DDoS Attack Hits Internet Service Providers In Kyrgyzstan

January 28th, 2009

DDoS Attack Hits Internet Service Providers In Kyrgyzstan

Kyrgyzstan, a republic located in central Asia, was effectively knocked offline for more than a week by a Russian cybercriminals that continues to flood the country’s internet providers with crippling data attacks, according to Don Jackson, a researcher with Atlanta-based security provider SecureWorks.

The attacks, which began on January 18, bear the signature of pro-Russian nationalists believed to have launched similar cyber assaults on the republic of Georgia in August. The attacks on Kyrgyzstan were so potent that most net traffic in and out of the country was completely blocked during the first seven days.

Over the past 48 hours, ISP have managed to mitigate some of the damage by relocating the servers of their biggest customers to different IP address ranges and employing a technique known as source filtering, which is designed to block harmful traffic while still allowing friendly packets through. Some media organizations and government opposition groups in the country of 5.3 million have not been so fortunate.

Representatives from Kyrgyzstan Domain Registration Service and a service known as www.ns.kg didn’t respond to requests for comments. The two services carry about 80 percent of the country’s traffic, Jackson said.

Researchers from Arbor Networks, which monitors worldwide internet traffic for attacks and other anomalies, said they weren’t seeing any malicious traffic directed toward Kyrgyzstan. Arbor’s Jose Nazario said that was most likely because of a “visibility issue” resulting from the company “not tracking the right botnets.”

The culprits in the attacks on Kyrgyzstan are most likely a group of technically capable Russian citizens recruited by Russian officials, Jackson said. The vast majority of the drones that are bombarding the Kyrgyz targets are located in Russia. The geographic concentration makes source blocking a more effective countermeasure than when the bots are scattered throughout the world.

Jackson speculated the attacks are designed to silence opponents of Kyrgyz President Kurmanbek Bakiyev, who are demanding the leader reverse his plans to close an airbase to the US military in its war in Afghanistan. The Russian government wants the base closed, Jackson said.

The attacks are the latest example of geopolitical disputes spilling into cyberspace, a trend that’s been growing in the past few years. Web and email traffic in Estonia came to a standstill in May of 2007 after civil unrest over that country’s removal of a Soviet-era memorial was accompanied by attacks on the Baltic nation’s internet infrastructure. Attacks on websites belonging to the Georgian government, on Radio Free Europe and cable television network CNN by Chinese hackers follow a similar pattern.

Credit: The Register

Share this item with others:

More on CyberInsecure:

DDOS Attack Hits Cheshire-based ISP Vispa, 30,000 Customers Forced Offline

Massive Botnet DDoS Attack Hits Mininova.org

DDoS Attack Against Neustar Hits Major Websites, Including Amazon, Wal-Mart, Expedia

Anti Fraud Site Bobbear.co.uk Hit By A DDoS Attack

Denial-of-service Attack Hits Wikileaks During US Diplomatic Cables Leak Release

Posted in Breaches And Incidents, DDoS, Targeted Attacks |

Print This Post

This entry was posted on Wednesday, January 28th, 2009 at 1:50 pm and is filed under Breaches And Incidents, DDoS, Targeted Attacks. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

If you found this information useful, consider linking to it from your own website.
Just copy and paste the code below into your website (Ctrl+C to copy)
It will look like this: DDoS Attack Hits Internet Service Providers In Kyrgyzstan