A recently accepted legislation in Lithuania banning communist symbols across Lithuania, has prompted Pro-Russian hackers to start defacing Lithuanian sites, an indication of the upcoming attack was detected last week with active discussions around Russian forums greatly reminding us of the Russia vs Estonia cyberattack sparkled due to the removal of a Red Army memorial from the capital Tallinn.
hackers to start defacing Lithuanian sites, an indication of the upcoming attack was detected last week with active discussions around Russian forums greatly reminding us of the Russia vs Estonia cyberattack sparkled due to the removal of a Red Army memorial from the capital Tallinn. More info :
"Unidentified hackers broke into several hundred Lithuanian Web sites over the weekend, plastering them with communist symbols, government officials said Monday. The hackers posted Soviet symbols -- the hammer and sickle, as well as the five-pointed star -- and scathing messages with profanities on Web sites based in the ex-Soviet nation, officials said.
"More than 300 private and official sites were attacked from so-called proxy servers located in territories east of Lithuania," said Sigitas Jurkevicius, a computer specialist at Lithuania's communications authority. The hackers hit Web sites from both the government and private sector, including the Baltic state's securities commission and ruling Social Democratic Party. Others included a car dealership and a grocery chain."
Was this a warning sign for an upcoming DDoS attack, and would other Baltic countries also start getting attacked according to their ongoing discussion online?
Let's start from where the campaign started - across web forums. A week ago, the Estonian television ETV24 reported that they've started coming across multiple appeals from novice hackers to launch a large scale DDoS attack against Latvian, Ukranian, Lithuanian and Estonian sites. According to Lithuanian researchers, the hackers used compromised hosts in France and Sweden in order to execute the defacements, and even more interesting is the fact that pretty much all of 300 defaced web sites were hosted on the same ISP, Hostex, previously known as Microlink, indicating that a mass web site defecement took place.
In times when launching a DDoS attack doesn't require having access to botnet, since the attack can be outsourced and requested as a service, someone can literally engineer cyber warfare tensions by abusing the momentum and making it look like the way he wants it to look like. So far, the volume of discussion and collaboration in this attack isn't indicating upcoming DDoS attacks, in the sense of distributing tools and lists of vulnerable sites, sites to be attacked, and compromised hosts to execute the attacks from, as we've seen it happen in Estonia's incident. It surely proves that they are motivated enough to go further.