In January of 2009 the world witnessed the third successful cyber attack against a country. The target was the small country of Kyrgyzstan. The country is only about 77,000 square miles in size with a population of just over 5 million. The attackers focused on the three of the four Internet service providers. They launched a distributed denial of service attack traffic and quickly overwhelmed the three and disrupting all Internet communications. The IP traffic was traced back to Russian-based servers primarily known for cyber crime activity. Multiple sources have blamed the cyber attack on the Russian cyber militia and/or the Russian Business Network (RBN). RBN is thought to control the world’s largest botnet with between 150 and 180 million nodes. These reports go on to say that Russian Officials hired the technically capable group to do this. It is widely believed that this group also played a substantial role in the Estonia Attack in 2007 and the attack on Georgia in 2008. The mechanism of attack was a fairly large botnet with nodes distributed in countries around the world. (DefenseTech Enemy among Us) One significant difference in the Kyrgyzstan attack is that most of the DDoS traffic was generated in Russia.
INTEL: One source reports that this attack was commercial — insinuating the civilian organization (attackers) may have been paid to carry this out.
ANALYSIS: The commercial sourcing of the cyber attack is believed to have been done to put the Russian government an arms length away from the hostile act.
The attack seems to be politically motivated and is the latest example of geopolitical disputes being fought with cyber weapons. Cyber Intelligence Analysts stated that attacks were launched to disrupt demands that leaders halt plans to prohibit access to an airbase for the US military in its war in Afghanistan. The analysts went on to say the Russian officials want nothing more than the base closed as soon as possible. (This is said to be one of the terms of a $2 billion investment deal that Russia is trying to negotiate with Kyrgyzstan.)
HAHAHA I love the screenshot of the game Uplink.
Great game.
What horribly is the article of written.
ever see the episode of south park where the internet stops and all the sheeple here go berserk.kinda brings that to mind.
Why do we not do the same thing to orginizations that launch these attacks? Are the Russians more capable of this activity than we are or are we more “moral” than they?
Well at least they did not use all the compromised computers in the United States this time like they did on Estonia and Georgia. The U.S. should be ashamed to have such poor computer security practices and so many computers turned into ZOMBIES!!!!!!!!
I hope Our people are our government is. Are was well aware of this concept are capability well before the Russians. Are whom so ever is doing this Economic,Nation crippling,near war are at war intrusion in to the lives and security of the countries of this world. especially the United States!!!???.If not the United States had better get on the BALL!!!.
I hope Our people are our government is. Are was well aware of this concept are capability well before the Russians. Are whom so ever is doing this Economic,Nation crippling,near war are at war intrusion in to the lives and security of the countries of this world. especially the United States!!!???.If not the United States had better get on the BALL!!!.
What sort of grammar major wrote comments 1, 2 & 7? That hurt just trying to read them.
What has this done besides geTtING kids in Kyrgyzstan away from the computer for a few hours?
Comment #7 had me on the floor laughing. English may be your second language, but thats just sad. But at least your spelling was good!
But on a serious note, I think that cyberterrorism should be given as much attention by the Defense Department as conventional terrorism. This is a serious threat that won’t be going away. That said, since all it takes is a snow storm to bring down our power grid, maybe we ought to do something about our infrastructure, security wise and just plain repairing wise.
Seriously, has the last generation addressed any problems at all????
Photo credit:
http://www.introversion.co.uk/cgi-bin/screenshots.cgi?pic=uplink4.gif
Just imagine how formidable they would be with Michael Dell on their side.
Yeah, I’m thinking Putin and company may have re-thought their foreign policy a bit after the Georgia invasion. They got trashed in the press and lost some expensive jets.
It’s much cheaper to project your will using cyber terrorism. Plus, using established Russian hacker groups, the government can plead plausible deniability.
English, motherf***er, DO YOU SPEAK IT???
Geez. Feeling a little hostility toward the concepts of cyber-war and cyber-defense?
Look, I work with a couple of homeland security consultant types, and so I stay sick of all the “sky is falling” panic-mongering in DHS. And who doesn’t groan when some bureaucrat starts throwing “cyber-” in front of his pet cause to drum up money.
