Information Technology Reference
In-Depth Information
The conflict between Georgia and Russia is notable because even before Russian
troops had entered South Ossetia, the Georgian government suffered a series of DDoS
attacks that affected its ability to communicate with the outside world. Multiple Web
sites went down for hours. The Georgian government went so far as to switch some of
its Web hosting locations to the United States. American security experts said they had
uncovered evidence of involvement by the Russian Business Network, a criminal gang
located in St. Petersburg, but there was no clear link to the Russian military [57, 58, 59].
GEORGIA (2009)
Twitter service was unavailable worldwide for several hours on August 6, 2009, due
to a massive DDoS attack. Max Kelly, the chief security officer at Facebook, said the
attack was an effort to silence a political blogger from the Republic of Georgia, citing
as evidence the fact that three other sites used by the activist—Facebook, LiveJournal,
and Google—were also targets of DDoS attacks at the same time [60, 61].
No group took responsibility for the attacks, but some noted that August 6, 2009,
was the first anniversary of the war between Georgia and Russia over South Ossetia [62].
EXILED TIBETAN GOVERNMENT (2009)
In 2009 computer security experts uncovered a surveillance effort targeting the Dalai
Lama, the exiled Tibetan government, and other Tibetans. Some agency had used back-
door Trojans to penetrate 1,295 computers in 103 countries, creating a spying system
the experts named GhostNet. When a victim opened an email attachment supposedly
containing the translation of a book, the backdoor Trojan was activated. Each backdoor
Trojan was able to transfer data files and email messages back to the controlling com-
puter. Even more ominously, it could access the computer's microphone, turning the PC
into an eavesdropping station. Some of the researchers that discovered GhostNet blamed
the Chinese government for the intrusions, but the Chinese government denied respon-
sibility [63, 64].
UNITED STATES AND SOUTH KOREA (2009)
A DDoS attack on governmental agencies and commercial Web sites in the United States
and South Korea paralyzed a third of them over the Fourth of July weekend in 2009.
Targets in the United States included the White House, the Treasury Department, the
Secret Service, the New York Stock Exchange, and NASDAQ. In South Korea, the targets
included the Blue House (presidential mansion), the Defense Ministry, and the National
Assembly.
The DDoS attack was relatively minor, involving a botnet containing only 50,000-
65,000 computers, compared with large-scale attacks that may utilize a million com-
puters. Still, the attack disrupted different networks over a period of days as it shifted
targets, and some sites in South Korea were unavailable or compromised as late as July
9. South Korea's National Intelligence Service blamed the North Korean government or
its sympathizers for the attack, hypothesizing that the attack was in retaliation for United
Nations sanctions against North Korea. According to computer experts, it was unlikely
the source of the attack would ever be positively identified because those responsible for
the attack launched it from systems owned by others [65, 66].
