NEWS CATEGORIES:

NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>

Find us on Google+

Home > News > Security > Hacking News

July 21st, 2008, 11:06 GMT · By George Craciun

President of Georgia Web Page Down after Hacker Attack

Adjust text size:

DDOS attack shuts down the web page of Georgia President

Over the weekend, the web page of Mikhail Saakashvili, the president of Georgia, has been under an intense DDOS (denial-of-service) attack, which caused it to temporarily shut down. According to the Shadowserver Foundation, the attack began on Saturday morning and rendered the web page unavailable for a period of about 24 hours. Here is an example of the commands the foundation has detected so far: "flood http www.president.gov.ge/".

The server that hosts the Presidential web page also harbors the Social Assistance and Employment State Agency website, as well as other sites that have become unavailable due to the attack.

Steven Adair from the Shadowserver Foundation comments: "Who else have these guys been attacking with this MachBot C&C server? The answer is no one. This server recently came online in the past few weeks and has not issued any other attacks that we have observed until recently. All attacks we have observed have been directed right at www.president.gov.ge."

What is the reason for this multi-pronged distributed denial of service attack? Since the Shadowserver Foundation has yet to provide a precise answer, we can only speculate. What we do know is that political relations between Georgia and Russia have been quite tense recently. There are reasons to believe the attack originates from Russia and, as the attack on Lithuania has proven, this is the usual manner in which Russian hackers respond to political tensions.

"We do not have any solid proof that the people behind this C&C server are Russian. However, the HTTP-based botnet C&C server is a MachBot controller, which is a tool that is frequently used by Russian bot herders. On top of that the domain involved with this C&C server has seemingly bogus registration information but does tie back to Russia," says Steven Adair.

The Shadowserver Foundation is made up of several security pros that voluntarily monitor online traffic in an effort to detect malware, botnet activity, and electronic fraud. People must be made aware of the threats they may encounter while surfing the web, threats that range from malware spreading sites to compromised servers.

FILED UNDER:

TELL US WHAT YOU THINK:

2,396 hits · 1 comment · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:

The Spanish Police Warns About Pro-Anorexia Websites

How the UN Keeps Its Network Safe

iPhone 3G Is in Beta, Says Analyst

Several SQL Injection Vulnerabilities Discovered in Zoph

US Presidential Candidate to Tackle Cybersecurity

READER COMMENTS:

Comment #1 by: Thomas Burling on 11 Aug 2008, 20:16 UTC

reply to this comment

Just trying to get the word out. Because of the conflict between Russia and the Republic of Georgia we are getting hammered. We broadcast, for expatriots, three Georgian television stations and a special announcement site for the Georgian President Mikhail Saakashvili (president.gov.ge) if you are carrrying any Georgian based material be careful, we are receiving attacks all across the spectrum, not only on our Georgian websites but all of our issued IPs. Fortunately we have the equipment and technicians who can handle it.
We agreed to host the President's site because Russian hackers had taken down the entire internet in Georgia. These people are nuts. Our techs are getting no sleep at all. It's one thing to attack the .ge site. It is another to take our table out of ARIN and try to take the whole network down.

SUBMIT PROGRAM \| ADVERTISE \| GET HELP \| SEND US FEEDBACK \| RSS FEEDS \| UPDATE YOUR SOFTWARE \| ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved. Softpedia® and the Softpedia® logo are registered trademarks of SoftNews NET SRL.	Copyright Information \| Privacy Policy \| Terms of Use