The conflict online is mirroring the conflict offline Thursday, with Russian government websites going dark to some parts of the world after being targeted with a flood of web traffic via a distributed denial-of-service (DDoS) attack attempting to knock them offline. It’s unclear who directed the attack or if it was successful in disrupting the sites.
However, cybersecurity researchers say the Russian government appears to be deploying a defensive technical measure known as geofencing to block access to certain sites it controls, including its military website, from areas outside Russia’s sphere of influence—complete with a joking nod to internet infrastructure.
Russian troops began invading Ukraine early on Wednesday local time, with Forbes and others reporting apparent attacks on civilian areas including hospitals and residential zones.
Ukrainian government sites were pushed offline last week in similar attacks in the run up to the Russian invasion of Ukraine, The Record reported. The U.S. and the U.K. attributed those attacks to the Russian government. Cybersecurity researchers also said Wednesday that Ukrainian computer networks were hit with malware designed to destroy data on their systems for the second time this year.
No one appears to have claimed credit for the DDoS attacks, which suggest they were unsuccessful, James Lewis, the director of the Strategic Technologies Program at the Center for Strategic and International Studies, told The Record.
“DDoS is the most basic form of cyber attack, it’s not that hard–either Ukraininans or people who support Ukraine could have launched them again,” he said.
Global network watchers noted the DDoS attacks, including Netblocks and Kentik Director of Network Analysis Doug Madory.
Now seeing DDoS attacks against Russian govt websites in possible retaliation to DDoS attacks against Ukrainian websites. #UkraineRussiaConflict
— Doug Madory (@DougMadory) February 24, 2022
Among the RU targets, https://t.co/bvhrm8D6hb which is hosted by AS8291 (Russia State Internet Network). pic.twitter.com/4vhbO8NCte
However, the targeted Russian government sites—including the primarily military domain, mil.ru—appear offline to some international visitors due to the apparent geofencing that limits traffic from sources outside Russia’s sphere of influence.
“Based on the data we got, traffic to Mil.Ru appears to be administratively blocked from outside of Russia,” Madory told The Record, after attempting to access the website from servers located around the world in response to our research inquiry.
Status code returned by servers around the world attempting to access mil.ru (Via Kentik)
That means the person operating the website running the site configured the servers to not actually show the content of the website to people trying to access it from overseas.
Instead, those attempting to access the website from blocked areas get an HTTP Error 418 response.
Confusion around the outage of some of the Russian government’s sites was also exaggerated by how Russian web servers handled the apparent DDoS attacks, showing a “418 I’m a teapot” error.
Started out as a Google prank in the late 90s, 418 server errors are not part of any official standard, but some web servers choose to serve them anyway. They are commonly used as a “network administrator inside joke” to block incoming traffic.
The errors are typically used as responses to DDoS attacks and website or API scraping attempts—as a way to let attackers know their actions have been discovered and are being actively blocked.
The joke and the apparent selective inaccessibility of the military site suggests Russia moved defensively to avoid potential embarrassment, according to Lewis. The Russian Embassy did not respond to a request for comment.
The Russian government websites were also not the only ones that also faced DDoS attacks Thursday. Madory said he also observed traffic reflecting apparent attacks targeting major Russian banks Sberbank and Alfabank.
https://twitter.com/DougMadory/status/1496961857638309893
In a press conference Thursday, U.S. President Joe Biden said the White House was working with the private sector to be prepared for potential Russian cyberattacks and warned there would be retaliation.
“If Russia pursues cyberattacks against our companies, our critical infrastructure, we are prepared to respond,” Biden said.
The post Russia appears to deploy digital defenses after DDoS attacks appeared first on The Record by Recorded Future.
Article Link: https://therecord.media/russia-appears-to-deploy-digital-defenses-after-ddos-attacks/