Georgian Government Websites Under Cyber Attack

The Georgian Republics Parliament website has been defaced as well:
parliament.ge now shows:

Defaced Georgian Parliament Website

Defaced Georgian Parliament Website

Original post continues below:

Some of the Internet resources of the Georgian government have been the targets of fairly steady DDoS attack’s since early July of 2008. The website of the President of Georgia has been hit fairly heavily over the last few days and is currently going off line randomly as it is overcome by the attack (it was up this morning but has been down for several hours now).

The Threat Expert Blog had an article about similar attacks on president.gov.ge back on 20 July 2008. In that article they credited Steven Adair for the information regarding the botnet involved in the attack, likewise Steven gets credit for bringing the ongoing attacks to my attention this morning. Stevens latest post on this issue can be found at the Shadowserver website later today, I’ll update the link as that info becomes available.

True to form there’s appears to have been a cooperative effort between the cyber attacks and the military attacks on the ground in Georgia. Whether the attacks are the work of the Russian government or that of those sympathetic to their cause remains to be seen. Estonia recently suffered a similar fate less the actual physical invasion forces.

Here’s a sample of what we’re seeing regarding the attacks on Georgian resources, on and off, since mid July (source IP’s removed):

2008-07-20 15:15:14 62.168.168.9 president.gov.ge flood icmp http://www.president.gov.ge
2008-07-20 15:15:12 62.168.168.9 president.gov.ge flood tcp http://www.president.gov.ge
2008-07-20 15:15:08 62.168.168.9 president.gov.ge flood http http://www.president.gov.ge
2008-07-20 14:14:23 62.168.168.9 president.gov.ge flood icmp http://www.president.gov.ge
2008-07-20 14:14:20 62.168.168.9 president.gov.ge flood tcp http://www.president.gov.ge
2008-07-20 14:14:17 62.168.168.9 president.gov.ge flood http http://www.president.gov.ge
2008-07-20 13:13:33 62.168.168.9 president.gov.ge flood icmp http://www.president.gov.ge
2008-07-20 13:13:32 62.168.168.9 president.gov.ge flood tcp http://www.president.gov.ge

The RBNExploit blog claims that Internet routing for the Georgian Internet resources may have been under attack in an effort to stop proper routing to those services. The RBNExploit Blog claims the Russian Business Network is involved, I can’t verify that claim but if you don’t know what the RBN is you need to go find out. RBN is responsible for quite of bit of the nastiness on the Internet as far as cyber crime and fraud goes.

Additionally, the Georgian Office of Foreign Ministry was also defaced with images likening the Georgian President to Hitler, details are available at Interfax.

This article was cross posted at The Jawa Report.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: