A blog-post by senior security researcher Jose Nazario at security specialist Arbor Networks, hints that recent DDoS attacks, in particular against Belarus news site Charter97.org, could be related to the regional tension between Belarus and Russia.
Charter97 has seen several DDoS attacks over recent months, and as early as April 2008, the site was attacked with a botnet hosted at httpdoc.info using a Machbot-like botnet, that “we’ve never seen before”, wrote Nazario. “This was very much like the botnet behind the July 2008, Georgian president attacks.”
Charter97 wrote on its website, that “more than 5000 zombie computers are supposed to be involved in the attack”, and in updates on the most recent DDoS attack, Charter97 accuses the Belarusian government of trying to curb freedom of speech.
A comment to the Arbor Networks blog-post, points at that at the time of the most recent attacks, “Charter 97 published several articles about the ban on sales of dairy products from Belarus to Russia, and one about President Lukashenko mentioned in a satirical Russian TV programme.”
DDoS – a serious threat
Professor Howard A. Schmidt, president of the Information Security Forum (ISF), told Infosecurity that DDoS is a serious threat – especially for organisations that do not have the resources, technology or bandwidth to handle an attack.
Organisations have to make sure their security systems are up to the task, but Schmidt added that: “Governments also have a responsibility to protect businesses and the critical infrastructure and ensure its law enforcement bodies do what they can to prevent DDoS and identify the source of attacks.”
He mentioned the Cyber Clean Center, which has been set up by the Japanese Ministry of Internal Affairs and the Communication/Ministry of Economy, Trade and Industry, as an example of what governments can do. The Japanese Cyber Clean Center promotes Bot cleaning and prevention based on cooperation with internet service providers (ISPs).
“However, we have also seen some instances where governments have appeared to sponsor ‘cyber-warfare’ or ‘cyber-espionage’ either directly or through the emerging hacktivist community. These groups are intent on doing damage to organisations that in some cases their governments could prevent but choose to ignore, which results in hacktivist criminals acting with impunity", Schmidt warned.