ElasticVapor: The Cyberwar Bait & Switch -- Blame Russia

Friday, August 7, 2009

The Cyberwar Bait & Switch -- Blame Russia

First of all let me say I've suspected something fishy from the start of this latest social denial of service attack on various social networks. The more I dig the more it seems to have been committed & perpetrated by someone friendly to Georgia not Ruissia. I believe this for a couple reasons, #1 make Russia look bad, and #2 bring attention to conflict. More to the point this "cyberwar" was perpetrated for PR purposes only.

Let's start off by pointing out the obvious. Why would Russia want to bring attention to the Georgian conflict on the one year anniversary of the war? More-over if they were behind it, why would they attack just one person, effectively making this person a cyber martyr? It makes no sense. This is the last thing they would want to do. The first rule of war, cyber or traditional is not to empower your enemy. Which in a sense is exactly what happened. They made @cyxymu a kind of cyberwar superstar. If this attack was truly just on one person, I'm sure a more traditional means of elimination of said target would have been a heck of a lot easier to accomplish and would have made a lot less noise. This is especially true in Eastern Europe where people routinely go missing for a lot less. A traditional assassination would have gone completely unnoticed by the West. Instead we are to believe that a very public cyber attack on Twitter, Facebook and Google was orchestrated by the Russians. I'm not sold.

The tactics of the attack don't exactly scream covert Russian operation. They scream botnet for hire. Eastern European zombie networks have become a source of income for entire groups of cybercriminals. A basic botnet running out of eastern Europe for DDoS attacks, can run from $50 to a few thousands dollars depending on the size of the botnet and length of the attack. The most advanced using a fast flux botnet approach (the type most likely used). Anyone with a few bucks can hire their very own botnet and blame anyone they wish. Pointing the botnet at just one person (yourself) is a genius move if you blame someone else. Think of it as a cyberwar Bait & Switch.

If I were a betting man, I'd say that this attack was done using Multi-Stage BGP & DNS Attack Vector. My only real proof is a little common sense as well as the simple reason that a typical HTTP denial of service attack causes a spike in traffic not a drop as illustrated below.

Reuven Cohen ~ @ruv

An instigator, part time provocateur, bootstrapper, amateur cloud lexicographer, and purveyor of random thoughts, 140 characters at a time.

Reuven is an early innovator in the cloud computing space as the founder of Toronto based Enomaly in 2004 (Acquired by Virtustream in 2012). Enomaly was among the first to develop a self service infrastructure as a service (IaaS) platform (ECP) circa 2005. As well as SpotCloud (2011) the first commodity style cloud computing Spot Market.

Today he leads Citrix (NASDAQ: CTXS) world wide advocacy efforts with a particular focus on increasing the volume, reach and influence of Citrix's extensive portfolio of technology solutions used by more than 260,000 customers and 100 million end users across the globe.

Reuven writes "The Digital Provocateur" column for Forbes Magazine, he is the co-founder of CloudCamp (100+ Cities around the Globe) CloudCamp is an unconference where early adopters of Cloud Computing technologies exchange ideas and is the largest of the ‘barcamp’ style of events. He is also the co-host of the DigitalNibbles Podcast sponsored by Intel

ElasticVapor

Friday, August 7, 2009

The Cyberwar Bait & Switch -- Blame Russia

#DigitalNibbles Podcast Sponsored by Intel

Instagram

Reuven Cohen ~ @ruv