Перейти к содержанию

Кибератаки на Грузию: кто виноват?


Рекомендуемые сообщения

Кибератаки на Грузию: кто виноват?

15.08.08, Пт, 11:48, Мск, Текст: Антон Труханов / Фото: Reuters

 

Мнения экспертов об источнике атак на сайты Грузии разделились: некоторые считают, что это дело рук энтузиастов, а другие подозревают сеть Russian Business Network (RBN), известную за рубежом в качестве «рассадника киберпреступности».

Специалисты в области интернет-безопасности по всему миру пытаются разобраться в том, кто несет ответственность за атаки на большинство правительственных сайтов Грузии. Тогда как представители грузинской стороны обвиняют во всем Россию, многие эксперты склонны считать, что за этим может стоять сеть Russian Business Network (RBN), которую за рубежом считают «рассадником киберпреступности».

 

По мнению Гади Эврона (Gadi Evron), известного специалиста в этой сфере и основателя компании Computer Emergency Response Team, атакующие скорее являются националистически настроенными энтузиастами, чем организованными криминальными группировками.

 

«Не каждый бой можно назвать войной. Хотя сейчас Грузия находится под DDoS-атакой, которая по своей природе является политической, это больше похоже на обычную реакцию пользователей. Политическое напряжение всегда вызывает интернет-атаки со стороны энтузиастов. Поэтому я считаю, что это не война, а просто никем не санкционированные атаки российских хакеров», — считает он.

 

 

 

Полная версия статьи

Ссылка на комментарий
Поделиться на другие сайты

Я дико извиняюсь. Автор сего опуса видел DDoS? Или боты теперь имеют национальную принадлежность? Вообщем имечко у эксперта показательное. Пиарится на войне и "типа модной" теме, ну надо быть полным ГадиЕвроном

Ссылка на комментарий
Поделиться на другие сайты

Я дико извиняюсь. Автор сего опуса видел DDoS? Или боты теперь имеют национальную принадлежность? Вообщем имечко у эксперта показательное. Пиарится на войне и "типа модной" теме, ну надо быть полным ГадиЕвроном

 

Ну, что вы хотите - израильтянин. Но это вроде бы вполне серьезный специалист.

Вот оригинал его письма (сорри, что-то архива Full-Disclosure не пробиться), на которое ссылаются.

там есть про него самого

While Georgia's suffering is real, such attacks are nothing but routine here in Israel. When I ran the defense for the Israeli government Internet operation and then the Israeli government CERT, such attacks would occur daily. Hackers on the other side would band together, talk, coordinate a date, exchange tools, and attack.

 

 

This is an update of my previous post on the subject.

 

To be honest here, no one truly knows whats going on in Georgia's Internet except for what can be glimpsed from outside, and what has been written by the Georgians on their blog (http://georgiamfa.blogspot.com/2008/08/cyber-attacks-disable-georgian-websites.html

outside their country). They are probably a bit busy avoiding kinetic bombing.

 

As mentioned in the previous post, Renesys has been following the Georgian links, which seem to be there, but occasionally drop due to possibly power failures. Renesys URL here:

http://www.renesys.com/blog/2008/08/georgi...o_the_net.shtml

 

Shadowserver and others have been following the botnets attacking the Georgians web sites, and that is confirmed as happening. Shadowserver was quoted, here:

http://www.computerworld.com/action/articl...;intsrc=hm_list

 

According to Dancho Danchev, there have also been some defacements, which he describes here, along with other conclusions I don't necessarily agree

with: http://blogs.zdnet.com/security/?p=1670

 

So--it is clear their web sites are under attack, and that Internet visibility-wise, the impact is real for the Georgians. And yet, it is simply too early and there is not enough information to call this an Internet war. It is too early to establish motive or who the perpetrator is, however much we may want to point fingers.

 

Following every and any political or ethnic tension, world-wide, an online aftermath comes, in the form of attacks, defacements, and enthusiast hackers swearing at the other side (which soon does the same, back).

 

While Georgia's suffering is real, such attacks are nothing but routine here in Israel. When I ran the defense for the Israeli government Internet operation and then the Israeli government CERT, such attacks would occur daily. Hackers on the other side would band together, talk, coordinate a date, exchange tools, and attack.

