Written By: Jackie Kerr
Last week, the Russian language segment of the popular blogging platform LiveJournal experienced a massive distributed denial of service (DDoS) attack that brought down service for much of the week. This was the third such attack on the site this year, prompting vigorous discussion concerning the origins and goals of the attacks and their consequences for the Russian blogosphere. Many fear that the site’s instability could have negative repercussions during the upcoming legislative elections in December.
Various theories for the origin of the attacks have cast suspicion on corporate rivals (eager to steal LiveJournal customers), opponents of the Ukrainian opposition, advocates of a new draft law that outlaws DDoS attacks (looking to substantiate the perceived threat with evidence), and even SUP, LiveJournal’s parent company. Two prominent Russian IT entrepreneurs, Yevgeny Kaspersky and Alexei Exler, have even argued that LiveJournal’s problems were not caused by a DDoS attack at all but by technical failures. By far the most prominent theories discussed in the immediate aftermath of the blog platform’s week of outage suggest the problems are the fault of the government, the state security service, or one of the pro-Kremlin youth groups, and that the perpetrators aim to disable in some way the free discourse that has up until this time characterized Russia’s vibrant blogosphere. Considering the possible ramifications of such an effect in an election year, the Moscow Times has even referred to the latest attack as an act of “cyber war”.
Service problems were first reported on Monday, July 25, 2011. While some initial reports suggested that the problems were merely technical in nature, caused by shortcomings in the LiveJournal infrastructure or work being done on the site rather than attacks, eventually the company publicized data demonstrating that it had in fact been the target of a massive DDoS attack. The attack was so powerful in magnitude, LiveJournal’s head of development explained, that the Verizon and Qwest data centers where the LiveJournal servers are located had not been able to stand the load, causing the entire data center to go offline for 5 hours. Once DDoS mitigation protocols were able to be deployed, it became clear that the LiveJournal servers had been receiving an average of 6 gigabits of traffic (with peaks up to 8 gigabits) compared to their past peak of 2 gigabits. The attacks were directed from virus-infected computers predominantly in Latin America and servers located in North America. By July 29, the DDoS attack had ended, but LiveJournal service continued to be tenuous as administrators struggled to resolve problems created by the attack.
Previous cyberattacks on the LiveJournal site occurred on March 30, 2011 and April 4-6, 2011, also causing outages and serious degradation in service. The most recent attacks are different in extent and character, however. The earlier DDoS strikes targeted specific blogs, particularly several popular opposition blogs known for their criticism of the current regime. The LiveJournal blog of Alexey Navalny, a well known blogger famous for his investigative reporting on major corruption scandals, was widely reported to have been one of the chief targets. Last week’s attack, by contrast, was more expansive, striking at the servers for the entire Russian language LiveJournal service.
LiveJournal is the most popular blogging platform in Russia. It hosts some 5 million Russian language blogs, including those of a many of the most prominent Russian bloggers. The service is distinctive in that it combines features of traditional blogging platforms with those of social network sites such as Facebook. In their 2010 study of the Russian blogosphere, the Berkman Center demonstrated that, though the “blogosphere is highly divided according to platform, … [the] central Discussion Core that contains the majority of political and public affairs discourse … is comprised mainly … of blogs on the LiveJournal platform.”
Bloggers have played an increasingly important role in Russian opposition politics in recent years, organizing protest events, discussing stories not covered by mainstream press, and publicizing corruption scandals and human rights abuses. Offline protest events such as the Strategy 31 marches (organized for the 31st day of each month) and the Blue Bucket driver’s movement (in which protesters have drawn attention to the illegal and reckless use of police sirens by wealthy drivers) have made use of blogs and social media to coordinate real-world events. Bloggers often have aired stories that do not find their way to the light of day through other Russian media sources, including, for example, this month’s scandal-producing coverage of alleged involvement by local police and United Russia employees in apparent inter-ethnic fighting fighting in the village of Sagra, and Navalny’s ongoing crusade to reveal corruption amongst high government officials. The Sagra story became a prominent discussion topic after it was investigated by bloggers, and Navalny’s investigative work has exposed several high profile cases of corruption and abuse of power by prominent Russian officials, including an alleged embezzlement of over four billion dollars from Transneft, Russia’s state-run oil pipeline company.
