Cyber Attacks, Internet Filtering Widespread In Caucasus Conflict
Detailed instructions on how to attack the U.S.-hosted Georgian president’s Web site hit the blogosphere Tuesday night, leading to a sharp rise in attacks against the site’s host, Tulip Systems, of Atlanta, officials said. Other attacks and filtering of Russian-language Web sites in the Republic of Georgia continued Wednesday as military operations declined. Several U.S.-based Web hosting companies may be targeted, they said.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
Censorship of Russian media sites in Georgia expanded despite the reduction in hostilities, the OpenNet Initiative said. Subscribers of Caucasus Online haven’t had access to Russian media sites on the .ru domain since Saturday, the Initiative said. A second Georgian ISP was also filtering, it said. The Georgian Academic and Research Network took similar measures, the Initiative said. Whether the filtering was ordered by the management or the government is being investigated, it said.
“Russian hackers” attacked the U.S.-hosted www.day.az, www.today.az and ans.az Monday and Tuesday, said Emin Akhundov, a team member on the Azerbaijani CERT, citing informed sources and local media. The attacks on Azerbaijani Web sites were limited to the three news outlets, he said. Logs of the attacks weren’t available, said Akhundov, who contacted colleagues running the Web sites. The system administrator of ans.az said the logs had been deleted, Akhundov said. No other attacks were reported in Azerbaijan, he said.
Russian Web sites, mostly information services, were also attacked, Akhundov said. Regnum.ru, www.izvesia.ru, www.rian.ru and a few others were targeted, he said, citing Russian online media and the OpenNet Initiative, which he also works with. The Russian mission to the United Nations in Geneva directed queries to it Web site, but it didn’t have a statement. The Russian Ministry of Information’s Web site was down Wednesday afternoon. Calls to the general phone number at the Russian Ministry for Information Technologies and Communications did not go through. The Ukrainian Ministry of Foreign Affairs is preparing a statement on reports of attacks against news agencies in its country, an official said.
Day.az didn’t respond to Akhundov’s request for information, he said. Officials at ans.az said the two attacks weren’t serious, he said. Their decision to immediately delete the logs is curious as logs are usually stored at least for weeks and in some cases backed up, Akhundov said. Day.az didn’t reply to his email request for information, Akhundov said. The www.ans.az news site was also attacked, Baimov said. Ans.az is hosted by GoDaddy, according to an Arin.net Whois lookup of a ping of the Web site. GoDaddy security and privacy policies forbid discussing attacks against its network, officials said.
“Russian hackers… regulated by government security services, not military” essentially killed all Georgian news sites, said Elnur Baimov, editor-in-chief of Day.Az, an Azerbaijani news agency. The security services used the same tactics during the war in Chechnya, Baimov said. Attacks were dropping late Wednesday, Baimov said.
Day.az is the most visited Russian language site in the south Caucasus, Baimov said. “Immediately, we became a target from Russian side” of a massive distributed denial of service attack that shut down the U.S.-based servers for several hours, he said. Day.az and today.az, also attacked, are hosted by SoftLayer, Inc., according to an Arin whois lookup of Web site pings. The IP address is routed to a Network Solutions data center in Dallas, which is probably owned by Verizon, a knowledgeable source said. Softlayer did not respond to voicemail messages.
Attacks on Tulip System’s U.S. servers hosting the Georgian president’s Web site got fiercer after Tuesday, said Tom Burling, acting chief executive of Web-hosting firm Tulip Systems. The attacks reached “an overwhelming point,” said Burling, who spent much of the night shoring up the company’s systems. A request circulating the blogosphere is asking the public “to flood Georgian government Web sites,” he said. “The instructions are extremely detailed as far as which Web sites to take down,” Burling said. The continuing initial attack is augmented by reinforcements, he said. Initially, the attacks on Tulip Systems gear came from Russia, primarily from near St. Petersburg, he said. “Now we're seeing them frankly out of all of Central Asia,” the former Soviet Union countries and even a few from China, Burling said. “I'm sure they're not backing what’s going on but their servers are being used” to circumvent “the normal national defenses as far as being able to block IP suffixes,” Burling said.
Estonian security experts arrived Wednesday in Georgia, said David Tabatadze of the Georgian Research and Educational Networking Association and the Georgian Computer Emergency Response Team. More-detailed information is being gathered for future study, Tabatadze said. IP addresses from many countries were involved in the attacks, Tabatadze said. The Web site of the Georgian Ministry of Foreign Affairs is now hosted in Estonia, Tabatadze said.