full-disclosure-uk August 2008 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: [Full-disclosure] [funsec] Estonia similarit

[Full-disclosure] [funsec] Estonia similarities begin to manifest (fwd)

From: Gadi Evron <ge_at_nospam>
Date: Wed Aug 13 2008 - 20:10:32 GMT
To: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk


It seems like the online Russian population is getting mobilized. Like a meme spreading on the blogosphere, the mob is forming and starting to
"riot", attacking Georgia.

This seems very similar to the Estonian incident, only my current guess is natural evolution rather than grass-roots implanted--but I am getting more and more convinced of the similarities as more information becomes available. Determining exactly when the use of scripts by regular users started, is key to this determination.

So, this may possibly be in copy-cat fashion, filling in for the missing coordination that existed in Estonia's case, or a duplicate after all. It is still too early to come to conclusions.

This information was recieved from Shadowserver, which posted a reduced public report on this subject on their wiki: http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20080813

Great work from Shadowserver!

My Colleague Randy Vaughn, came up with the following theory, which is contradictory to my own:
"I would say more like the result of past training. That is, the
.ee attacks served to set a behavioral response that will automatically trigger during any real or perceived conflict."

          Gadi.



Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/