Russian Elections: Social Media Overwhelm Botnets

By Khatuna Mshvidobadze

Copyright © 2012 Potomac Institute for Policy Studies

Opposition leaders are saying that the December 4, 2011 elections for the Russian State Duma were the last to be controlled by television. Or maybe they were the first in which television lost control. For the Russian opposition, the Internet—blogsites and social networks—became the arena for news, organization and discussion of alleged government misconduct.

As expected, Russia’s irregular army of hackers and criminals directed their now familiar DDoS attacks against websites more or less identified with the opposition. Nonetheless, opposition bloggers, smart phone journalists and social media activists succeeded in showcasing election fraud to the Russian public and the world beyond.

14 websites sustained DDoS attacks. Among the targeted websites were the popular blogsite LiveJournal, a platform for anti-corruption blogger Alexei Navalny, who has grown into a big headache for the Kremlin and its associated business activities.

Among attacked sites also were news portals slon.ru, Zaks.ru, the Novaya Gazeta, New Times and Kommersant newspapers, Bolshoi Gorod magazine, Echo Moskvy radio and TV channel Dozhd. Election watchdog Golos also came under cyber fire, particularly its Kartanarusheniy.ru, a project to display election violations on a map.

Having successfully employed social media to reveal election irregularities, wired opponents of the current government then used the same media to bring hundreds of thousands of people into the streets of cities across Russia. Interestingly, it was a real grassroots effort, not on behalf of a single opposition party, but an expression of broad discontent.

Its success was odd because the security establishment had been expressing concern about social media for months. There had even been a dry run of the DDoS attacks in March and April.

Back then, the first wave of the attack came against Navalny’s LiveJournal blog page. A few days later a Navalny website was attacked. In that same period, Boris Nemtsov, former governor of Nizhny Novgorod and People’s Freedom Party leader, had planned to publish the party’s new report Putin. Corruption on LiveJournal. This apparently irked the DDoS perpetrators even more and the blogsite’s welcome page and thirty plus individual blog pages were attacked.

The newspaper Novaya Gazeta, which had launched an effort called Online Parliament of Runet, was also attacked. The idea of Online Parliament was to “elect” members who would then blog about issues that they believed were ignored by the government.

Kaspersky Lab expert Maria Garnaeva posted an analysis on her Securelist.com blog. “We don’t know exactly how many botnets took part in the latest attack,” she said, “but we definitely know of one botnet that was involved. It is based on the Optima/Darkness DDoS bot that is currently popular in the Russian-speaking cybercrime black market. Not only are the Trojan programs (bots) themselves on sale, but also infected computer networks that are built with the help of such programs and services offering to carry out DDoS attacks upon any given Internet resource.”

The attacks last spring were more than cyber hooliganism, even more than high-tech brutality. They were warnings to Russian Internet denizens that the Runet is carefully observed. One can imagine the consternation in the power centers of Moscow that some Russians found Online Parliament of Runet more interesting than the bricks and mortar State Duma.

Why social media overwhelmed the botnets will be the subject of another blog.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s