On the 50th day of continuous DDoS attacks on the servers of website of Kavkaz Center, KGB/FSB has de facto acknowledged that it was behind the cyber-terrorist attack.
The fact is that on Wednesday, July 25, Rostelecom has blocked access from the territory of Russia to the entire subnet KC provider Vistnet (www.vistnet.com). Multiple IP addresses used by the Kavkaz Center are in this subnet.
Vistnet is one of the largest providers in Europe, working in the field of anti-DOS service, and its services are used by many clients in Russia, mainly business companies, and Western business representation offices in Russia.
Thus, despite the fact that the main purpose of the blocking of Vistnet's subnet is Kavkaz Center, the first victims of the FSB were Russian and foreign clients of Rostelecom, who are now denied access to the Internet.
The total number of IP addresses included in a "black list" of Rostelecom is about 200 IPs.
There is no doubt that an order to block the subnet was launched by the KGB after nearly two-month effort of FSB to DDoS of KC has failed.
Rostelecom took this unprecedented step despite the danger of its defamation and loss of reputation. Negative publicity of Rostelecom will certainly force many serious customers to review their relationship with the company, which, as it turned out is to be under the complete control of the FSB.
It is to be recalled that a massive DDoS attack on KC was began on June 6, 2012. For some time, Kavkaz Center was effectively blocked and was not available in the network. Only about 30% of the readers of KC had access to the site.
After KC obtained service of Vistnet, access to the site has been completely restored. But this has only angered the KGB.
On the night of Saturday, July 14, the SYN flood attack rate rose to 8.5 million packets per second.
At the same time the KC mirror server was subjected to a DDoS attack with 2 million packets
In the afternoon, the level of attacks increased drastically. The network storming of KC has increased to 18 million requests per second. This level was maintained for about 30 minutes.
Once it became clear that the provider easily filters the traffic, there was a sharp increase, and the criminals hit the KC server by a SYN flood attack of 45.69 million requests per second. At the same time, they continued to attack the mirror of the Kavkaz Center at 2 million packets per second.
Thus, the total level of the simultaneous DDoS attacks on the servers of the KC reached 47.69 million packets per second. The rate rose to 25 gigabits per second.
These are huge numbers.
It is to be mentioned in this context that we found no attack of such level in the DDoS history since the discovery of the Internet IP4 vulnerability. This is certainly the first such precedent in the history of modern cyber warfare.
The tactics used, as it is now clear, by the KGB was interesting enough.
They apply the tactics of "collapse", i.e. they attacked suddenly, drastically and powerfully, with all available forces to disrupt the provider itself and its network infrastructure. First, 18 million pps for half an hour and then a sudden change to up to 45.69 million pps. The unprecedented wave of the SYN flood lasted for 25 minutes.
Within days, the level of attack ranged from 1.5 million to 37 million packets.
After a while, realizing that they cannot block the server of KC, the FSB has begun to attack the Vistnet's network itself, trying to destabilize it and damage other clients of the company.
Perhaps, by doing so the KGB hoped that the provider, blocked by the DDoS attack, would refuses to host the Kavkaz Center.
It is to be mentioned in this context that the attack is still ongoing.
No less curious is the fact that world media outlets, including the Caucasian and the Russian ones, completely ignore the cyber battle between the KGB and the Kavkaz Center. But actually, what is happening now will soon affect many of them, both in the West and in Russia.
The first victims of this war have become clients of Rostelecom. And this is just the beginning.
Department of Monitoring