NATO website hit hard by denial-of-service attack as Crimean tension rises

Graham Cluley

NATOThis weekend a number of websites belonging to NATO, including its main website at www.nato.int, struggled to remain online as online criminals launched a distributed denial-of-service (DDoS) attack.

A group of pro-Russian hackers called “Cyber Berkut” claimed responsibility for the attack, which came on the eve of a controversial referendum in Crimea which saw over 90% of voters choose to quit Ukraine for Russia.

DDoS attacks manage can bring down websites by flooding them with so much web traffic that they can no longer stand up, and legitimate visitors will find the site too clogged up with visitors to work. It’s the equivalent of 15,000 fat men trying to get through a revolving door at the same time.

Typically, DDoS attacks use compromised computers to flood a website with traffic, but it’s also known for the owners of computers to be willing participants in an attack, intentionally running tools like the Low Orbit Ion Cannon to help those behind the attack to achieve their goals.

NATO website, struggling to stay online

NATO spokesperson Oana Lungescu confirmed via Twitter that some NATO websites had suffered from a DDoS attack, and reassured internet users that the integrity of NATO data and systems was not affected.

The attack came after NATO’s secretary general published a statement on the website, claiming that the referendum would have “no legal effect or political legitimacy.”

NATO statement on Ukraine referendum

Of course, clogging up a website is very different from hacking a website – and although still malicious, it’s a lot less serious than a security breach that could have stolen information or planted malware.

Although DDoS attacks can be initiated for the purposes of blackmailing companies (imagine, for instance, the not uncommon scenario of a gambling website being threatened with a DDoS attack if it doesn’t wire money to the attackers), this incident is another reminder that attacks can often also be perpetrated for political hacktivist reasons or through the desire to curb freedom of speech.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

3 Replies to “NATO website hit hard by denial-of-service attack as Crimean tension rises”

  1. There is a small typo in the 5th paragraph. "… the integrity of NATO data and systems was affected." "not" is missing.

  2. On the subject of typos, there is a word that sort of breaks the flow of the sentence it is in:

    "DDoS attacks manage can bring down websites by flooding them with so much web traffic that they can no longer stand up, and legitimate visitors will find the site too clogged up with visitors to work. It’s the equivalent of 15,000 fat men trying to get through a revolving door at the same time."

    Referring of course to the word 'manage'. That's the real point of my response, even though it is hardly important. I am however a stickler and can be very nitpicky. Also, since it has been a while since I've written anything even semi technical, anywhere, I'll go along with it and submit this:

    Otherwise (and I Graham knows this as do some other readers but maybe some don't) – a DDoS attack (or a DoS attack for that matter) does not have to involve web traffic at all in order to make it next to (if not completely) impossible to reach the victim. It of course does not have to involve TCP at all. To the uninformed: there are unfortunately many gateways (networking pun very much intended) to attacks of all kinds and this includes denial of service attacks; such attacks need only disable a service and that includes by crashing the server, the service running on the server or simply overwhelming it with traffic so that no legitimate traffic can reach it. To be strictly technical there are other ways too but the point is the same: it is named very appropriately but there are many methods and more complexities involved, just like everything else in this universe. Semi related: DoS attacks have also been employed in other kinds of attacks that allow a person to compromise a server.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.