The Latest in IT Security

2011, and now 2012, appear to be years of major populist protests regarding political processes around the world. Russia is no different. News reports of protests in the streets of Moscow have been increasing, with protesters demanding election reforms and fairness. It is in this backdrop that we’re seeing DDoS attacks against some websites.

A recent BBC News story on Russian protests about upcoming elections caused me to go looking in our database for domestic DDoS attacks within Russia on sympathetic sites calling for election changes. We’ve seen this sort of thing in the past, specifically in the 2009 run-up to the elections where opponents to Putin and Medvedev were attacked, so it seems natural to expect it this time.

Inspection of our botnet tracking logs from Project Bladerunner show multiple sites under attack recently that appear to be politically motivated. Four are news sites (three belong to journalufa). The other is a candidates site, and all attacks are ongoing. The botnets here are Dirt Jumper and Black Energy. Despite press that the radio station Echo Moscow is getting political pressure for it’s pro-change reporting, we haven’t yet seen their properties struck by attacks as we have in the past.

As you can see from the following screenshots taken today, two of the sites are accessible, but one of them notes that it’s under attack.

CIK-UFA under attack

Journal UFA under attack

The botnets behind these attacks have been actively involved in many DDoS attacks in recent weeks, some of which are on commercial properties, and some of which are on news sites. These appear to be their most overtly political targets. In short, these do not appear to be purpose built for political attacks.

We’re keeping an eye on this situation, expecting it to continue or get worse as the elections approach on March 4.