Andrei Blinushov: Russian human rights defenders fall victim to cyber-warfare

As already reported, since 21 October 2007, the website Human Rights in Russia at www.hro.org, the largest Russian-language Internet resource on human rights in the Russian Federation, has been subjected to a relentless and concentrated computer attack (a new form of DDoS attack*) with access to the site blocked.

It would seem that HRO.org has become the first public resource in Russia to be confronted with an attack of such ferocity and persistence.

The human rights resource has effectively become in the frontline of the newest stage of "cybernetic warfare".

It should be noted that this attack does not only involve a consistent flow of tens of thousands of requests. The perpetrators have also managed to penetrate the website's extremely serious security system and insert virus infecting modules into the file system.

These modules have been created in a very devious and professional manner - when deleted, they "come to live" in other directories. And they bring the server down from inside. Combined with the mass attack from outside, programmers believe that this fairly expensive attack was clearly professionally planned.

At present no one is protected from a mass-scale DDoS attack. It can take place with any server in any country, and at present there is no general remedy. Internet resources are advised to spread themselves out (the more the better) over different physical servers and on different domain addresses, making it harder and more expensive for the perpetrators to organize such an attack.

There are, in my view, two main problems. The first is the fact that there are a huge number of unprotected computers without firewall** and resident anti-virus programmes. The perpetrators infect such computers through remote control with special viruses and use them as distributed networks for attacks on "commissioned" Internet resources.

The second problem is that police departments ignore computer security of hacker gangs who almost openly use the Internet to take commercial orders for criminal "cyber measures". Some observers have expressed doubts as to whether such "agencies" may not be using hackers for their own purposes. They refer, for example, to publications about how the "enforcement agencies" hired hackers to destroy the sites of separatists from the Caucuses during the first and second Chechen Wars.

It is worthy of note that several months ago, one hacker, well-known in programming circles, was recognized by chekists [i.e. the FSB] for "patriotic work", but instead of that gave an interview to the press (http://www.agentura.ru/press/about/jointprojects/novgaz/nakhackers/).

It is also known that in Russia DDoS attacks have been carried out on anti-fascist sites and sites of those fighting racial discrimination by neo-Nazi games. Besides computer attacks, some of them extended to publication in the Internet of home email addresses of democratic politicians, human rights defenders and journalists and to calls for violence against them. The Russian law enforcement authorities have refused to bring prosecutions over these cases.

There is a wide scope for possible versions, only nobody has yet, it would seem, been able to expose those who commission such high-tech crimes as DDoS attacks.

We should point out that it is specifically in this year - spring and summer 2007 - that DDoS attacks have been attempted against the servers of the newspaper "Kommersant", the radio station "Echo Moskvy", and later the servers of "Memorial", Kasparov.ru, the "United Civic Front", the National Bolshevik Party {Limonov's party}, and "liberals'" blogs on the Live Journal. We thus have an entirely specific civic and political spectrum which can be loosely defined as "opposition".

The author then ventured the suggestion that such criminal actions with respect to opponents, especially the opposition, might become a widespread "tool" for dealing with those who don't buckle under.
http://andy-hro-org.livejournal.com/?skip=30
http://www.hro.org/ngo/articles/2007/06/06.php
I rather fear that this gloomy prediction is coming true...

Notes:

*DDoS attack - standing for Distributed Denial of Service assault is a notorious means of closing access to a site by effectively inundating it with a huge number of requests. The site's system becomes overloaded, and therefore doesn't open when Internet users try to access it.

**Firewall is a special program for protecting network connections. It makes it possible to block income or outgoing Internet traffic according to a large number of parameters. These are also known as network screens or brandmayers.