As we often do when this sort of thing happens, we dig into the news. Sure enough, there’s some regional tension between Belarus and Russia. In the article Belarus turns to EU as Russian ties deteriorate from the Associated Press, there’s a bit of background offered:
Russia sees courting of the West by former Soviet satellites as a threat to its influence in the region. Observers say Lukashenko has played on that feeling in the intensifying quarrel between the two countries.
The dispute escalated recently when Russia withheld the last quarter of a $2 billion loan to Belarus. Lukashenko accused Russia of punishing Belarus for refusing to recognize the independence of rebel-held regions of Georgia.
This isn’t abrupt but has been brewing for a few months. We saw this site under attack in April, 2008, with the botnet hosted at ‘httpdoc.info’ using a Machbot-like botnet that we’ve seen before. This was very much like the botnet behind the July, 2008, Georgian president attacks. The command this time looks like:
DDOS 1 78000000 www.charter97.org 20
DDOS 0 78000000 www.charter97.org /ru/search/ 0 %3Fstext=%EB%F3%EA%E0%F8%E5%ED%EA%EE 80 30
At the time it was also DDoSing the Russian news site www.compromat.net (or www.compromat.ru). This site appears to be an alternative RU-language news site. The botnet’s now dead and has been for nearly a tear.
A few sites in the region are tracking the attack. Here’s some third-party information on the attack:
Leading Belarusian opposition media are attacking the second day. DDoS-attack started yesterday 11-56 Minsk time and is still ongoing. Technical Service at the time the resource was able to neutralize the attack and distributed by the evening of June 8, the site became available. However, the night attack, the algorithm was modified and the power increased.
Via The site continues to attack the Charter’97 (via Belnet).
We’re still digging for more information. This is especially interesting as it’s right before I head off to Talinn for the NATO CCDCOE workshop in Talinn next week.