down the entire internet in Georgia. These people are nuts. Our techs are getting no sleep at all. It's one thing to attack the .ge site. It is another to take our table out of ARIN and try to take the whole network down." "We agreed to host the President's site because Russian hackers had taken down the entire internet in Georgia. These people are nuts. Our techs are getting no sleep at all. It's one thing to attack the .ge site. It is another to take our table out of ARIN and try to take the whole network down." (ARIN - The American Registry for Internet Numbers ) Russian Business Network (RBN) http://rbnexploit.blogspot.com/ Target list for RBN: http://3.bp.blogspot.com/_SvDjzn4xfy...ite+081008.jpg
__________________
It's nice to be important, but it's more important to be nice! :)
|
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Iran Worried Over Georgian Conflict | darrels joy | General Posts | 2 | 08-11-2008 04:36 PM |
Colonel suggests using hackers' tool against them | David | Cyber | 1 | 08-11-2008 02:46 PM |
Good Hackers? | HARDCORE | General Posts | 3 | 12-31-2004 12:53 PM |
Georgian soldiers willing pupils as U.S. troops take time to teach | thedrifter | Marines | 0 | 10-15-2003 05:04 AM |
Hackers Steal 13,000 Credit Card Numbers Navy Says No Fraud Has Been Noticed | thedrifter | Marines | 2 | 08-23-2003 11:57 AM |
|