Internet & Democracy Blog

By Hal Roberts and Bruce Etling

Over the course of the weekend, a seemingly coordinated distributed denial of service (DDoS) attack flooded a number of the leading Russian independent media, election monitoring and blogging sites. Many users and content publishers, including the Global Voices RuNet project, have been reporting the attacks against sites including LiveJournal, Echo of Moscow, Novaya Gazeta, New Times, Bolshoi Gorod, Golos.org, ikso.org, ridus.ru, zaks.ru, and the online ‘map of violations’ created by the election monitoring group Golos (which has been the target since last week of a government campaign against ‘outside’ influence on the election (they are funded by US and European groups). LiveJournal, which is the biggest blog host in Russia and according to our research is the blogging platform where Russian political discourse is most prevalent, was also attacked. There are continued reports of LiveJournal’s inaccessibility inside Russia over the last couple days, and shorter term attacks on sites such as levada.ru, the Web site of the leading independent polling firm in Russia.

DDoS and other sorts of cyber attacks on independent media have been common in recent years. One of the difficult things about understanding the cause and impact of DDoS attacks is that it is rarely clear who is behind the attacks. We have little or no evidence, for instance, that the Russian government is involved in these or other attacks. This is partly due to the nature of DDoS attacks, which often come from large collections of infected computers and so are very difficult to track back to the responsible actor. Governments have also avoided taking responsibility for these sorts of attacks, in constrast to the way that many government happily defend their filtering practices, perhaps because the attacks are often associated with the cyber-criminal gangs who build and run botnets.

What makes these attacks different is the number of sites attacked at the same time, and their close timing around the elections. We asked our friends at Arbor Networks, a leading provider of DDoS monitoring and protection services for Internet service providers and large content hosts, for any data they have on these attacks. Among other DDoS monitoring systems, Arbor has a large collection of taps installed in botnets, through which they are able to listen to the commands sent to the botnets. Jose Nazario reported back to us that starting on December 1 and continuing through the election on December 4, they saw commands come from just two botnet controllers to attacks the following list of sites, nearly all of which are independent media or election monitoring sites:

New Times (Oppositional news site The New Times)
Echo of Moscow (Leading Independent radio station Echo of Moscow)
Novaya Gazeta (Major oppositional newspaper Novaya Gazeta, often critical of the Kremlin)
Novaya St. Petersburg (St. Petersburg Novaya Gazeta site)
Kommersant (Major Russian news daily)
Public Post (online news site, had published stories about map of violations and Golos)
Slon (Online News site, partnered with Golos to publish ‘map of violations’ after Gazeta backed out)
Bolshoi Gorod (St. Petersburg news site)
Golos (Website of independent election monitor Golos)
Ikso (an outlier, the election commission of Sverdlovsk region)
Ridus (online news/citizen journalism site)
Zaks (a popular political website in St. Petersburg)
Pryaniki (a popular portal in Tula)
Map of Violations (Golos crowdsourced election violations map/site)
files.kartanarusheniy.ru (sub domain of ‘map of violations’ site)
LiveJournal (Major Russian blog platform)
Kotlin Forum (not accessible: Yandex search indicates a forum related to Kronshdat)
Kotlin (not accessible, Yandex search indicates news and info related to Kronshdat region)
GosZakupki (another apparent outlier in the group, a portal for Russian federal and local government tenders)
The Other Tver (oppositional Tver news and analysis site)
RosAgit (Web site connected to activist and blogger Alexey Navalny, which today is focused on promoting protests across Russia scheduled for December 10).

Botnets are often rented out for a variety of reasons, including spam, click fraud, and credit card theft, as well as DDoS attacks. It could be a coincidence that two botnet controllers were independently rented by a collection of actors to attack these sites during the election, but that coincidence seems highly unlikely. It is much more likely that some one or two actors was trying to take down a broad swatch of the Russian independent media landscape during the critical period of the election. We have see many, many attacks against individual media sources in the past in Russia, but we are not aware of any previous coordinated attacks against this number of sites at the same time.