But can you really be suggesting that internet infastructure is not vulnerable to attack? Or that the government has no protective responsibility, and the only national-level response to the threat should basically be for everyone to buy Norton? Ot that massive and sophisticated attacks on the nation’s computer infastructure would be just a pesky annoyance to a few folks who wanted to look up the Lakers’ score?
Brian wrote: “These attacks do cause monetary loss, and they do cause hardship and inconvenience. But it is a minor inconvenience compared to a cluster bomb.” See, here’s the thing: a cluster bomb is localized. Even if someone did drop one on you tomorrow, people in unaffected places would come to your aid like they did after 9/11 and Katrina. And someplace is always unaffected.
The attraction of a cyber-attack is that it is not localized. No place is unaffected. Imagine if, post-Katrina, no satellite-based or computer-based systems had worked. No coms, no gas pumps, no credit cards… for the victims or the rescuers… or anywhere in the US. “Minor inconvenience?” Come on. And you think no one in Russia is studying how to pull that off, just in case they ever need to?
So no, cyber-war isn’t the end of the world. But it is a potentially devastating weapon, with a massive blast-radius, in the arsenal of anyone looking to make war on the US civilian population. And when we see Russia test that weapon on Georgia and Kyrgyzstan, we should treat it the same way we treat it when al-Qaeda tests chemical weapons on goats. We should take seriously the potential that the technology will be developed and refined to the point of weaponization, and we should kill the people with the expertise.
Many people think that during a cyber-attack, they will just lose their internet. Big deal right?
But, it goes beyond that. One example is communications. Many modern phone systems are IP based. They communicate over the same lines, using the same communication protocols as a computer surfing the web. If I lose internet, I also lose my phone. One person, not a big deal, but take away this service for a large area, that’s a problem.
Also, the attacks are not just limited to coming through computer lines. Hackers love social engineering attacks. They get people to tell them critical information and passwords by pretending to be someone else. For example, Kevin Mitnick was well known for gaining access this way. He was so good at obtaining info and manipulating systems that it is said that he even wiretapped FBI agents.
Unfortunately, the danger is much more than just loosing Google…
The US military should be looking at this closely. How do the Russians do it? Can they paralyze our communications? Move sattelites? How do you counter it? An EMP blast over Moscow? The Russians 1st target may be our computer run military. Wat would you do?
Kevin, thanks. Not many news source covered this exciting news. I was lucky to catch it the next day.
Take a deep breath, Brian. Consider these two points.
#1. No one knows what it is possible to do through a massive denial-of-service attack against civilian networks because we haven’t yet had a large number of attack-defense cycles. You are right that there have been years of attempts to steal info from DOD systems. But what Russia is trying to do is stop all civilian network traffic in a nation. We haven’t played that game yet, so don’t be so sure about what could be successfully done and what couldn’t. A lot depends on work that is going on in Russia (and hopefully the US) right now.
#2. “Murdering Russian teenagers”. You want to know how we succeeded (I use that workd with reservations) in Iraq? Our special guys went after the small core of people who knew how to develop weapons and our line guys went after the fighters willing to use weapons. Lots of teenagers in that latter category… we killed them by the dump-truck load. So now apply that to cyber-warfare. Who are the developers and users of cyber-weapons? If you want to go offensive against this threat, then that’s who you kill. For all we know, there’s no teenagers involved at all… all of the developers and users might be adult officers of the FSB. Your image of the teenage geek in his basement with a PC is hopelessly US-centric.
To reiterate my point: Breathless panic about the coming cyber-apocalypse is worse than useless. But so is dismissive arrogance. If Russia thinks this weapon is useful, why ignore it? Why not fund a few studies (we fund all kinds of other useless junk) or an office of cyber-whatever someplace? Why is that so worthy of scorn?
the comment about the georgia “attack” is not up to speed. Russia is now building a new Navy base in “Ossetia” and STILL has troops sitting on the pipeline valves in Georgia.
It sounds like
Russia has a PLAN! what do we have? Obama talking to Iran!
Consider the following:
Kyrgyzstan only recently became independent, but there are definitely strong ties to russia, still. The people are extremely eager to blame the government for any problems that they’re experiencing, and are quick to have random revolutions to replace their president.
