Talk politics.

Hello, you legions of Putin minions bewildered LJ-users! Just like last time (March/April), here's a brief scan through the Russian media's coverage of this week's massive LJ downtime. The English-speaking media have been rather sparing in their reports on the matter, but because LJ, unlike elsewhere (where it's being mostly a place for sharing personal stuff and fanfic), is pretty huge and taken very, very seriously among the Russian political blogosphere (featuring the main blogs of various prominent Russian politicians, dissidents and journalists), most of the detailed info is bound to come from there. So, without further ado, here's my rough translation of some of the sources.


First, an English one.
LiveJournal hacked again
http://www.panarmenian.net/eng/news/75049/

...The reason of technical downtime in the LiveJournal blog hosting operations was new DDoS-attack, [SUP] reports.

...DDoS Mitigation Protocol was set and launched, by results of which we saw that incoming traffic amounted to 6 Gb with 8 Gb peaks, which is, obviously, the upper limit for Qwest and Verizon.


DDoS attack against LJ
http://www.gazeta.ru/business/2011/07/27/3713109.shtml

...The new DDoS attack lasted for more than 3 days. The current attack broke through the defences of the internet host, which were reinforced after the last hacker attack in spring. This time the hackers changed the tactic.

...This attack was of such magnitude that it didn't even reach the LJ servers, instead the Qwest and Verizon providers were overwhelmed and the whole data-center was cut away from the world, not just LJ.

...SupMedia promises that all owners of paid accounts will have the duration of their paid subscriptions extended in accordance with the duration of the downtime.

...This is the third such attack this year, the March and April attacks lasted for about a day, and aimed at the top LJ bloggers teh_nomad, ibigdan, drugoi )the photographer Rustem Adagamov), navalny (the politician Alexey Navalny) and zyalt (the photographer Ilya Varlamov). It has been found that Navalny's blog was the initial target of the attacks.

...Estimations point at an average price of $15 thousand for organizing such an attack. Last time LJ lost #45-50 thousand due to missed advert income, not counting the expenses for buying new protection hardware.

...The DDoS attack on LJ is subject to investigation of the police department of Moscow, but a further separate investigation on part of the US police is not to be ruled out, as LJ is subject to the US legislation.

...The General Director of InfoWatch, Natalya Kasperskaya believes the LJ problems are to be blamed on both the managers of the hosting companies and the owners of the resource "who do not understand what's going on inside the structure" and the magnitude of the overwhelming traffic. Those problems were not addressed after the previous attacks, which led to the current situation. In April, SupMedia increased the traffic capabilities of the channels, but now the attackers have changed the tactic and are attacking the connections of the provider.


This time the target are not popular bloggers but the IP services
http://www.nr2.ru/moskow/341146.html

...Although after the initial attack on July 25 the LJ services were restored, for many users the website still doesn't work properly. However, the attack didn't lead to damages to the system or losses of data, SUP assures the users.

...This time the DDoS attack is not directed at separate bloggers but LJ as a whole (the IP services).

...After the previous attacks the conclusion was that the purpose was manipulation of the public and ultimately dispersing the LJ users to various other blog domains, which would be "stand-alone" blogs and thus, easier to attack and bring down [the "Divide and conquer" principle].

...The dissident Alexey Navalny [who was the main target of the first attack] has no doubts that Kremlin's long hand stood behind those attacks, which made LJ hostage of the Russian internal political fights.

...Journalist and blogger Oleg Kozyrev called the attack "a terror act, comparable to acts aiming to deprive Russia of television and radio".

...The bloggers say that LJ's immense popularity is giving the rulers many sleepless nights: it's a platform for free speech, and is often a source of rebelious ideas. Besides, some of the Russian LJ accounts enjoy a much greater amount of popularity and visits than most mainstream Russian media, which are often subject of political censorship.


SUP: the attacks are directed at LJ as a whole, not separate blogs
http://www.rosbalt.ru/main/2011/07/27/873316.html

LJ is under the jurisdiction of the US law, as its servers are located in the US. LJ is owned by the US company LiveJournal Inc, which also owns the Russian company SUP. There are more than 4 million accounts registered, and LJ is being visited by more than 20 million people on a monthly basis.


Medvedev had discussed the previous DDoS attacks on LJ with RuNet representatives
http://www.rosbalt.ru/main/2011/04/29/844655.html

...The Russian president Medvedev talked with representatives of the internet society RuNet about the recent DDoS attacks on LJ (in April). He inquired about the efficiency in the work of the "K" Department, which is responsible for internet supervision.

..."The government doesn't need these DDoS attacks", Medvedev was cited by adagamov (an LJ user). [Medvedev's own LJ account was hacked as well; yes - the Russian president has an LJ account too, only it's probably being maintained by some secretary in the Kremlin or something).

...Another LJ blogger, ottenki_serogo (who was present at the meeting as a photographer) confirms that the DDoS attacks are considered to be a very important issue by Medvedev.

...Medvedev reports on his LJ account blog_medvedev that he had received many complaints about the DDoS attacks, and he intends to refer the matter to the competent police authorities.


The LJ administration has admitted that the reason for the downtime this month is a series of DDoS attacks
http://hitech.newsru.com/article/27jul2011/ljddosed

...Initially BBC reported that SUP had blamed an error in the functioning of the services for the downtime, but now it's clear that it was a massive and well planned and perfectly executed hacker attack.

...According to the Kaspersky Labs, the attacking zombie-set consists of tens of thousands of computers, infected with a Trojan bot program (Darkness/Optima), which is currently very popular on the black market of the Russian organized cyber-crime. Not only Trojan bots are being offered for sale there, but also entire infected machines based on those bots, and also services for organizing and carrying out DDoS attacks are being for sale in the internet.

...SUP has issued a formal complaint at the Prosecutor's Office. The Product Director at SUP, Ilya Dronov supposes that this time the target of the DDoS attack on LJ is the LiveJournal audience itself, which the attackers are hoping to lure out of LJ and disperse them into other social networks.


Currently LJ is working so-so, but still experiencing severe problems. As predicted last time, this is probably not the last DDoS attack on LJ. The problems started as soon as LJ was bought by Russian company SUP. There were speculations back then that Putin was trying to put a hand on the most prominent dissident arena on the internet. Russia has been known for bringing the art of cyber-warfare to ever newer heights in recent years (the attacks on Estonia and Georgia), so it's no surprise that the internet is becoming one of the many tools in this constant war for power. And meanwhile most of us uninvolved LJ-ers will remain caught hostages and made victims of the collateral damage that comes with it.