The Arbor data, of course, says nothing about why these sites were attacked, but one argument put forward by editor-in-chief of Echo of Moscow Alexey Vendediktov (and many others), certainly seems plausible: “The attack on the website on election day is clearly an attempt to inhibit publication of information about violations.” Several, if not most, of these sites invited users to submit information on election violations, especially Golos, their violations map, Slon and Echo of Moscow. The timing of the attacks is also hard to see as coincidental, overlapping closely with the times that polls were open on Election Day. Most of the attacks also ended once the polls were closed. As is usual for these types of attacks, no one has claimed responsibility, even though they seem to clearly serve the interests of the government.

As the Berkman Center noted in its DDoS report last year, for media and NGOs that think they might be subject to a DDoS attack, putting data and information on major social media and Internet sites (like Twitter, Facebook, YouTube, Google, etc.) is a good back up plan, especially for smaller organizations with limited tech staff, since these major hosting sites are far more well prepared to defend against these types of attacks. For example, to our knowledge, the Google doc with over 5000 election violations created by Golos after its site was disabled, was never taken down. Alexei Sidorenko also has other details of how sites like Novaya Gazeta that were better prepared for the attack were able to help host Echo of Moscow blogs, which argues for these groups to support each other and host one another’s content, acting as a sort of ‘mutual aid society,’ which Jonathan Zittrain has written about. Also, we checked with one prominent Russian independent media site that we had worked with during the writing of the DDoS report about whether they had been attacked, and that site responded that they had used Twitter for all of their election coverage, specifically to avoid DDoS attacks. That site’s strategy was successful, as Twitter was either not attacked or withstood any attack during the election.

Russian media this week has been dominated by several new themes, relating to national history, disasters, and high politics.  The red words in the word cloud below indicate words that appeared in this week’s news with unusually high frequency, showing a contrast with the previous week.  (Blue words show high frequency words unique to the previous week, and purple indicates words that appeared with significant prevalence both weeks – generally representative of recurrent themes.)

Week of June 20 – June 26 (Red) Compared to June 13 – June 19 (Blue) for Five Major Russian Media Segments (TV, Pop Blogs, Random Blogs, Mainstream Media, Government):

Read the rest of this entry »

In a quote that could have just as easily have come out of Sarah Palin’s mouth, IDF Spokesman Brig. Gen. Avi Benayahu recently told a journalism conference that the Israeli military is creating an Internet and new media unit to get past the ‘filter’ of the mainstream media. This after their self-described success with YouTube during ‘Operation Cast Lead’ last year in Gaza. Haaretz reports:

Responding to criticism of Israel’s ability to face hostile entities on the Web, Benayahu said the new program would be able to deal with the problem. He said that from each group drafted to the Army Spokesman’s Office, between eight to 10 young people who are experts in Web 2.0 – YouTube, Facebook and Twitter – to be identified before induction, would be assigned to the new department. The new recruits would be put to work in the new media unit after undergoing a general Army Spokesman’s Unit training course.

Benayahu further stated that the primary target is “mainly an international audience that is less exposed to operational processes. Foreign media do more ‘zooming-in’ and so it’s important to us to show the totality of IDF actions without a filter.” Haaretz also reports that the military is reaching out to bloggers that are known opinion leaders. I suspect they just don’t want to be outdone by the Iranians.

This New York Times piece nicely summarizes recent moves by the Iranian regime and the Revolutionary Guards to further clamp down on Iran’s already tightly controlled information space. The Times argues that the government is stepping up its ‘soft war’ in order to “re-educate Iran’s mostly young and restive population” by:

…implanting 6,000 Basij militia centers in elementary schools across Iran to promote the ideals of the Islamic Revolution, and it has created a new police unit to sweep the Internet for dissident voices. A company affiliated with the Revolutionary Guards acquired a majority share in the nation’s telecommunications monopoly this year, giving the Guards de facto control of Iran’s land lines, Internet providers and two cellphone companies. And in the spring, the Revolutionary Guards plan to open a news agency with print, photo and television elements.