Russia wants the US out of Bishkek and they’ve been gradually increasing the pressure on the government there. Meanwhile, the Kyrgyz gov’t dicks around with the US representation there with silly ass political games.
Everyone should read the comment posted by ‘TDS4S’!
They are on target!!
While I certainly agree it won’t impact the operational status of our military (or most others), I question the down play of economic impacts.
We’re not talking about dropping web sites or e-mail, but 3 of the country’s 4 internet service provides being taken off line.
Does that not wipe out credit card operations, debit card operations, WANs, etc. that utilize those lines of communications?
Sure, we could still run cash transactions at the gas pumps and go to the old carbon copy credit card machines but at some point you have to restore the ISPs for all those transactions to be processed. AND you have to hand enter those transactions. $$$$$$‘s
Not to speak of all the systems that are so heavily reliant on Wide Area Networking. Courts, major companies, police using in car computers, etc.
If it’s only a day or so of interrupted service it’s just a royal PITA. If it’s several weeks of continued denial of service it will be a huge civilian issue. Military operations will, of course, be impacted but that will be more like running out of toilet paper on ship.…It won’t be pretty but the crap will still get done.
Yeah must have been terrible for the population — think of the impact for their travel by horse, for their local bazaars and kiosk shopping and all those semi-nomadic herding families that keep the country’s agriculture industry going.
One can only imagine the dire cultural impact it must have had on the bride-kidnapping and horse riding sports.
Actually, I do know that we are doing too much all at once and doing it stupid. Everything we do, we do stupid. It’s why I got out. God forbid we coordinate effort between various agencies and departments. Sharing info would run the risk of making someone else look good and get the credit (and budget). Democracy is incapable of intelligent action (but that’s a discussion for another time…)
But this crappy system is the only one we have. So if the bad guys are interested in this weapon, do we mock them, mock the people who write about it, and mock the Kyrgyz, or do we respond with the only system we have, which happens to be terrible?
BTW, I don’t know what Kevin’s personal motivations are, and I don’t know how you know. Why castigate him when pea-brains on the hill use his articles to grub for dollars? It’s what they do, whether he writes an article or not.
TDS4S, nobody will ever ever ever accuse me of being dismissive of the threat posed by Russia. They’re just a half breath away from the old style Soviet Union, and I trust them about as far as I trust a used car salesman.
Cyber threats do exist, and they do threaten the US. But right now we’ve got very little reliable data as far as where attacks are coming from, where they’re being directed, who is controlling them, etc. We don’t have enough information to go and bomb Boris Badinov for trying to hack our e-mail. You remember “we know there are WMDs in Iraq”? Amplify that. Instead of saying that there are WMDs in Iraq, say that there are hackers in nuclear-armed Russia, and that they pose so great a threat that we have to go and execute citizens of an almost-hostile-traditional-enemy-but-now-supposed-to-be-our-friend nuclear power. Political disaster. The worst scenario is that it turns into open war. How would you respond if Russia began assassinating US citizens living here? We don’t know anywhere near enough to begin a program like that. No proof.
What we do know is that government and civilian computer networks come under attack every single day. Millions of attacks per day. The vast vast majority of these fail. Now, does Russia have a secret cabal of programmers who lay in wait to attack the computer systems of another country? Is that what they used against Georgia and Kyrgyzstan? What do those programmers do when they aren’t attacking some baltic rathole? I doubt that they sit by idly and twiddle their thumbs. More likely, they engage in attacks on the US, coordinated or not.
Brian you are part of the problem not the answer. You are so wrong it is not even funny!!! Are you working for our enemies to try to subvert the efforts to reinforce our information infrastructure? I actually think so!
SpyGuy,
Yes I am. Curses, you have uncovered my secret!!!
The best offense is a good defense.…
Their were many agencies that this was given to and none acted, so have fun.….
