Attacks/Breaches
3/17/2014
01:08 PM
Connect Directly
RSS
E-Mail
50%
50%

DDoS Attacks Hit NATO, Ukrainian Media Outlets

As pro-Russia hackers continue DDoS campaigns, Anonymous-branded propaganda reports "imminent US invasion of the Ukraine."

9 Notorious Hackers Of 2013
9 Notorious Hackers Of 2013
(Click image for larger view and for slideshow.)

Multiple NATO and Ukrainian media websites were hit with distributed denial-of-service (DDoS) attacks over the weekend by a pro-Russia group calling itself Cyber Berkut (KiberBerkut). "DDoS attack on some #NATO sites ongoing but most services restored," NATO spokeswoman Oana Lungescu tweeted Sunday. "Integrity of NATO data & systems not affected. We continue working on it."

The DDoS attacks against NATO were launched after secretary general Anders Fogh Rasmussen -- a former prime minister of Denmark -- said Friday that NATO would not recognize the results of the planned "so-called referendum in Ukraine's Autonomous Republic of Crimea," on the grounds that it violated both the Ukrainian constitution and international law. "Holding this referendum would undermine international efforts to find a peaceful and political solution to the crisis in Ukraine," he said. "It would run counter to the principles of the United Nations Charter. It is vital that those principles be upheld."

But according to Cyber Berkut, the attacks were launched Saturday in response to a small delegation of NATO officials arriving in the Ukrainian capital of Kiev earlier this month. Cyber Berkut decried "the NATO occupation of our homeland" and also appeared to threaten citizens of NATO member countries. "If NATO cannot protect their resources, the protection of personal data of ordinary Europeans cannot be considered," the group said Sunday in a post to Pastebin.

[British cyber agents target hackers' chat rooms. Read British Spies Hit Anonymous With DDoS Attacks.]

In recent weeks, the group has also launched DDoS attacks against media sites that it's accused of purveying "fascist and nationalist propaganda," which apparently means that not sufficiently pro-Russia. On Sunday, there were attacks against five general-interest Ukrainian media sites. Earlier this month, it also claimed to have blocked 700 mobile phones used by a Ukrainian neo-fascist junta.

Fascists are the straw men in a campaign being waged either by Ukrainians who want their country to become part of Russia, or by the Kremlin itself. Furthermore, related propaganda extends far beyond just one supposed hacktivist outfit.

"Cyber Berkut (@cyberberkut1) is not the only pro-Russia 'hacktivist' group working against Ukrainian independence," said Jeffrey Carr, CEO of Taia Global, in a blog post. "Anonymous Ukraine (@FreeUkraineAnon on Twitter) is another. In fact, they attacked the NATO Cooperative Cyber Defense Center of Excellence (CCDCOE) website back on November 7, 2013, as well as Estonia's Ministry of Defense website [where the CCDCOE is headquartered]."

But is Anonymous Ukraine composed of what might be described as regular members of the hacktivist collective, or has the hacktivist brand name simply been co-opted?

Last week, the state-backed Voice of Russia reported that Anonymous Ukraine had uncovered evidence that the US planned to invade the Ukraine. The report said that beginning this past Saturday, "[T]he United States, through its agents in Ukraine, will begin a series of false flag attacks on targets in Ukraine which have been designed to make it look as if they were carried out by the Special Forces of the Russian Federation."

The outlet also claimed that Anonymous Ukraine -- as part of Operation Independence -- had released a series of emails from the US Army assistant attaché Jason P. Gresh to a senior official of the General Staff of the Ukrainian Army named Igor Protsuyuk. In them, Gresh tells Protsuyuk, "Your job is to cause some problems to the transport hubs in the south-east in order to frame-up the neighbor. It will create favorable conditions for Pentagon and the Company to act. Do not waste time, my friend."

Carr ridiculed the supposed smoking gun. "I mean -- really? 'It will create favorable conditions for Pentagon' sounds remarkably like 'We don't need computer weapon to kill moose and squirrel,'" he said, referencing the cinematic masterpiece, The Adventures of Rocky and Bullwinkle. Finding this was really the highlight of my night. I'm still laughing," he said.

What about the supposed involvement of Anonymous? "This is a textbook example of how Anonymous with its anarchist framework, We are all Anonymous, can be easily co-opted to support the political agenda of a nation state while appearing to be an opposition movement," said Carr.

That agenda appears to be a push by some parties to make at least Crimea a part of Russia. On that front, furthermore, the Sunday referendum decried by NATO went ahead. Mikhail Malishev, head of the government commission that oversaw the referendum, reported Monday that 97% of the votes that were cast -- with a turnout of 83% -- were for Crimea to become part of Russia. That said, according to some reports, many members of the region's large Muslim Tatar minority abstained from voting.

In response to the vote results, NATO said Monday that it still regards the referendum to be illegal and illegitimate, and that no members of the alliance will recognize the results. It also criticized "the rushed nature of the poll under conditions of military intervention and the restrictions on -- and the manipulation of -- the media, which precluded any possibility of free debate and deliberation and deprived the vote of any credibility."

Pen testing helps companies become more secure by finding and analyzing their insecurities, but pen test services can be fraught with their own kind of risk. In this Dark Reading report, we recommend what to look for in a provider and its wares, how to get what you pay for, and how to ensure that pen testing itself doesn't open the company or its employees up to new risk. Read our Choosing, Managing And Evaluating A Penetration Testing Service report today. (Free registration required.)

Mathew Schwartz is a freelance writer, editor, and photographer, as well the InformationWeek information security reporter. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
rjones2818
50%
50%
rjones2818,
User Rank: Moderator
3/18/2014 | 10:20:25 AM
Re: Who knew?
Matthew,


Stick to reporting the facts.  Your political analysis smacks of propaganda of the lowest kind.
Mathew
50%
50%
Mathew,
User Rank: Apprentice
3/18/2014 | 6:08:00 AM
Re: Who knew?
And today scientists announce finding gravity waves from the Big Bang. Truly, something is afoot with the universe.
BobR960
100%
0%
BobR960,
User Rank: Apprentice
3/17/2014 | 5:25:02 PM
Who knew?
Wow! Who could have possibly seen this coming??? Hmmmm.. 

http://www.newsmax.com/Newsfront/sarah-palin-predicted-ukraine-russia/2014/03/02/id/555549/
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0985
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName parameter.

CVE-2014-0986
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the GotoCmd parameter.

CVE-2014-0987
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName2 parameter.

CVE-2014-0988
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode parameter.

CVE-2014-0989
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode2 parameter.

Best of the Web
Dark Reading Radio