Georgian Government Websites Under Cyber Attack
The Georgian Republics Parliament website has been defaced as well:
parliament.ge now shows:
Original post continues below:
Some of the Internet resources of the Georgian government have been the targets of fairly steady DDoS attack’s since early July of 2008. The website of the President of Georgia has been hit fairly heavily over the last few days and is currently going off line randomly as it is overcome by the attack (it was up this morning but has been down for several hours now).
The Threat Expert Blog had an article about similar attacks on president.gov.ge back on 20 July 2008. In that article they credited Steven Adair for the information regarding the botnet involved in the attack, likewise Steven gets credit for bringing the ongoing attacks to my attention this morning. Stevens latest post on this issue can be found at the Shadowserver website later today, I’ll update the link as that info becomes available.
True to form there’s appears to have been a cooperative effort between the cyber attacks and the military attacks on the ground in Georgia. Whether the attacks are the work of the Russian government or that of those sympathetic to their cause remains to be seen. Estonia recently suffered a similar fate less the actual physical invasion forces.
Here’s a sample of what we’re seeing regarding the attacks on Georgian resources, on and off, since mid July (source IP’s removed):
2008-07-20 15:15:14 188.8.131.52 president.gov.ge flood icmp http://www.president.gov.ge
2008-07-20 15:15:12 184.108.40.206 president.gov.ge flood tcp http://www.president.gov.ge
2008-07-20 15:15:08 220.127.116.11 president.gov.ge flood http http://www.president.gov.ge
2008-07-20 14:14:23 18.104.22.168 president.gov.ge flood icmp http://www.president.gov.ge
2008-07-20 14:14:20 22.214.171.124 president.gov.ge flood tcp http://www.president.gov.ge
2008-07-20 14:14:17 126.96.36.199 president.gov.ge flood http http://www.president.gov.ge
2008-07-20 13:13:33 188.8.131.52 president.gov.ge flood icmp http://www.president.gov.ge
2008-07-20 13:13:32 184.108.40.206 president.gov.ge flood tcp http://www.president.gov.ge
The RBNExploit blog claims that Internet routing for the Georgian Internet resources may have been under attack in an effort to stop proper routing to those services. The RBNExploit Blog claims the Russian Business Network is involved, I can’t verify that claim but if you don’t know what the RBN is you need to go find out. RBN is responsible for quite of bit of the nastiness on the Internet as far as cyber crime and fraud goes.
Additionally, the Georgian Office of Foreign Ministry was also defaced with images likening the Georgian President to Hitler, details are available at Interfax.
This article was cross posted at The Jawa Report.