Russian Business Network hosting :69.50.160.0–69.50.191.255
Russian Business Network hosting :194.146.204.0–194.146.207.255
Russian Business Network hosting :85.255.112.0–85.255.127.255
Russian Business Network hosting :81.95.144.0–81.95.159.255
RBN (iframecash com Hiding within Cogent Communications):38.97.225.135–38.97.225.135
RBN (Pilosoft, Inc.):38.117.144.0–38.117.144.255
RBN (InterCage):58.65.232.0–58.65.239.255
RBN (Starhub Internet, Singapore) :61.8.192.0–61.8.255.255
RBN (Adapt Services Limited, London):62.140.208.131–62.140.208.131
RBN (Adapt Services Limited, London):62.140.208.197–62.140.208.197
RBN (Deutsche Telekom AG):62.154.15.154–62.154.15.154
RBN (CARAVAN ISP Moscow, RU):62.213.64.0–62.213.127.255
RBN (InterCage):64.28.176.0–64.28.191.255
RBN (OwnWebNow, Orlando, Florida):65.99.192.0–65.99.207.255
RBN (Global Net Access, LLC, Atlanta, Georgia):65.254.48.0–65.254.63.255
RBN (Net Access Corporation, Cedar Knolls, NJ):66.29.15.141–66.29.15.141
RBN (iframecash net Hiding within Net Access Corporation) :66.29.87.11–66.29.87.11
RBN (Pilosoft, Inc.):66.128.192.0–66.128.207.255
RBN (76service.comNoc4hosts Inc, FL, US):66.232.122.239–66.232.122.239
RBN (SETUPAHOST — Toronto Canada):66.244.254.0–66.244.254.255
RBN (Pilosoft, Inc.):66.246.154.0–66.246.154.255
RBN (GigeNET, Arlington Heights, IL):66.252.0.0–66.252.31.255
RBN (ThePlanet.com Internet Services, Inc.):67.18.179.15–67.18.179.15
RBN (ThePlanet.com Internet Services, Inc.):67.19.24.168–67.19.24.175
RBN (ThePlanet.com Internet Services, Inc.):67.19.72.205–67.19.72.206
RBN (Electric Lightwave Inc, Vancouver, WA):67.137.217.219–67.137.217.219
» RBN (InterCage):67.210.0.0–67.210.11.255
RBN (InterCage):67.210.13.0–67.210.15.255
RBN (Rackspace.com, Ltd., San Antonio, TX):69.20.117.228–69.20.117.228
RBN (Pilosoft, Inc.):69.22.147.0–69.22.147.255
RBN (Pilosoft, Inc.):69.22.151.0–69.22.151.255
RBN (InterCage):69.22.162.0–69.22.163.255
RBN (InterCage):69.22.168.0–69.22.175.255
RBN (InterCage):69.22.184.0–69.22.187.255
RBN (Pilosoft, Inc.):69.31.23.0–69.31.23.255
RBN (Pilosoft, Inc.):69.31.40.0–69.31.47.255
RBN (Pilosoft, Inc.):69.31.52.0–69.31.53.255
RBN (InterCage):69.31.64.0–69.31.79.255
RBN (Pilosoft, Inc.):69.31.80.0–69.31.87.255
RBN (Pilosoft, Inc.):69.31.90.0–69.31.93.255
RBN (Pilosoft, Inc.):69.31.114.0–69.31.119.255
RBN (Pilosoft, Inc.):69.31.126.0–69.31.126.255
RBN (Pilosoft, Inc.):69.31.128.0–69.31.131.255
RBN (InterCage):69.50.160.0–69.50.191.255
RBN (GloboTech Communications Saint-Quentin, NB, Canada):72.10.164.69–72.10.164.69
RBN (Staminus Communications, Fullerton, CA, US):72.20.14.3–72.20.14.3
RBN (Staminus Communications, Fullerton, CA, US):72.20.25.134–72.20.25.134
RBN (Layered Technologies, Inc. LAYER-3):72.232.197.83–72.232.197.83
RBN (ThePlanet.com Internet Services, Inc.):74.54.31.196–74.54.31.196
RBN (Everyones Internet, Houston):75.125.89.178–75.125.89.178
RBN (WEBALTA / Internet Search Company — Moscow Russia):77.91.224.0–77.91.231.255
RBN (Credolink ISP Autonomous System, Russia) :77.247.160.0–77.247.175.255
RBN (Credolink ISP Autonomous System, Russia) :80.70.224.0–80.70.239.255
RBN (Credolink ISP Autonomous System, Russia) :81.94.16.0–81.94.31.255
RBN partner (AS Joy) 81.95.144.0/22–81.95.155.0/24, Registered in Panama City Panama