There has been a great deal of speculation as to the source and purpose of the attacks on LiveJournal. Many in the blogging community have pointed fingers at the government or its affiliates, citing the state security service’s known displeasure with some Internet uses, or the pro-Kremlin youth group Nashi’s previous uses of DDoS attacks and past efforts to discredit opposition bloggers.
Different theories have also emerged concerning the attacks’ objectives. A number of observers have suggested that the goal of the attacks has been to shut down key opposition websites or to disrupt the social organizing capacity of online forums at critical moments. With two major attacks occurring during the preparation for Strategy 31 marches, some have suggested that the disruption of these particular protests might have been a goal. Others indicate disruption of discussion of events in Sagra or the Platon Lebedev parole hearings as possible targets.
But many in the blogging community seem more concerned about the possible longer-term strategic objectives revealed by the recent string of attacks. Such routine attacks on the LiveJournal service could, for example, aim to prepare the blogging community and its audience to expect technical difficulties from the LiveJournal site – such that there will be little surprise if such difficulties are experienced also during the vital period surrounding December’s elections for the State Duma or the presidential elections in March 2012. Another possibility, suggested by blogger and high tech entrepreneur Anton Nosik, is that the attacks aim to break up the LiveJournal blogging community, leading bloggers to move to other forums and fragmenting the dense political discourse network that has developed on the LiveJournal platform. As different bloggers move to alternative forums such as Facebook, Google+, and BlogSpot, the argument goes, this will permanently weaken the coherence of the political discourse community that has developed on LiveJournal. Alternatively, the attacks could serve merely as a sort of rehearsal. With so many of the most vibrant Internet communities rooted in one blogging platform, it would not take a complete shutdown of the Internet – as in Egypt this January – to devastate communications in the network-based community at critical moments.
President Dmitry Medvedev has denied any government involvement in the LiveJournal attacks, and has referred to them as “outrageous and illegal,” complaining of the negative impact on his own LiveJournal blog. He has been at pains in recent months to demonstrate his own support of Internet freedom, meeting with representatives of the Russian Internet community and calling for an investigation into the earlier LiveJournal attacks.
Other indications of the Kremlin’s position concerning Internet freedom have been far less clear over the last several months, however. ONI’s recent book, Access Controlled, provides evidence that while Russia has so far avoided the kinds of blatant crackdowns on Internet freedom employed by a number of authoritarian regimes, such as filtering for keywords and blocking certain sites, it has, over the last few years, dramatically increased its use of “second- and third-generation controls.” As Rebekah Heacock explained in an ONI blogpost shortly after the previous round of LiveJournal attacks this spring, “Russian authorities have expanded their control over cyberspace in a more indirect manner, employing a voluntary Internet patrol group, paid pro-government commentators, alleged DDoS attacks, and a new surveillance system to increase pressure on Russian netizens.”
Whatever the source of the recent rounds of DDoS attacks, they clearly raise questions concerning the future of the Russian blogosphere and its continuing relationship to LiveJournal. While the attacks have not yet led to a widespread flight from the platform, they have demonstrated the potential vulnerability of the blogging community’s current reliance on it, and they have prompted some discussion of alternative platforms and the repercussions of dispersion to other services for the community as a whole. Some bloggers have discussed the need to mirror their sites, and others have pointed to evidence that the attacks have already prompted some to move to seemingly more reliable services. Perhaps the one encouraging development to come out of the recent attacks is that they have prompted Russian bloggers to discuss the risk of future disruptions to the blogging service and consider how best to prepare. As Alexey Sidorenko of Global Voices puts it, “the only positive effect of attacks against LiveJournal is that bloggers and digital activists have realized how fragile the Russian blogosphere really is.”
Re-published from ONI under the Creative Commons License
- Mystery data centre snag floors LiveJournal (go.theregister.com)
- LiveJournal groans under ‘immense’ DDos attack (go.theregister.com)
- Leading Affiliate Network XY7.com is Back Up and Running Smoothly After Web Attack (prweb.com)
- Morocco: Militant Website Sustains DDoS Attack (moroccotomorrow.org)
- Morocco: Militant Website Sustains DDoS Attack (advocacy.globalvoicesonline.org)
- Why Have Hackers Hit Russia’s Most Popular Blogging Service? (time.com)
- Network Solutions suffers two DDoS attacks (news.cnet.com)
- Pop Clips ” 05 August 11 (dave-lucas.blogspot.com)
- LiveJournal.com and Global Classifieds Site OLX, Launch a Co-Branded Service (prweb.com)