 

While I apologize for the analogy, post-9/11 Israelis were shocked. We were sympathizing and crying for the victims. What we did not understand was why people were still shocked ten minutes past, as this was a normal every-day life happening for us over here. The same applies for cyber-space, the Internet--we are used to this.

 

The difference in this attack was that the Georgian authorities, like numerous others around the world still aren't, were not prepared to face and fend against such an attack.

 

In my article "Fighting Botnets and Online Mobs" for the Georgetown Journal of International Affairs covering the Internet war in Estonia, I state how our opponents will no longer be just countries, or even organizations as Martin van Creveld once predicted ahead of his time, but that on the Internet playing field any individual or loosely affiliated group can be a player, affecting countries and yes, corporations as well.

My article can be found here:

http://www.ciaonet.org/journals/gjia/v9i1/0000699.pdf

 

The best article describing the events so far is by John Markoff at the New York Times:

http://www.nytimes.com/2008/08/13/technology/13cyber.html?em

 

Gadi Evron.

Ссылка на комментарий
Поделиться на другие сайты

а вот еще интересная статья из SANS - _ttp://isc.sans.org/diary.html?n&storyid=4903

 

In the past week there has been a lot of media reporting on cyber attacks coming from Russia that are directed at Georgia. Some examples are John Markoff's story in the New York Times, or Siobhan Gorman's story in the Wall Street Journal. Others have been blogging about their experiences and many readers of our diaries have probably been called by local media outlets for comment.

 

Over the past years there have been a many of these "cyber wars" that infatuated the media. Remember the Great Chinese-American cyber war of 2001 following the downing of a Chinese fighter plane and a US spy plane? Also the Israeli-Palestinian cyber conflicts, the Indian-Pakistani sparing, Chinese-Taiwanese conflicts, and of course last year's episode with Estonia?

 

They seem to all follow a similar pattern:

 

1. Some real-world event happens that focuses attention on a specific region

2. The media goes looking for a new angle to report on and finds one in cyber space

3. The online community, both sympathetic as well as curious, read the stories and get interested

4. A "cyber war" starts

5. The media has a field day

 

In the case of Georgia I think that a new pattern is emerging:

 

1. Because of the large number of bots, botnets, and general level of criminal behavior on the Internet, a level of "background noise" is always present in every corner of cyberspace, including small countries like Georgia

2. When the real-world event happens and the media starts looking for activity (steps one and two above) they immediately find it because of the "background noise" (this is like turning on the lights in the kitchen and seeing hundreds of cockroaches - you can acknowledge that you've got a roach problem and kill them or you can turn off the lights and PRESTO! they magically all go away, therefore no more roach problem)

3. A story or two is published about a defaced website or the presence of botnets, or some other event that would normally occur because of the background noise, but it's tied to the developing real-world story

4. The online community hears about the event and wants to go see for themselves, resulting in a massive denial of service attack against a small country that nobody ever visits but is now being overwhelmed by curious cyber tourists wanting to see what is going on

5. The small country blames the DoS attack on their adversaries who of course deny wrong doing

6. Citizens of the adversary country are also interested in seeing what is happening and so their IP addresses begin to show up in the logs, further lending credit to the growing theory that a cyber war is erupting from the larger and more aggressive country

7. Citizens of other countries who want to "play" now jump into the frey and start launching real, no-kidding "attacks" against the small country just for kicks, but also to brag to their friends about how they are now Soldiers of Fortune in this brave new world

8. Before you know it, the combination of media stories, tourists, vandals, criminals, and yes - there might even be a couple of "real" cyber warriors in all of this - all mix together in a torrent of hacking and wacking that reaches a cresendo before slowly tapering off into the history books

9. Rinse and repeat

 

I realize that I'm being very cynical here, and that the future prospects of real, no-kidding, nation-state cyber warfare are very possible. But folks, let's get real. Is a botnet or a website defacement an act of war? Is an overwhelming bunch of cyber tourists an act of war? I think not. But for the next few years I'm can predict with certainty that any time a physical-world invasion or conflict emerges that somebody will immediately go looking for the cyber angle. And they will find one, and they will undoubtedly call it a cyber war.

 

Ссылка на комментарий
Поделиться на другие сайты

Заархивировано

Эта тема находится в архиве и закрыта для дальнейших ответов.

×
×
  • Создать...