Massive botnet recruitment ahead of Georgia crisis
Several blogs are alight with speculation about the recruitment of bots ahead of the South Ossettia crisis. According to some of these stories there was a massive recruitment of bots on 4/5 August ahead of the Georgian action on the 7th and Russian Response on the 8th.
While it is highly likely that we will increasingly see cyber-attacks used in conjunction with conventional attacks as a force multiplier I have a very hard time believing that any military would ever want to engage the Internet criminal underground ahead of a military strike. Even more so if doing so might reveal the fact that the party had advance knowledge of an attack by the other side.
So is this just coincidence? Possibly, but another possibility is that both events have a common cause. The Olympics began on the 8th of August and it is quite possible that the Georgian action was timed to occur just before and create a fait acompli ahead of the traditional Olympic Truce.
Recruitment of large botnets ahead of major sporting events is hardly unexpected. Bookmakers stand to make huge sums taking bets on the Olympics, but only if their site is up to take the bets before the event. DDoS attacks before a major event are a regular occurrence.
Comments
Phillip says:
I have a very hard time believing that any military would ever want to engage the Internet criminal underground ahead of a military strike.
To which I respond:
I have a very easy time believing it, especially considering the close links between the various international and criminal elements and the Russian government. See, for example, http://pasta.cantbedone.org/pages/Gkbk32.htm or the Wall Street Journal article it refers to, for why Kasparov refers to the then President as "Don Putin".
In particular the line "The web of betrayals, the secrecy, the blurred lines between what is business, what is government, and what is criminal--it's
all there in Mr. Puzo's books. " confirms that thanks to that blurred line, they would have no problem turning to the criminal element.
Kasparov actually recommended reading classic Mario Puzo novels on Mafia life in order to understand the modern Russian government!
So yes, the links betweeen criminal elements and government are close.
Now as for giving away the imminent strike, you must admit that it did not do this. Everyone was blindsided, except for the Russians, who were obviously very well prepared for this. That already gave away the fact that they planned this whole thing, suspicious Internet activity on the eve of the bombardment adds very little to that. Neither was enough for anyone to cotton on to Russian intent until after it happened.
VeriSign should take this as an example of how important it is for VeriSign customers to take security seriously. Georgian web servers were far too easy to take down, this should not have happened if both web providers and internet providers followed best security practices.
VeriSign should make it very public how customers can protect themselves -- especially if VeriSign technology proves to be a particularly handy way to do it.
Posted by: Matthew Johnson | September 2, 2008 10:39 AM
I do not dispute that the Russians might want to do this, nor that they are almost certainly behind at least some of the attacks that occurred post-invasion.
What I do not think likely is that they would risk compromising a very valuable information source for such a low return.
Knocking out the whole Georgian electricity infrastructure might make sense as a pre-emptive strike. Knocking over the Web server does not.
Posted by: PHB | September 10, 2008 6:57 AM