Russian DDoS Attacks: Kommersant
by Jose NazarioThe Moscow News is reporting that the Kommersant newspaper is blaming the Nashi Russian youth movement for their recent DDoS attacks.
Nashi, which translated from the Russian means “Ours”, is reportedly a pro-Moscow, pro-Putin government youth movement, just one of many. Quoting the NY Times on the subject from last summer,
The groups, organizers and critics say, are part of an effort to build a following of loyal, patriotic young people and to defuse any youthful resistance that could emerge during the careful orchestration of Mr. Putin’s successor in next year’s election. Nashi, the largest and most prominent of the groups, now claims 10,000 active members and as many as 200,000 participants in its events.
Some of the comments made in the article from the NY Times would suggest that Nashi, or groups like it, could be behind some of the attacks I tracked in December against the dissident Russian politician Gary Kasparov. I have no direct evidence that links the attacks to any group.
The attacks have been highly coordinated across multiple, related DDoS botnets. The graphic below shows the number of attack commands measured per day, and we see a peak of attacks on March 14 and 15 of last week. The orange line in the graphic is indicative of when the servers relocated from Russian IP address space to UK address space, presumably in response to the attacks. Note that this didn’t stop the attackers.
At least two different kinds of botnets, both DDoS specific toolkits, across a handful of related servers combined to launch these attacks. Not all commanded the attacks to the same degree or frequency. What you do not see here is the number of bots behind each botnet.
The attacks appear to have subsided, we are not seeing any additional attack commands at this point. I am continuing to investigate such attacks in the hopes of seeing how widespread such politically motivated attacks are worldwide.
