Russia blamed for cyber terror blitz

Support truly
independent journalism

Support Now

Find out moreClose

Our mission is to deliver unbiased, fact-based reporting that holds power to account and exposes the truth.

Whether $5 or $50, every contribution counts.

Support us to deliver journalism without an agenda.

Louise Thomas

Editor

Russian hackers have been accused of being behind an enormous cyber attack which temporarily shut down two of the world's most popular social networking sites in order to silence a Georgian blogger who is critical of Moscow's policies in the Caucasus.

Twitter went offline for several hours on Thursday whilst Facebook and Livejournal suffered major slowdowns following a large distributed denial-of-service (DDOS) attack which flooded their networks. The attacks are believed to have been aimed at a 34-year-old Georgian economics lecturer who has written blogs critical of Russia's military presence in the area.

Hackers use DDOS attacks to flood a website's servers with communication requests from a network of thousands of compromised computers, forcing the website to temporarily shut down. The paralysing effect of the attack, which severely compromised two websites that are regularly used by political dissidents, has raised fresh questions over the vulnerability of internet and the growing potential of cyber warfare as an effective weapon.

As Facebook and Twitter launched investigations yesterday into where the attack on their site originated, a blogger who writes under the name of "Cyxymu" announced that he had been the first target of the attack.

Speaking to reporters yesterday the blogger, who only gave his first name, Georgy, pointed the finger of blame at the Russian government. "Maybe it was carried out by ordinary hackers but I'm certain the order came from the Russian government," he said. "An attack on such a scale that affected three worldwide services with numerous servers could only be organised by someone with huge resources."

Max Kelly, Facebook's chief security officer, refused to be drawn over where the attack came from but he did confirm that the original target was Cyxymu – whose name is a latinised version of the Russian spelling of Sukhumi, the capital of the Georgian breakaway republic, Abkhazia.

"It was a simultaneous attack across a number of properties targeting him to keep his voice from being heard," said Mr Kelly. "You have to ask who would benefit from doing this and think about what those people are doing and the disregard for the rest of the users and the internet."

In recent years DDOS attacks have become increasingly used by both criminal networks and, security experts suspect, foreign governments to either extort money from crippled networks or silence political dissidence. Earlier this summer the Government confirmed that the largest cyber threats against Britain come from hackers in Russia and China and announced the creation of a "cyber security operations centre" to counter the threat. Barack Obama has also made cyber-based enemies a national security priority and has set up his own "cyber security office" which was hit by a DDOS attack earlier this year.

Rik Fergusson, a cyber security expert at Trend Micro, said a DDOS attack relies on a network of thousands of compromised computers which can only be accessed with large amounts of preparation or rented from organised criminal syndicates.

"You either have to have lots of money to rent the network or you need to have put in a lot of groundwork to hack into and compromise the machines that do the attack on your behalf," he said. "Once you have that together, launching the actual attack can be done from a simple netbook. Either way we are seeing a lot more of these attacks and will continue to do so."

When fighting broke out between Georgia and Russia last summer over the breakaway republic of South Ossetia, the Russian advance was complimented by a giant DDOS attack on many of the Georgian government's websites which made it difficult for ministries to co-ordinate the war.

The Dalai Lama asked Canadian investigators to inspect the Tibetan government-in-exile's computers after suspecting that the Chinese government had infiltrated their systems. In March the investigators announced that they had uncovered a vast espionage network run out of China which had infiltrated 1,295 computers in 103 countries. The so-called "Gh0stnet" spying operation had resulted in the theft of documents from scores of computers belonging to embassies, foreign ministries and government offices around the world.

The attack: How it was done

By Jack Riley

*Though the phrase "distributed denial-of-service attack" may conjure up images of striking Tube drivers, its true meaning was revealed yesterday when hackers brought swathes of the internet to a standstill; and if you have ever visited a sketchy website or clicked on a dodgy link in an email, then you may have been involved in it.

As the BBC Click programme demonstrated in an experiment of dubious legality a few months ago, when the few essential ingredients needed to carry out a "DDOS" attack are in place, the disruption can be catastrophic.

Members of the internet's criminal underworld bought from a forum a "botnet" – a network of thousands of computers infected with software downloaded without the users' knowledge. The computers are "zombified" on command by the software and instructed, en masse, to bombard websites with requests so numerous that the sites often end up offline.

A botnet of 1.9m machines was found in April and included infected computers belonging to 77 governments as well as to home users. It was hired out by a gang of cyber mercenaries, at a rate of $100 for 1,000 computers, to those keen to stage large-scale attacks capable of bringing down some of the world's best-protected sites.

Attacks on government sites and state infrastructure have become a worrying new front in warfare, most prominently in the Russia-Georgia conflict, but an attack focusing massive resources on silencing an individual, is, so far, mercifully rare.