DDoS attack takes out NATO websites, Ukraine connection claimed

Filed Under: Denial of Service, Featured

NATO logoA series of DDoS attacks launched over the weekend disrupted access to several websites operated by NATO.

A pro-Russian Ukrainian hacktivist group going by the name "Cyber Berkut" has claimed responsibility for the attacks, which affected only public websites and did not impact essential operations, according to NATO spokespeople.

The distributed attacks focused on the main NATO public site, www.nato.int (which is also redirected to from nato.com), knocking it offline for long periods on Saturday. It remained slow to respond at times on Sunday.

Other sites affected apparently include the public site of a cyber security centre in Estonia, affiliated to NATO.

The claims of responsibility were made in Russian on the cyber-berkut.org website but have not been officially verified. The "Berkut" refers to Ukrainian riot police responsible for vicious suppression of protesters campaigning against ousted president Viktor Yanukovich.

With the NATO site currently dominated by news of the Ukraine situation, it's probable that the attacks were intended as a protest against NATO involvement.

NATO quickly tweeted confirmation that it had been subjected to DDoS (Distributed Denial of Service) but insisted there had been "no operational impact", no access to classified information, and that efforts were under way to restore functionality as soon as possible.

The Ukraine crisis has already sparked a number of spin-off cyber incidents. A string of attacks on Russian media, government and central bank websites last week were apparently launched by a group calling itself "Anonymous Caucasus", which denied any connection to the Ukraine situation.

Nevertheless, speculation has been rife that these incidents were a response to Russian news coverage of recent events.

As in previous instances of real-world political tensions spilling over into the cyber arena, the targets have been overwhelmingly in the public arena, taking down promotional and information resources rather than critical government or military targets.

One commentator compared the NATO attack to "kicking sand into one's face" - or, as XKCD put it, tearing down a poster.

There has been further speculation, in Ars Technica and elsewhere, that would-be cyber-warriors have learned lessons from previous clashes, stepping back from high-profile but low-impact propaganda strikes on media and official websites in favour of more covert and stealthy cyber-espionage tactics.

Either way, it seems almost inevitable that further cyber incidents will emerge from the ongoing political struggle.

Once again, urgent warnings will be issued from all angles over the possibility of genuine cyber warfare, with demands for more funding for military cyber wings.

We can only hope things don't progress too far beyond the current sand-kicking levels.

, , ,

You might like

One Response to DDoS attack takes out NATO websites, Ukraine connection claimed

  1. Nigel · 567 days ago

    "We can only hope things don't progress too far beyond the current sand-kicking levels."

    Right...but hope is cheap. Remember, this is not just a case of people squabbling amongst themselves, where things could get very unpleasant, but not catastrophic. Unfortunately, political states are involved, and that always means war is one of the chips on the table.

    I think you're right in predicting that "...it seems almost inevitable that further cyber incidents will emerge from the ongoing political struggle." But as bad as that might be, it would still be bloodless. Not so with the political goons, whose fundamental claim to authority comes from the fact that they have the big guns, and historically they're inclined to use them.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

John Hawes is Chief of Operations at Virus Bulletin, running independent anti-malware testing there since 2006. With over a decade of experience testing security products, John was elected to the board of directors of the Anti-Malware Testing Standards Organisation (AMTSO) in 2011.