lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CBEGIFDHGBLGDCJDOKAPMEODDBAA.viktor.larionov@salva.ee>
Date: Wed, 13 Aug 2008 08:43:23 +0300
From: "Viktor Larionov" <viktor.larionov@...va.ee>
To: <bugtraq@...urityfocus.com>, <full-disclosure@...ts.grok.org.uk>,
	<funsec@...uxbox.org>
Subject: Re: Internet attacks against Georgian web sites

Hi all,

As a comment to Gadi's story: it's not nice to accuse anyone if it's still
not clear who's behind all this and what is really happening.
As a matter of fact, personally I trust Saakashvili allmost the same as I
trust Medvedev - i'd bet both sides try to make themselves "white and fluffy
bunny rabbits being bullied by the opposite side".
I would say, it's too early to make anykind of conclusions or tell anykind
of facts - a serious media-war is going on, and if you ask me - it's the
only fact which we may trust.
As an example you can switch CNN or SkyNews, and then for example switch to
ORT or NTV (Russia's first and second biggest channels) - it's two 100%
diametric positions with different facts, different oppinions and different
pictures.

I suppose it's wiser not to start stories on cyberwar and just wait until
both sides cool down - to see what was really behind all that: mr.
Saakashvili's fantasy or a serious act of cyber warfare.
By the way, Lithuanians are not the case, seriously, it was an internal act
of lithuanian kiddie-comrades as far as I know, and has nothing to do with
cyber warfare.

As a matter of fact I would add another fact as point 5. to your list, more
of a humrous type, possibly everybody already know this, but just in case:
5. Georgian Foreign ministry let's say "moved" their website to Blogsport.
:)
    http://cabalamat.wordpress.com/2008/08/12/georgian-foreign-ministry-news
-service/

    I will not be suprised if in some time the Saakashvili will make his
official e-mail adress: mr.saakashvili.the.president.of.georgia@...mail.com
:)


Kindest regards,
Viktor

-----Original Message-----
From: Gadi Evron [mailto:ge@...uxbox.org]
Sent: Monday, August 11, 2008 9:40 AM
To: bugtraq@...urityfocus.com
Cc: full-disclosure@...ts.grok.org.uk; funsec@...uxbox.org
Subject: Internet attacks against Georgian web sites


In the last days news and government web sites in Georgia suffered DDoS
attacks. While these attacks seem to affect the Georgian Internet, it is
still
there.

Facts:
1. There are botnet attacks against .ge websites.
2. These attacks affect the .ge Internet infrastructure, but it's reachable.
3. It doesn't seem Internet infrastructure is directly attacked.
4. Every other political tension in the past 10 years, from a comic of the
Prophet Muhammad to the war in Iraq, were followed by online supporters
attacking targets which seem affiliated with the opposing side, and
vise-versa.

Up to the Estonian war, such attacks would be called "hacker enthusiast
attacks" or "cyber terrorism" (of the weak sort). Nowadays any attack with a
political nature seems to get the "information warfare" tag. When 300
Lithuanian web sites were defaced last month, "cyber war" was the buzzword.

Running security for the Israeli government Internet operation and later the
Israeli government CERT such attacks were routine, and just by speaking on
them
in the local news outlets I started bigger so-called "wars" when enthusiasts
responded in the story comments and then attacks the "other side".

Not every fighting is warfare. While Georgia is obviously under a DDoS
attacks
and it is political in nature, it doesn't so far seem different than any
other
online after-math by fans. Political tensions are always followed by online
attacks by sympathizers.

Could this somehow be indirect Russian action? Yes, but considering Russia
is
past playing nice and uses real bombs, they could have attacked more
strategic
targets or eliminated the infrastructure kinetically.

Coulda, shoulda… the nature of what's going on isn't clear, but until we
are
certain anything state-sponsored is happening on the Internet it is my
official
opinion this is not warfare, but just some unaffiliated attacks by Russian
hackers and/or some rioting by enthusiastic Russian supporters.

It is too early to say for sure what this is and who is behind it.

The RBN blog (following the Russian Business Network) is of a different
opinion:
http://rbnexploit.blogspot.com/2008/08/rbn-georgia-cyberwarfare.html
and:
http://rbnexploit.blogspot.com/2008/08/rbn-georgia-cyberwarfare-2-sat-16-00.
html

Also, Renesys has been following the situation and provides with some data:
http://www.renesys.com/blog/2008/08/georgia_clings_to_the_net.shtml

(Thanks to Paul Ferguson for the URLs)

DDoS attacks harm the Internet itself rather than just this or that web
site,
so soon this may require some of us in the Internet security operations
community getting involved in mitigating the attacks, if they don't just
drop
on their own.

Gadi Evron.

--
"You don't need your firewalls! Gadi is Israel's firewall."
     -- Itzik (Isaac) Cohen, "Computers czar", Senior Deputy to the
Accountant General,
        Israel's Ministry of Finance, at the government's CIO conference,
2005.

     (after two very funny self-deprication quotes, time to even things up!)

My profile and resume:
http://www.linkedin.com/in/gadievron

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