First Estonia. Then Georgia. Now Kyrgyzstan.
A Russian “cybermilitia” has knocked the central Asian country of Kyrgyzstan off the Internet, a security researcher said today, demonstrating that the hackers are able to respond even faster than last year, when they waged a digital war against another former Soviet republic, Georgia.
Since Jan. 18, the two biggest Internet service providers in Kyrgyzstan have been under a “massive, sustained distributed denial-of-service attack,” said Don Jackson, the director of threat intelligence at SecureWorks Inc.
The attacks, which are ongoing, have knocked most of the country offline and disrupted e-mail to and from a U.S. air base there, Jackson said. The public affairs officer at Manas Air Base in Kyrgyzstan was not immediately available to answer questions about whether the attacks have disrupted operations or other activities.
According to Jackson, the distributed denial-of-service (DDoS) attacks — essentially a flood of requests that overwhelm servers and effectively knock them off the Internet — can be traced to the same groups of Russian and ethnic Russian hackers who assembled in militia-like fashion last August to launch similar attacks against Georgia.
In a related matter, check Lauri Almann‘s (permanent undersecretary of defense for the Republic of Estonia from 2004 to 2008) new piece in Stanford’s Policy Review:
The main ddos attack lasted ten days, from May 8 to May 18. During the period between May 10 and May 15, Estonia’s banks came under fire from the cyber warriors; two major banks had to stop their online services. Ninety-four percent of banking transactions in Estonia are conducted online, and so the attacks had a crippling effect on financial dealings in the country. Most Estonians do not have checkbooks. When the banking system was set up after the nation regained independence in 1991, the decision was made to skip the issuance of checkbooks in favor of direct, online banking. This, of course, made Estonia even more vulnerable to damage from attacks.
Of course, a ddos attack against online banking lasting several days is enough time to do a great deal of damage to an economy. The attack was not continuous, but came in waves, suggesting that it was not a riot of hackers, but a well coordinated attack. It appears from the pattern of attack that one bot herder was controlling the intensity of the attacks. This demonstrates clearly that there was a single point of control. It is important to note that when the attack began, Estonia had no way of knowing how long the attack would last or whether it would be ongoing.
