Attacks and Controls in RUNET

Attacks and Controls in RUNET

This week, a DDoS attack was launched on Livejournal— which, with 4.7 million Russian users, has become a powerful forum for political discussion in Russia (Maria Garnaeva of Kaspersky Lab has a great analysis and report of the attack). The attacks began on March 24, from the Optima botnet on prominent Livejournal user Alexei Navalny (who discusses government corruption in his blog as well as a number of other URLs until April 1. By April 4, however, the botnet was launched on many popular Livejournal blogs and effectively caused the Web site to be inaccessible in Russia. The attacks rendered the Web site inaccessible in Russia on March 30 and April 4.

Within this, the oppositional newspaper, Novaya Gazeta, was also similarly attacked. It was reported that the newspaper believes that the attack was carried out by those who attacked the Livejournal. The large scale DDoS attack was at one point sending 70,000 visit requests every 14 seconds.

This Global Voices post details the current discussion and speculations in Russian cyberspace over the attack. Many have been quick to suggest that the attack was a politically motivated state-sponsored attack whose primary target was Navalny. Another prominent user, Anton Nosik, suggested that the attack be linked to a recent article in the newspaper Argumety i Fakty, which suggested that Russian Livejournal users shift to another platform. Nosik understands the attack to be an orchestration by the Russian government to disband the Russian Livejournal community. The Novaya Gazeta has linked the attacks to this year’s parliamentary election and next year’s presidential election in Russia. The paper’s editor told the Associated Press that he believes the attacks were meant to “discredit the public platforms which express alternative points of views.” The opposition leader has publically stated that, “It’s quite possible that those people who have ordered the attack are planning the complete crash of Live Journal in the heat of the 2011-2012 election campaign,” he wrote on his blog Friday.” The PutinWatcher Web site also suggests that the attack was state-sponsored, pointing to the fact that “DDoS attacks have been the favored technique in blogging attacks linked to the Russian government in the past” as seen in the attacks on the Estonian government in 2007 and the Georgian government in 2008 which some have linked to the Russian state.

Recently, Alexander Andreyechkin of Russia’s Federal Security Service announced that the organization has proposed placing a ban on foreign services such as Skype, Hotmail and Gmail due to the security threats stemming from their “uncontrolled use”—meaning, that control of traffic through these services is done from foreign servers—as well as the concern that these services use foreign-made encryption technology. These comments were later revoked.

These recent attacks are occurring against a backdrop of intensified control over Russian cyberspace this year (see this OpenNet Initiative post for more details)—for instance, the launch of the League of Internet Safety, and the rise of the so-called “30 Ruble Army.” The Russian government has however, denied the allegations. In fact, Medvedev’s own Livejournal blog suffered from the attack. Attribution is often difficult to determine, however, what is of significance is that these recent attacks are consistent with the controls in Russian cyberspace as documented by Ronald Deibert and Rafal Rohozinski (see Deibert and Rohozinski’s Control and Subversion in Russian Cyberspace)—for instance, the deployment of next generation information controls (such as DDoS attacks) characterized by “just in time” blocking or event-based denial of selected content or services.