The Invisible (Digital) War

Wherever theres a political crisis, from Gaza to

Ukraine, cyberattacks targeting the flow of information
soon follow. A few brave computer programmers are
fighting back.

Object 1

BY DAVID KENNER-JULY 9, 2015

Every day, an invisible war is waged across the planet. Hundreds

of gigabits of data bombard servers every second in nonstop digital warfare targeting
the free flow of information.

These digital disruptions are known as Distributed Denial of Service (DDoS) attacks.
The flood of incoming traffic aims to exceed the total bandwidth of connections that a
server can handle, thus bringing it down and denying visitors access to any
information it holds. An enterprising attacker can infect millions of machines, creating a
botnet to launch these attacks marshaling the resources of computers across the
globe and making the origin of his assault almost impossible to trace. There are
thousands of DDoS attacks worldwide every day, accounting for roughly one-third of
web server downtime.
Outbreaks of DDoS attacks mirror political turmoil in the real world. The Digital Attack
Map, a project designed by Google Ideas and the network security firm Arbor
Networks, tracks the assaults: DDoS attacks in Ukraine and Russia spiked from
almost nothing to as large as 60 gigabits per second during the Ukrainian antigovernment protests and Moscows subsequent annexation of Crimea in 2013 and
2014. Attacks similarly surged in Israel during last summers war in Gaza, with
assaults emanating from everywhere from Iran to the United States. Even law-abiding
Sweden was hit with a large 80 gigabit per second attack on Dec. 15, 2013, after a
group of neo-Nazis attacked an anti-racism rally in the capital of Stockholm.
The attacks are an easy and cheap way to silence ones political opponents during a
moment of crisis such as during the Ukrainian protests, when newspapers in both
Kiev and Moscow came under attack. DDoS attacks succeeded in taking down
NATOs website in March 2014, while pro-Ukraine hackers targeted the state-funded
Russia Today in the run-up to the invasion of Crimea, replacing instances of the word
Russian with Nazi.
Someone just wanted to make us shut up, said Sergey Smitienko, the system
architect for the online newspaper Ukrainian Truth, which was one of the first sites to
rally Ukrainians to the streets in November 2013 against the pro-Russian government.
Smitienko and his colleagues had turned to the Internet because, he said, television
and print media had always been strictly controlled by the countrys oligarchs, who
squashed any reporting that conflicted with their political agendas. But from the
second day of the protests, Ukrainian Truths enemies moved to cut off that mode of
expression as well: The site was hit by escalating DDoS attacks that forced one of its
two Internet service providers to shut down their server, forcing the site to limp along
with slow service and broken links.
The DDoS attacks, which can cost as little as $150 to launch for an entire week, can
impose a crippling financial burden on their victims.
Smitienko conferred with two commercial services to help his site combat the assault.
But when they saw the power of these attacks, they said that the bill for this service
would be so high, we couldnt pay it anyway, he said.
The commercial firms wanted between $3,000 and $4,000 to combat each gigabit of
data assaulting the newspaper, Smitienko said. The site, however, was being hit by
about 80 gigabits of data each month meaning that its bill would run to somewhere

in the realm of a quarter of a million dollars each month. Some attackers see a
financial opportunity in this conundrum: Arbor Networks estimates that roughly onefifth of DDoS attacks are conducted with the aim of extracting a ransom from the
websites owner, in which they pay hundreds or thousands of dollars to stop the attack.
A month before Ukrainian Truth came under attack, the New York-based think tank
Google Ideas launched a program to resolve precisely the problem they faced. Project
Shield uses Googles infrastructure which has been bolstered greatly to keep
services like YouTube and Gmail online to protect news and human rights-focused
websites from DDoS attacks. Google allows the websites under its protection to route
their traffic through its servers, which are built to withstand even the most massive of
attacks, dramatically reducing the load on their partners web infrastructure.
Ukrainian Truth joined Project Shield in December 2013, and while the DDoS attacks
continued for the duration of the anti-government unrest in Ukraine, they never again
succeeded in slowing the site.
That was a proud moment for us, said Google Ideas associate CJ Adams, who
oversees the program, of the Ukraine crisis. We protected sites that were top 20
newspapers in the world at the time.
Adams said that Project Shield kept sites on both sides of the political divide online in
Ukraine and Russia during the crisis, protecting over 500 million legitimate page views
from targeted sites.
Hundreds of sites currently fall under Project Shields protection, Adams said, and he
hopes to expand that number into the thousands by years end. He said that the
initiative, which is currently accepting applications for new sites, protects any
organization that is focused on news, human rights, or election monitoring, regardless
of their political views.
There was a risk [during the Ukraine crisis] that the person with the biggest botnet,
the person with the biggest attack, would win, Adams said. The truth is that anyone
can pay for someone elses silence and when it comes to something like a human
rights group or a news organization, that shouldnt be the case.
Project Shield offers its services for free to sites that fall under its content criteria; there
are no plans to turn this into a paid service. Since it launched, Cloudflares Project
Galileo and eQualit.ies Deflect have also sprung up to offer free protection from DDoS
attacks.
While this kind of digital warfare regularly spikes during moments of political crisis,
some sites are targeted as part of a long-term effort to silence dissenting voices.
Tavaana, for instance, is an e-learning institute that provides online classes to Iranian
activists, teaching them about democratic transitions, womens and labor rights, digital
safety, and NGO management. The program was launched in May 2010, in the
aftermath of the protests known as the Green Movement, and began suffering from
DDoS attacks soon after its launch.

Tavaana co-founder Mariam Memarsadeghi blames the Iranian government for

orchestrating the attacks, saying that at their peak they succeeded in taking the site
down for as much as half a day. Its not like we can trace them back to Khameneis
house or something like that, but of course they are by the regime, she said. Its the
regime that doesnt want us to exist.
The attacks, Memarsadeghi said, originated from inside Iran but also in countries such
as Dubai and China. They first occurred once a month, then escalated to once a week,
before finally spiking to several times a day. They started to get very serious about us
when we started to have real traction on the ground, she said, citing the
organizations popular Facebook page, which is liked by over 400,000 users and plays
host to an active daily conversation on Iranian politics and culture.
Tavaana joined Project Shield more than a year ago; after signing up, Memarsadeghi
said, it never had another problem with DDoS attacks. For her, the protection went far
beyond the obvious benefits of keeping the site online.
It was just a huge amount of moral solidarity for us; it really gave us a boost, she
said. It was great to be able to say to our users and the Iranian public at large that
we are protected by Google and we had to get protection from Google because the
Iranian government didnt want us to exist.
But even as Google Ideas and other initiatives move to combat DDoS attacks, their
enemies are also adapting. Memarsadeghi said that anonymous troublemakers had
begun showing up in Tavaanas e-classrooms, with the goal of undermining the
lessons. Google Ideas CJ Adams, meanwhile, explained how Project Shield thwarted
the attackers of a major Ukrainian newspaper from bringing down the site so their
adversary created a website that was identical to the newspaper and published fake
news there, in an attempt to destroy the credibility of their rival.
Its always a cat and mouse game, Adams said. And the war, as they say, continues.
Photo credit: Google Ideas

Posted by Thavam