As the article notes, these efforts to fight a ‘soft war’ seems to indicate the growing influence of the Revolutionary Guards in Iran, which some, like Abbas Milani, argue are more powerful than even the Supreme Leader.

In the end, however, these moves may be futile. The ‘police unit’ to monitor the Internet has only 12 people. Satellite TV has been illegal for years in Iran, and yet by the regime’s own account 40% of households have access to it, twice as many as last year. There are occasional crack downs that try to clear satellite dishes from everyone’s rooftop, but they always go back up eventually. And finally, as NYU’s Mehrzad Boroujerdi says:

By trying to gain more control of the media, to re-Islamize schools, they think they can make a comeback. But the enemy here is Iran’s demographics. The Iranian population is overwhelmingly literate and young, and previous efforts to reinstall orthodoxy have only exacerbated cleavages between citizens and the state.

Not much in the way of blog posts this week due to travel and conference presentations. Here are some recent good reads to tide you over until next week:

NPR shares a podcast from a retired firefighter who lost both of his sons, eight years ago today, at the World Trade Center.

And Foreign Policy shows how pigeons are faster than the South African Internet.

As a follow-up to last week’s release of our study on the shape of the Arabic blogosphere, happy to post today that Internet and Democracy’s own John Palfrey, Bruce Etling, and Rob Faris have recently published a piece in the Washington Post about the use of Twitter in Iran’s recent election turmoil. Drawing from our previous research here at I&D and some of the latest data that’s being pulled from the use of social media on the ground in Iran, we write:

After all, it appears that people living under authoritarian regimes such as the one in Iran are as addicted to the Internet as the rest of us are. Even though states push back, they can’t keep the Internet down for long without serious blowback from their citizens. Iranian officials have the power to shutter the Internet just as they once clamped down on reformist newspapers, but they may be more concerned now about any move that pushes those watching — or blogging or tweeting — from the sidelines into the throngs of protesters already in the streets.

Definitely worth checking out!

The Internet and Democracy Project team is excited to announce today that we’ve officially launched an online interactive version of our classic study on the shape of the Persian blogosphere that we published earlier last year. The tool allows users to easily sort through the data that we’ve collected on discourse networks in Iran, and explore some notable features of the online blog landscape. The map reveals the clustering of certain types of blogs, and reveals the content make up across the web as a whole.

It’s now live, and totally fun to play around with. Check it out now.

Back in January, I reported on an innovative new contest called Apps For America being sponsored by the Sunlight Foundation. The contest was to build easy-to-use apps with raw government API data dumps. The sprawling federal government seems (and often is) frustratingly inaccessible. Bypassing expensive IT consultants, this contest sought to increase citizen participation with iPhone-like simplicity.

The winners were announced yesterday, with hip Filibusted taking first place. It’s a brilliant little program that tracks filibuster and cloture votes, and sends updates to users via tweet. This could help your average Joe follow the arcane procedural dance also known as the U.S. Senate in an open, comprehensible way.

I encourage you to check out the other winners here, and also to use them. Transparent government depends upon an active citizenry. When the bureaucracy shields itself with paper, the web can lower the transaction cost of democratizing access.

It was hard not to chuckle a bit when I first read this. Alabama? E-Voting? And yet, making up for abysmally slow absentee vote processing in the 2008 elections (roughly 80 days), the Alabama State Legislature is now debating a bill that would provide secure channels for e-voting to Alabamans overseas. The plan is modeled on a similar system used in parts of Florida (hanging chads?).

The bill seems particularly targeted at military personnel. Alabama is a heavy recruiting ground for the Army, which enlisted over 6,000 new soldiers from Alabama in the past three years alone. Regardless, so long as the system can be reasonably hack-proof — I still worry about Estonia, though Switzerland had some positive test results — this is a positive step toward making technology serve democratic participation. Here’s hoping other states will catch on.