Could cyberattack on Turkey be a Russian retaliation?

http://www.telegraph.co.uk/technology/internet-security/12057478/Could-cyberattack-on-Turkey-be-a-Russian-retaliation.html
At least 400,000 websites, including government institutions, were brought down by hackers this week

Could the cyberattack on Turkey be a political response? Unlikely, say cybersecurity experts Photo: 2015 Anadolu Agency
By Madhumita Murgia, 18 Dec 2015

At least 400,000 websites in Turkey are under cyberattack, with unsubstantiated suspicions that the hackers are of Russian origin.
The attack, known as a Distributed Denial of Service (DDoS) attack, reportedly started on Monday morning, and still continues to cripple systems.

The targets were all websites with the country's official domain name suffix: the two-letter country code .tr, which is used by hundreds of thousands of websites, including government institutions, universities and schools, the military and thousands of national businesses.
According to the Daily Dot, Turkey’s National Response Centre for Cyber Events closed down all incoming traffic to the five servers that act as the Yellow Pages for Turkish websites - meaning any website ending in .tr could not be accessed from outside Turkey, and any emails sent bounced back.

A DDoS is a common and simple way to attack a website, although it is cannot actually be used to steal data.
To launch a DDoS, a network of malicious computers launches an assault on a website or group of sites, overloading it with information and forcing it to buckle and go offline.
DDoS attacks are commonly measured in gigabits per second (the amount of traffic sent to a site), which in this case was 40 Gbps - enough to completely shut down most network infrastructures.






Although there is no evidence regarding who the cybercriminals are, or what their ultimate goal is, speculations regarding their Russian origin is rife.

There have been escalating tensions between the two countries after a Russian warplane was shot down by Turkish fighter jets on November 24. Vladimir Putin, the Russian president, described the incident as a "stab in the back" and since then, the war of words between Moscow and Ankara has become worse with continued heated exchanges.

Some have also speculated that this could be a retaliation to the Turkish government's alleged DDoS attack on Russia's Sputnik news in Turkey.





But was this attack particularly sophisticated or severe, as would be expected of a well-resourced state-backed organisation?

"This is a very simple attack, with no special techniques. In terms of the size of the attack, this is only about 10 per cent as big as the worst examples just this quarter," said government cybersecurity expert Dave Palmer, who secured networks for British intelligence at GCHQ and MI5, before founding his own cybersecurity company, Darktrace.

"It could just as easily be a teenager in a bedroom with some bitcoin who has rented a botnet to do the attack, as it could be someone more sophisticated."

According to Palmer, there is no technical evidence yet that this is retribution from a government actor.





"It is possible that this is a case of a patriotic individual or organisation trying to do what they perceive as best for their nation."
State-sponsored cybercrime expert Arturri Lehtiö


Cyber-researcher Arturri Lehtiö from Finnish firm F-Secure has spent two years focused on the tools and tactics of suspected state-sponsored hackers, in particular a cyber-espionage group called the Dukes who is suspected to be working for the Russian Federation.

Lehtiö admits that there have been Russian-related DDoS campaigns on other countries in the past, such as the one which focused on Estonia in 2007. This led to the websites of Estonian parliament, banks, and media crashing, on the back of disagreements between Estonia and Russia.

"In the Estonia case, it was suspected that they were patriotic individuals from Russia behind the attack. But it was never been proven to be actually directed or coordinated by the Russian government," he said.

"Based on the information I’m aware of, nothing makes me believe it has to be the Russian government, although it is of course possible that this is a case of a patriotic individual or organisation trying to do what they perceive as best for their nation."

This week, F-Secure said that independent pro-Moscow hacking collective CyberBerkut was launching DDoS attacks to bring down Ukrainian military and government networks, and had previously hacked the German government, which CyberBerkut accused of aiding Ukraine in the Crimea crisis last January.

The Turkish government could not be reached for comment.