Hacking News

President of Georgia Web Page Down after Hacker Attack

The Russians are believed to be behind it

By George Craciun, Security News Editor

21st of July 2008, 11:06 GMT

Adjust text size:

DDOS attack shuts down the web page of Georgia President

Over the weekend, the web page of Mikhail Saakashvili, the president of Georgia, has been under an intense DDOS (denial-of-service) attack, which caused it to temporarily shut down. According to the Shadowserver Foundation, the attack began on Saturday morning and rendered the web page unavailable for a period of about 24 hours. Here is an example of the commands the foundation has detected so far: "flood http www.president.gov.ge/".

The server that hosts the Presidential web page also harbors the Social Assistance and Employment State Agency website, as well as other sites that have become unavailable due to the attack.

Steven Adair from the Shadowserver Foundation comments: "Who else have these guys been attacking with this MachBot C&C server? The answer is no one. This server recently came online in the past few weeks and has not issued any other attacks that we have observed until recently. All attacks we have observed have been directed right at www.president.gov.ge."

What is the reason for this multi-pronged distributed denial of service attack? Since the Shadowserver Foundation has yet to provide a precise answer, we can only speculate. What we do know is that political relations between Georgia and Russia have been quite tense recently. There are reasons to believe the attack originates from Russia and, as the attack on Lithuania has proven, this is the usual manner in which Russian hackers respond to political tensions.

"We do not have any solid proof that the people behind this C&C server are Russian. However, the HTTP-based botnet C&C server is a MachBot controller, which is a tool that is frequently used by Russian bot herders. On top of that the domain involved with this C&C server has seemingly bogus registration information but does tie back to Russia," says Steven Adair.

The Shadowserver Foundation is made up of several security pros that voluntarily monitor online traffic in an effort to detect malware, botnet activity, and electronic fraud. People must be made aware of the threats they may encounter while surfing the web, threats that range from malware spreading sites to compromised servers.

TAGS:

DDOS | hacking | Shadowserver | security

SEARCH THE NEWS ARCHIVE :

Today's News | Yesterday's News | News Archive

User opinions:

Comment #1 by: Thomas Burling on 11 Aug 2008, 20:16 GMT

reply to this comment

Just trying to get the word out. Because of the conflict between Russia and the Republic of Georgia we are getting hammered. We broadcast, for expatriots, three Georgian television stations and a special announcement site for the Georgian President Mikhail Saakashvili (president.gov.ge) if you are carrrying any Georgian based material be careful, we are receiving attacks all across the spectrum, not only on our Georgian websites but all of our issued IPs. Fortunately we have the equipment and technicians who can handle it.
We agreed to host the President's site because Russian hackers had taken down the entire internet in Georgia. These people are nuts. Our techs are getting no sleep at all. It's one thing to attack the .ge site. It is another to take our table out of ARIN and try to take the whole network down.

Share your opinion:

SUBMIT PROGRAM \| ADVERTISE \| GET HELP \| SEND US FEEDBACK \| RSS FEEDS \| ENTER NEWS SITE \| ENGLISH BOARD \| ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved. Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.	Copyright Information \| Privacy Policy \| Terms of Use \| Update your software \| Archive

NEWS CATEGORIES: