Darkness Botnet and Russian Politics

By David J. Smith

Copyright © 2012 Potomac Institute for Policy Studies

This complements the piece by my colleague, Khatuna Mshvidobadze, immediately below.  It is adapted from an article published in Tabula last April.

Last March 24, Russian anti-corruption blogger Aleksey Navalniy’s LiveJournal blogsite sustained a DDoS attack.  Two days later, a DDoS attack was launched against his rospil.info website,which focuses on government procurement.

Meanwhile, the opposition People’s Freedom Party tried to use LiveJournal as an outlet for its new report, Putin. Corruption.

By April 4, LiveJournal’s home page and 34 of its individual blogsites were assaulted.

On April 7 and 8, it was Novaya Gazeta’s turn.

Novaya Gazeta isbest known for reporter Anna Politkovskaya who was gunned down in 2006 as she was about to file a story on security forces misconduct in Chechnya.   More recently, the newspaper launched Online Parliament of the Runet.  “We would like to create a platform to serve as an alternative to the incumbent authorities,” said Novaya Gazeta spokeswoman Nadezhda Prusenkova.  Potential participants included Navalniy and even jailed businessman Mikhail Khodorkovsky.

Jeffrey Carr, Taia Global CEO, writes that at least two botnets were involved in the attacks, a conclusion supported by LiveJournal’s own analysis. And there are indications that the attackers upon Live Journal and Novaya Gazeta were the same.

“We don’t know how many botnets took part in the latest attack,” writes Maria Garnaeva of Kaspersky Lab, “but we definitely know of one botnet that was involved. It is based on the Optima/Darkness DDoS bot that is currently popular on the Russian-speaking cybercrime black market.”

Such attacks would require considerable administrative and financial support, points out Anton Nosik, a former director of LiveJournal’s parent company and a close observer of cyber developments in Russia.

“Hardly anyone could have done this other than the security services,” said People’s Freedom Party leader Boris Nemtsov.

Fingers point to some bit of the Russian government, operating through Nashi, the pro-Kremlin youth group, and cyber criminal syndicates.  As with the 2008 Russian attack on Georgia, we catch a glimpse into that Russian nexus of external aggression, internal repression, cyber-crime and government.

With social networking-fueled uprisings raging across the Middle East, parliamentary and presidential elections looming in December and March and 10,000 Russians a day joining the Internet, the Moscow political establishment is concerned.

Looking to the Middle East, Russian President Dmitry Medvedev told a February 22 security gathering in Vladikavkaz, “They have prepared such a scenario for us before, and now more than ever they will try and realize it. In any case, this scenario won’t succeed.”

“The attack on [LiveJournal] is preparation for parliamentary and presidential elections,” Nemtsov said.  “It is pure politics.”

As Novaya Gazeta was assailed, Alexander Andreyechkin, chief of the FSB’s cyber Center, said, “Uncontrolled usage of [services like Skype, GMail or Hotmail] may lead to a massive threat to Russia’s security.”

The attacks on LiveJournal and Novaya Gazeta were probably tests of the technology and organization needed to carry out cyber-attacks, “a rehearsal,” blogs political analyst Mikhail Delyagin, “of some ‘X hour’ to break communication among the active part of society.”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s