Kyrgyzstan Under DDoS Attack From RussiaBy: Counter Threat Unit Research Team
"The Cyber Attack No One Is Talking About"
Since January 18, 2009, the two primary Kyrgyzstan ISPs (www.domain.kg, www.ns.kg) have been under a massive, sustained DDoS attack almost identical in some respects to those that targeted Georgia in August 2008. Few alternatives for Internet access exist in Kyrgyzstan. With just two smaller IPSs left to handle the load, these attacks from Russian IP address space1,2 have essentially knocked most of the small, Central Asian republic offline.
Some believe that this is a way to silence rhetoric from a new and relative powerful opposition coalition whose primary aim is the removal of current government officials, especially Kyrgyz President Kurmanbek Bakiyev3, and a break from the administrations policies.
On the other hand, others think these attacks are part of a Russian campaign to pressure Kyrgyz President Kurmanbek Bakiyev to close US access to a key airbase, which intensified on the same day as the DDoS attacks. That airbase is a key resource in the war against Islamist militants in Afghanistan.
In remarks after meeting then Secretary of State Condoleezza Rice in 2005, Bakiyev seemed willing to allow US and UN forces to continue to use the base4:
that the coalition air base in international Manas airport will be [available] until the situation in Afghanistan is completely stabilized
- Kyrgyz President Kurmanbek Bakiyev
(via Russian translator)
In December 2008, however, Kyrgyz officials announced that they would begin plans to phase out the use of the airbase. The US has denied that any such plans were being made.
Now, under renewed pressure from Russia, sources from inside Bakiyev's administration indicate that the decision to close the base to US and UN forces has already been made, and a public announcement is forthcoming5.
Russia is prepared to offer Kyrgyzstan a $300 million USD loan and provide $1.7 billion USD of investment in the energy sector of the former Soviet republic. Kyrgyz President Bakiyev is scheduled to meet with Russian officials in charge of the deal in Moscow on February 3, 2009. The Russians have indicated that the deal is dependent on the ousting of foreign forces from the Central Asian country's airbase.
Suppression of the opposition movements views, especially the ability to make their point internationally via the Internet, certainly makes sense for Russia. Russia operates the only other airbase in Kyrgyzstan and wants a monopoly on air power in what they term their own back yard. However, US use of the Manas airbase is a source for a steady inflow of cash to the ailing Kyrgyz economy. The opposition's position is that the Russian deal is risky and that it would be better for Kyrgyzstan's economy overall to stay the course, to continue to allow the US and Russia to operate from their own separate airbases. The DDoS attack would be one way to keep the opposition from publicizing their alternative and gaining support for it. That could result in opposing diplomatic pressure from the US and its allies.
Cyber-attacks are part of the information war, making your enemy shut up is a potent weapon of modern warfare.
- Alexander Denezhkin, editor at Cybersecurity.ru
DDoS attacks by Russia's cyber militia seem to be a standard part of campaigns against other nations that are friendly to Russia's Western rivals on a variety of issues, including energy, economic investment, politics, and the military.
In the past, Russian officials have stated that they rely on the recruitment of technically capable Russian citizens to assist them in these types of operations. Many believe that the catalyst for this mobilization is, at least in part, unofficial requests from Russian authorities passed down their contacts in Russia's cyber underground. The use of cyber militias puts distance between the Russian government and shelters the it from culpability for the peacetime use of information warfare tactics. There is often a combination of motives. Couple the lack of culpability with the 'bang for the buck' in using DDoS as a means to an end in policy and military matters, it's a win-win proposition for the Russians. As long as that remains true, we expect to see this pattern repeat. With each new exercise, the cyber militia matures and their capabilities grow. Since 2005, cyber attacks attributed to Russia's cyber militia have increased in frequency. This is a pattern of escalation.
These attacks are powerful tools wielded by Russia's cyber militia against the friends and allies of the United States. Is this action so expected, the pattern so established Israel, Ukraine, Estonia, Lithuania, and Georgia that it fails to garner due attention. With modern worms capable of quickly building 1+ million strong botnet armies, will we have countermeasures and contingency plans in place when the cross hairs lock-on to our own infrastructure?
Note: The US State Department has removed the remarks between Sec. Rice and Kyrgyz President Bakiyev from their web site. A copy was located in Google's cache here