Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

DDoS Attacks Hit NATO, Ukrainian Media Outlets

As pro-Russia hackers continue DDoS campaigns, Anonymous-branded propaganda reports "imminent US invasion of the Ukraine."

9 Notorious Hackers Of 2013
9 Notorious Hackers Of 2013
(Click image for larger view and for slideshow.)

Multiple NATO and Ukrainian media websites were hit with distributed denial-of-service (DDoS) attacks over the weekend by a pro-Russia group calling itself Cyber Berkut (KiberBerkut). "DDoS attack on some #NATO sites ongoing but most services restored," NATO spokeswoman Oana Lungescu tweeted Sunday. "Integrity of NATO data & systems not affected. We continue working on it."

The DDoS attacks against NATO were launched after secretary general Anders Fogh Rasmussen -- a former prime minister of Denmark -- said Friday that NATO would not recognize the results of the planned "so-called referendum in Ukraine's Autonomous Republic of Crimea," on the grounds that it violated both the Ukrainian constitution and international law. "Holding this referendum would undermine international efforts to find a peaceful and political solution to the crisis in Ukraine," he said. "It would run counter to the principles of the United Nations Charter. It is vital that those principles be upheld."

But according to Cyber Berkut, the attacks were launched Saturday in response to a small delegation of NATO officials arriving in the Ukrainian capital of Kiev earlier this month. Cyber Berkut decried "the NATO occupation of our homeland" and also appeared to threaten citizens of NATO member countries. "If NATO cannot protect their resources, the protection of personal data of ordinary Europeans cannot be considered," the group said Sunday in a post to Pastebin.

[British cyber agents target hackers' chat rooms. Read British Spies Hit Anonymous With DDoS Attacks.]

In recent weeks, the group has also launched DDoS attacks against media sites that it's accused of purveying "fascist and nationalist propaganda," which apparently means that not sufficiently pro-Russia. On Sunday, there were attacks against five general-interest Ukrainian media sites. Earlier this month, it also claimed to have blocked 700 mobile phones used by a Ukrainian neo-fascist junta.

Fascists are the straw men in a campaign being waged either by Ukrainians who want their country to become part of Russia, or by the Kremlin itself. Furthermore, related propaganda extends far beyond just one supposed hacktivist outfit.

"Cyber Berkut (@cyberberkut1) is not the only pro-Russia 'hacktivist' group working against Ukrainian independence," said Jeffrey Carr, CEO of Taia Global, in a blog post. "Anonymous Ukraine (@FreeUkraineAnon on Twitter) is another. In fact, they attacked the NATO Cooperative Cyber Defense Center of Excellence (CCDCOE) website back on November 7, 2013, as well as Estonia's Ministry of Defense website [where the CCDCOE is headquartered]."

But is Anonymous Ukraine composed of what might be described as regular members of the hacktivist collective, or has the hacktivist brand name simply been co-opted?

Last week, the state-backed Voice of Russia reported that Anonymous Ukraine had uncovered evidence that the US planned to invade the Ukraine. The report said that beginning this past Saturday, "[T]he United States, through its agents in Ukraine, will begin a series of false flag attacks on targets in Ukraine which have been designed to make it look as if they were carried out by the Special Forces of the Russian Federation."

The outlet also claimed that Anonymous Ukraine -- as part of Operation Independence -- had released a series of emails from the US Army assistant attaché Jason P. Gresh to a senior official of the General Staff of the Ukrainian Army named Igor Protsuyuk. In them, Gresh tells Protsuyuk, "Your job is to cause some problems to the transport hubs in the south-east in order to frame-up the neighbor. It will create favorable conditions for Pentagon and the Company to act. Do not waste time, my friend."

Carr ridiculed the supposed smoking gun. "I mean -- really? 'It will create favorable conditions for Pentagon' sounds remarkably like 'We don't need computer weapon to kill moose and squirrel,'" he said, referencing the cinematic masterpiece, The Adventures of Rocky and Bullwinkle. Finding this was really the highlight of my night. I'm still laughing," he said.

What about the supposed involvement of Anonymous? "This is a textbook example of how Anonymous with its anarchist framework, We are all Anonymous, can be easily co-opted to support the political agenda of a nation state while appearing to be an opposition movement," said Carr.

That agenda appears to be a push by some parties to make at least Crimea a part of Russia. On that front, furthermore, the Sunday referendum decried by NATO went ahead. Mikhail Malishev, head of the government commission that oversaw the referendum, reported Monday that 97% of the votes that were cast -- with a turnout of 83% -- were for Crimea to become part of Russia. That said, according to some reports, many members of the region's large Muslim Tatar minority abstained from voting.

In response to the vote results, NATO said Monday that it still regards the referendum to be illegal and illegitimate, and that no members of the alliance will recognize the results. It also criticized "the rushed nature of the poll under conditions of military intervention and the restrictions on -- and the manipulation of -- the media, which precluded any possibility of free debate and deliberation and deprived the vote of any credibility."

Pen testing helps companies become more secure by finding and analyzing their insecurities, but pen test services can be fraught with their own kind of risk. In this Dark Reading report, we recommend what to look for in a provider and its wares, how to get what you pay for, and how to ensure that pen testing itself doesn't open the company or its employees up to new risk. Read our Choosing, Managing And Evaluating A Penetration Testing Service report today. (Free registration required.)

Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014. View Full Bio

Comment  | 
Print  | 
More Insights
//Comments
Threaded  |  Newest First  |  Oldest First
BobR960
BobR960,
User Rank: Apprentice
3/17/2014 | 5:25:02 PM
Who knew?
Wow! Who could have possibly seen this coming??? Hmmmm.. 

http://www.newsmax.com/Newsfront/sarah-palin-predicted-ukraine-russia/2014/03/02/id/555549/
Mathew
Mathew,
User Rank: Apprentice
3/18/2014 | 6:08:00 AM
Re: Who knew?
And today scientists announce finding gravity waves from the Big Bang. Truly, something is afoot with the universe.
rjones2818
rjones2818,
User Rank: Strategist
3/18/2014 | 10:20:25 AM
Re: Who knew?
Matthew,


Stick to reporting the facts.  Your political analysis smacks of propaganda of the lowest kind.
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-33196
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
CVE-2023-33185
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
CVE-2023-33187
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
CVE-2023-33194
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
CVE-2023-2879
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file