A well-known Finnish human rights activist, Chairman of the Finnish human rights organization Finnish-Russian Civic Forum, Kerkko Paananen, reported in an article entitled "Russian Botnet Targets Free Speech about the Russian cyber-terrorism on the example of the Kavkaz Center.
The article was distributed in the media in Finland and other countries as a press release. The journalist writes:
"The website of the "independent Islamic news agency", Kavkaz Center, has been the target of one of the most powerful DDoS attacks in history for nearly two months now.
The attack began on 6 June 2012, on the same day that the Russian ambassador to the UN, Vitaly Churkin, raised Moscow's issue with Kavkaz Center at the UN Security Council, claiming that the website was banned under a Security Council resolution that designated the armed resistance movement in Russia's North Caucasus region as a terrorist organization.
The publisher of Kavkaz Center is a Swedish-registered association, Pro Caucasus. The website's main servers are located in Sweden. Its hosting provider is Sweden's PeRiQuito (PRQ), which is owned by Gottfrid Svartholm and Fredrik Neij, two founders of The Pirate Bay.
For some time, the DDoS attack effectively blocked access to Kavkaz Center's main site and mirror sites; only around 30% of its readers had access to the website.
Kavkaz Center then contracted the DDoS protection solutions provider, Vistnet, which managed to restore full access to the site.
Following this, the attack against the website intensified: On 14 July 2012, the SYN flood attack against Kavkaz Center's main server rose to 8.5 million packets per second (pps); the website's mirror server in Finland, which hosts the site's images and the KavkazChat discussion forum, was subjected to a DDoS attack of 2 million pps. Later on that same day, however, the level of the attacks increased drastically. The intensity of the attack rose to 18 million pps and stayed there for about 30 minutes.
However, once it became clear that Vistnet was able to filter the hostile traffic, there was yet another sharp increase: The SYN flood against the website's main server suddenly jumped to 45.69 million pps.
At the same time, the attackers continued to hit Kavkaz Center's mirror site at 2 million pps. Thus, the total level of the simultaneous DDoS attacks on Kavkaz Center's servers reached 47.69 million pps.
The data rate rose to 25 gigabits per second. Over the next days, the level of attack ranged from 1.5 million to 37 million pps.
To provide access to its content, Kavkaz Center opened its own pages on Google's Blogger blogging platform and Google+ social network as well as created a proxy site using the Tor network. Those resources have stayed up throughout the ongoing attack (the Tor proxy server Onion.to that secured access to the Tor-server of the customers, was subjected to a powerful DDoS attack and was switched off 2 days ago - KC).
On 25 July 2012, Russia's state-owned telecommunications provider, Rostelecom, blocked access in Russia to Vistnet's entire subnet, in an apparent attempt to block access to Kavkaz Center, which uses several IP addresses within the subnet.
The total number of IP addresses included on Rostelecom's "black list" is about 200. Vistnet is one of the largest providers of DDoS protection solutions in Europe, and its services are used by many clients in Russia, mostly businesses and representative offices of foreign companies.
Apparently, the attackers chose to target Vistnet's network itself, trying to destabilise it and damage its reputation with other clients. The aim seems be to force Vistnet -- and PRQ -- into refusing to host Kavkaz Center. Both companies continue to host the website, however (at present, the KC suspended cooperation with Vistnet for organizational reasons - KC).
Kavkaz Center regards the DDoS attack as unprecedented in its ferocity. The website has riled at Russian and international media for failing to pay attention to the continued attack.
"We found no attack of such level in the history of DDoS attacks since the discovery of the internet IP4 vulnerability", Kavkaz Center wrote.
The website said the attack followed a tactic of "collapse," i.e., the attack has been sudden, drastic, and powerful -- clearly intended to disrupt the hosting provider itself and its infrastructure.
The attack comes at the same time as the Russian authorities have stepped up internet censorship within the country. Several websites that are critical of Russia's current government, including independent media outlets, have been the target of DDoS attacks at various moments.
Kavkaz Center blames the attack on the Russian authorities, and there is certainly plenty of indication that this is indeed the case.
Moscow has hounded Kavkaz Center for years. Says Finnish entrepreneur and free speech activist Mikael Storsjo, whose company provides hosting services to the website:
"The history of Kavkaz Center is a textbook case of all the repressive measures used to deny one's political opponents their right to express their opinion".
The campaign against Kavkaz Center has involved domain theft (the domain kavkaz.org was stolen by the FSB in 2002 with the help of the American company Network Solutions - KC), denial of service attacks, IP blocking and DNS hijacking, political pressure (in 2004 , Moscow threatened Lithuania with a bomb attack, after which the then Prime Minister of Lithuania Algirdas Brazauskas ordered the local political police VSD to close the website - KC), and threats against journalists and publishers.
In September 2011, a court in Moscow declared Kavkaz Center to be "extremist" and thus banned under Russia's draconian legislation.
Following the court ruling, Russia's General Prosecutor's Office directed the Federal Security Service (FSB) and the Ministry of Interior to take "concrete measures to close down the website."
Most ISPs in Russia have blocked access to the website for a long time. A source at the General Prosecutor's Office said "the problem required an international solution," and Moscow therefore intended to contact the authorities in Sweden and Finland, where Kavkaz Center's servers were located.
Russian authorities have made several attempts to pressure Sweden and Finland into closing down the website, both through official requests and overt political pressure.
Seen as those attempts have proven futile, Moscow's "international solution" to the problem seems to have now taken another form.
A more controversial statement that Kavkaz Center has recently made is that Russia's leading computer security company, Kaspersky Lab, would have helped the Russian authorities in organising the massive attack on Kavkaz Center.
The website referred to reports that Kaspersky Lab was acting in close cooperation with the cyber crime department of Russia's Ministry of Interior and the Federal Security Service (FSB) in particular. Noting that Kaspersky Lab's antivirus software has 300 million users, Kavkaz Center calls the company's customer base the "largest botnet in the world."
Kavkaz Center claimed Moscow was testing the botnet for future use. If true, Kaspersky Lab's involvement would seriously compromise its business reputation.
The company's founder and owner, Eugene Kaspersky, said all major internet security companies worked with intelligence services.
The sheer size of the attack on Kavkaz Center is certainly baffling. It is difficult to see why Moscow would need to harness such massive resources to block a website that it knows it cannot shut down because the site's servers and editorial staff are located outside Russia. Rather, the attackers may be testing their capabilities for any future eventuality; Kavkaz Center may have been chosen as the "guinea pig," given that, as a supporter of a radical Islamist movement, the website elicits little sympathy.
However, one should take note that the attack against Kavkaz Center is an attack on the freedom of speech of both the website's Swedish publisher and its readers worldwide. Moreover, the attack has interfered with Kavkaz Center's internet service providers in Sweden, Finland, and elsewhere.
"Information about what is happening in North Caucasus is very scarce," says Mikael Storsjo. "A news blackout hides egregious human rights violations that occur daily. Kavkaz Center tries to break the information blockade, and this is why the website is such a problem for the Russian authorities," Mr Storsjo explains.
He stresses that Kavkaz Center does not violate Swedish law. This is something that Sweden's Chancellor of Justice has pointed out repeatedly to the Russian ambassador, who has demanded that the Swedish authorities close down the website.
"The extremist label is widely misused to criminalise free speech and human rights activism in Russia. What is new is that Moscow is now trying to impose its warped views on free speech outside Russia as well," Mr Storsjo notes.
Department of Monitoring
Kavkaz Center
Our button
print version
