The Web site of the Georgian president was the subject of a distributed-denial-of-service attack over the weekend.
The attack, which is believed by some experts to have been politically motivated, began on Saturday, according to a blog post by Steven Adair, a Shadowserver security volunteer.
"For over 24 hours the Web site of President Mikhail Saakashvili of Georgia... has been rendered unavailable due to a multi-pronged distributed-denial-of-service attack," wrote Adair on Sunday. "Shadowserver has observed at least one Web-based command and control server taking aim at the Web site, hitting it with a variety of simultaneous attacks."
Adair reported that the command-and-control server used a network of compromised computers, or botnet, to attack the Web site with TCP, ICMP and HTTP floods. The server that was attacked also hosts the Georgian Social Assistance and Employment State Agency Web site, which was also "rendered inaccessible" for the duration of the attack, according to Adair.
SANS Internet Storm Center requested that IT professionals check their logs to make sure their systems were not part of the botnet. Traffic would either have been directed against www.president.gov.ge at 62.168.168.9, or have flowed to the command-and-control server at 207.10.234.244.
Several security vendors said that forces in Russia could have been involved, pointing to recent political tensions between the two countries.
On the ThreatExpert blog, researcher Sergei Shevchenko said the hack attack had been preceded earlier this month by the Russian airforce deliberately flying planes over the troubled Georgian region of South Ossetia, without permission from the Georgians. The Russians stated they had done this to "cool hot heads" in the Georgian capital Tbilisi.
Arbor Networks's chief analyst, Jose Nazario, pointed to political tension in another region of Georgia, Abkhazia, as well as tensions in South Ossetia, as being possible catalysts to the attack.
"This attack appears to have a political motivation," wrote Nazario in a blog post. "One of the messages in the floods (HTTP, SYN, ICMP) reads 'win+love+in+Rusia'. Tensions between Russia and Georgia appear to be running high lately."
Russia was blamed for cyberattacks last April against another of its neighbors, Estonia.
Play video
» Ultimate virtualization blade
There are currently no comments for this post.