DDoS attacks knock Radio Free Europe off the Web

On Chernobyl anniversary, U.S.-funded news organization hit by hackers

Several Radio Free Europe Web sites were knocked off the Internet a week ago in a distributed denial-of-service (DDoS) attack that the news organization's spokesman compared to attempts decades ago by the Soviet Union to jam the U.S.-funded group's radio signals.

The attack, which started on April 26, hit Radio Free Europe's Belarus Web site hardest and was timed to coincide with protests there that day to mark the anniversary of the 1986 Chernobyl nuclear disaster, the organization claimed. Seven other Radio Free Europe (RFE) sites, including those Kosovo and Azerbaijan, as well as the Russian-language site, were also affected.

"We had restored service on all but the Belarus site late Monday morning," Martins Zvaners, a Washington-based RFE spokesman, said Friday. "The Belarus site was up again on that afternoon."

Radio Free Europe and an associated service, Radio Liberty, are news organizations funded by the U.S. Congress that date back to 1949, when RFE began broadcasting news to radio listeners in Eastern Europe and the USSR at the beginning of the Cold War. The organization still uses radio to distribute its news, but it also relies on the Internet.

The incident was the largest attack RFE had ever experienced, said Zvaners. "It was massive, and it was distributed," he said. At its peak, the DDoS attack was sending more then 50,000 requests to the RFE sites, which overwhelmed its servers' capacity and essentially knocked the sites offline. Other Belarusian sites were also hit, including the Minsk-based nongovernmental organization (NGO) Charter 97.

Within an hour of RFE issuing a news release on Monday detailing the attack, "the bogus requests petered out," said Zvaners.

RFE has taken steps to protect against similar attacks in the future, but Zvaners would not get specific. "Our network [administrators] are looking at ways to better protect our sites from future attacks," he said.

April 26 was the 22nd anniversary of the meltdown at a nuclear reactor near Chernobyl, Ukraine. A plume of highly radioactive fallout drifted to the northwest, over what is now Belarus and toward Finland and Sweden. Large areas of Belarus, Russia and Ukraine were contaminated, but the majority of the fallout landed in Belarus.

The timing of the DDoS was not coincidental, said Zvaners: Earlier, FRE had announced that it would cover antigovernment protests live on its Web sites. Although he said it was impossible to know the identity of the attackers at this point in RFE's investigation, he pointed a finger at the administration of Alexander Lukashenko, the president of Belarus since 1996.

"This started on the day of a demonstration that they wanted no one to cover," said Zvaners. "They've never been real happy with us. In an ongoing sense, they are always 'jamming' our signals. We can't say for certain who did it, but you look at the circumstances, and you can start to draw some possible inferences."

"It's like we are back in the 50s and 60s, when [the USSR] used other ways to block our signal," Zvaners said. "It's a disappointing trend, but perhaps not unexpected."

A security researcher who has investigated what he calls "people's information war," said that the sequence of the attacks could provide a clue as to their source.

"From [a] disinformation perspective on who is behind this, it's execution gone wrong, mostly because when the attacks initially started, they seem to have targeted only the Belarus service of RFE's live coverage of the local opposition to building yet another Chernobyl," said Dancho Danchev, a Bulgarian researcher, in an e-mail reply to several questions. "[Only] later on did it started attacking seven other RFE sites.

"What if it was the other way around? Attack all of RFE's sites, and make it look like the primary target in this attack isn't targeted on purposely, but 'in between,'" he added.

Politically-motivated attacks such as the one against RFE are not new. A year ago, a series of DDoS attacks struck numerous sites in Estonia, a Baltic country that was once part of the USSR. Sites belonging to Estonia's prime minister and banks were among those brought down by the attacks. Although some observers initially suspected the Russian government, some security researchers later disputed that, saying the attacks were not coordinated enough to have come from one group.

Last month, CNN.com was attacked by a large-scale DDoS attack, possibly by Chinese "hacktivists" angered by the news organization's coverage of protests in Tibet.

Copyright © 2008 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon