300 Lithuanian sites hacked by Russian hackers

300 Lithuanian sites hacked by Russian hackers

Summary: A recently accepted legislation in Lithuania banning communist symbols across Lithuania, has prompted Pro-Russian hackers to start defacing Lithuanian sites, an indication of the upcoming attack was detected last week with active discussions around Russian forums greatly reminding us of the Russia vs Estonia cyberattack sparkled due to the removal of a Red Army memorial from the capital Tallinn.

SHARE:
TOPICS: Security
5

A recently accepted legislation in Lithuania banning communist symbols across Lithuania, has prompted Pro-RussianSoviet Symbol hackers to start defacing Lithuanian sites, an indication of the upcoming attack was detected last week with active discussions around Russian forums greatly reminding us of the Russia vs Estonia cyberattack sparkled due to the removal of a Red Army memorial from the capital Tallinn. More info :

"Unidentified hackers broke into several hundred Lithuanian Web sites over the weekend, plastering them with communist symbols, government officials said Monday. The hackers posted Soviet symbols -- the hammer and sickle, as well as the five-pointed star -- and scathing messages with profanities on Web sites based in the ex-Soviet nation, officials said.

"More than 300 private and official sites were attacked from so-called proxy servers located in territories east of Lithuania," said Sigitas Jurkevicius, a computer specialist at Lithuania's communications authority. The hackers hit Web sites from both the government and private sector, including the Baltic state's securities commission and ruling Social Democratic Party. Others included a car dealership and a grocery chain."

Was this a warning sign for an upcoming DDoS attack, and would other Baltic countries also start getting attacked according to their ongoing discussion online?

Let's start from where the campaign started - across web forums. A week ago, the Estonian television ETV24 reported that they've started coming across multiple appeals from novice hackers to launch a large scale DDoS attack against Latvian, Ukranian, Lithuanian and Estonian sites. According to Lithuanian researchers, the hackers used compromised hosts in France and Sweden in order to execute the defacements, and even more interesting is the fact that pretty much all of 300 defaced web sites were hosted on the same ISP, Hostex, previously known as Microlink, indicating that a mass web site defecement took place.

In times when launching a DDoS attack doesn't require having access to botnet, since the attack can be outsourced and requested as a service, someone can literally engineer cyber warfare tensions by abusing the momentum and making it look like the way he wants it to look like. So far, the volume of discussion and collaboration in this attack isn't indicating upcoming DDoS attacks, in the sense of distributing tools and lists of vulnerable sites, sites to be attacked, and compromised hosts to execute the attacks from, as we've seen it happen in Estonia's incident. It surely proves that they are motivated enough to go further.

Topic: Security

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

5 comments
Log in or register to join the discussion
  • Suggestion

    The Lithuanian government should force their telcos to block all IP blocks that are allocated to Russia.

    If there is such animosity, blocking the Russian chunk of the internet would be a good start.

    Then at the very least, the hackers would have to use western computers if they want to continue hacking, and in the event they get caught (however slim) at least it would be easier to prosecute them than if they had used Russian networks and computers.
    croberts
    • Re: Suggestion

      In reality, blocking all IP blocks from Russian wouldn't make an impact, since it's malware infected western computers they use for pretty much everything in general.

      If they want to, they can even geolocate the malware infected hosts and have a botnet with Lithuanian infected hosts only. Now, should Lithuania block all IP traffic to its ISPs to prevent an attack?
      ddanchev
  • RE: 300 Lithuanian sites hacked by Russian hackers

    I think all hackers should be lined up and shot. End of problem.
    timspublic1@...
    • RE: 300 Lithuanian sites hacked by Russian hackers

      There's a difference between a hacker, a lamer, a cybercriminal, and a script kiddie. I think it was cybercriminals you were referring to.
      ddanchev
  • RE: 300 Lithuanian sites hacked by Russian hackers

    I fuck all russian hackers ... xa xa xa
    ----------------------------------------
    www.hunter.lt (moskal hacker killer)
    hunteris