Archive for August 10, 2008

Isaac Hayes, Singer and Songwriter, Now Gone

Isaac Hayes was found next to a treadmill by his wife. He was transported to a hospital in Memphis and pronounced dead at 2:08 p.m. Sunday, August 10.

Advertisements

Leave a comment »

Attack on Georgia Preceded by DDOS Attack in July

From Secure Home Network:

In line with its information warfare doctrine, the opening salvos of Russia’s invasion of Georgia consisted of attacks on Georgia’s communications infrastructure. The goal of this activity was to deny Georgia the opportunity to provide its perspective to the international press, and give Russia a corresponding advantage in shaping world opinion.

As documented at http://rbnexploit.blogspot.com, this cyberattack has been systematic and thorough. It’s coordinated timing with the Russian conventional attack suggests that the criminal RBN is a military intelligence asset of the Russian government.

Many of Georgia’s web servers are now under “unauthorized external control”, and some web sites have been defaced. In addition, other Georgian servers are inaccessible due to disruptions by Russia and the RBN in the Internet’s routing infrastructure. It should be noted that “AS8342 RTCOMM (Ru), AS12389 ROSTELECOM (Ru), AS9121 TTNet Autonomous System Turk Telekom (Tk) are well known to be under the control of RBN and influenced by the Russian government.”

As noted in the August 8th editorial by The Washington Post, “Russian military probes, always denied by Moscow, have been frequent in recent years. But certainly the deeper source of tension between the two countries is Russia’s insistence on maintaining hegemony in the Caucasus. Georgia’s democratically elected government has accepted U.S. military and economic aid, supported the mission in Iraq and pursued NATO membership. Moscow will not tolerate such independence — even by a relatively poor country of just 4.6 million people.”

The Russian government’s use of murder, extortion and blackmail in pursuit of political and economic policy goals has been well documented in the past several years. Europe, the United States, and the world at large will proceed from this point wary of the Russian mafia state.

For the purpose of circumventing the Russian cyber blockade of Georgia, I am reproducing below an official statement of the government of Georgia:

“Georgia seeks peaceful resolution to the conflict in South Ossetia Georgian troops mobilize to protect civilian population from rebel attacks TBILISI – Sat 09 August 2008 –

The Government of Georgia has sought to defuse the tense and violent situation in the South Ossetia region yesterday by declaring a unilateral ceasefire and appealing to the leadership of the separatist rebels to begin talks with the State Minister for Reintegration Temuri Yakobashvili. Despite calls for peace, separatist rebels continued to attack Georgian police posts and the civilian population.

Initially government forces did not return fire. However, at 8:30pm the village of Avnevi came under fire from separatists and the village was almost completely destroyed. The government-controlled village of Prisi also came under attack by separatists, which left several people wounded.

In response to separatist attacks on government-controlled villages, Georgian Armed Forces occupied several villages in South Ossetia early this morning. At around 5:30am, Russian Federation forces began moving into the conflict zone through the Roki tunnel, which connects Russia and Georgia and has been an entry point for the illegal transfer and sale of arms to separatist rebels. Two additional Russian units entered into Georgia through the Roki tunnel around 8:00am. The first Russian unit that entered Georgia through the Roki tunnel was killed as they attempted to cross the Gufta Bridge, which was also destroyed in the operation conducted by the government’s air command.

The Russian air force has also been conducting military operations in Georgia. Military fighter planes dropped bombs in four towns. The Russian air force also bombed the villages of Variani, injuring seven civilians, and dropped three bombs on Gori. The OSCE has confirmed the Gori operation was conducted by the Russian air force. So far several people have been killed and wounded, including innocent civilians.

In an effort to protect the civilian population, the President of Georgia Mikhail Saakashvili declared a unilateral ceasefire to be in effective between 3:00pm – 6:00pm Friday. During this time, the civilian population and the separatists were invited to cross the line of control. The government has also provided humanitarian assistance and full amnesty for those separatists that choose to surrender. As of 2:30pm, Georgian forces controlled 100% of Tskhinvali with just a few small groups still resisting government presence. Despite the ceasefire, Russia continued to take aggressive military action within Georgian territory.

At 4:30pm and 5:35pm, Russian military aircraft bombed a Georgian military base in Marneuli three times, in the southern part of the country about 30 kilometres from Tbilisi, resulting in the destruction of grounded Georgian military equipment, severe damage to a number of buildings, and several causalities.

Russian military aircraft also entered Georgian airspace at 3:05pm and dropped two bombs on the Georgian military airbase in Vaziani, just on the outskirts of the capital.”

I recommend that you check for updates from the site listed above.

In addition, at Dark Reading:

Former Soviet republic could follow Estonia and Lithuania as the next target of Russian cyber attacks

JULY 21, 2008 | The Website of President Mikhail Saakashvili of Georgia was rendered unavailable for more than a day this weekend, thanks to a multi-pronged, distributed denial of service (DDOS) attack.

According to a report by researchers at Shadowserver, at least one botnet is attacking the Georgian government site with a variety of simultaneous attacks, including TCP, ICMP, and HTTP floods.

The server that houses the Website has been largely offline since the attack started, Shadowserver says. The server also houses several other Websites, including the Social Assistance and Employment State Agency Website (www.saesa.gov.ge). All of the sites on the host have been rendered inaccessible.

Shadowserver says it hasn’t been able to definitively establish the DOS attack as the work of the Russian cyber attack force which took out many Estonian government sites in 2007 and several Lithuanian sites last month. (See Russians Organizing ‘Political Hack Force’.)

“We do not have any solid proof that the people behind this [command and control] server are Russian. However, the HTTP-based botnet C&C server is a MachBot controller, which is a tool that is frequently used by Russian bot herders,” Shadowserver says. “On top of that, the domain involved with this C&C server has seemingly bogus registration information, but does tie back to Russia.

“Who else have these guys been attacking with this MachBot C&C server? The answer is no one,” Shadowserver says. “This server recently came online in the past few weeks, and has not issued any other attacks that we have observed until recently. All attacks we have observed have been directed right at http://www.president.gov.ge.”

The researchers recommend blocking or monitoring traffic to the the IP address 207.10.234.244, which is located in the United States and is suspected of being a key server in the attack. Beaconing traffic from your network to this host may indicate that you have infected machines on your network and that your machines may be participating in this DDOS attack, Shadowserver says.

— Tim Wilson, Site Editor, Dark Reading

Probably not a coincidence.

Leave a comment »