Security

Lithuania: Attacks Focused on Hosting Company

A vulnerability in a Web server contributed to attacks on some 300 Web sites in Lithuania earlier this week, a computer security expert said on Friday.

The Web sites were defaced after Lithuania passed a law prohibiting the public display of symbols dating from the Soviet Union era, as well as the playing of the Soviet national anthem.

The attacks, which started on Sunday and subsided by Monday, saw many Web sites defaced with pro-Soviet slogans and symbols in an apparent retaliation from hackers.

The majority of the Web sites were hosted on a single physical Web server, which had a vulnerability either in the Web server software or Linux operating system, said an official with Lithuania's Computer Emergency Response Team (CERT) on Friday. The hosting company was advised on how to fix the problem.

The server was hosted by a company called Hostex, formerly known as MicroLink Lithuania, said Marius Urkis, head of the Academic and Research Network (LITNET) CERT, a different but related computer security organization.

The attacks in Lithuania were reminiscent of a similar situation in Estonia in April and May 2007, after the government there decided to move a Soviet-era memorial to soldiers who served in World War II. That decision caused protests and violence from the Russian minority living in Estonia. Web sites run by the government, bank and schools experienced severe denial-of-service attacks, which were blamed on pro-Russian hackers. The Russian government denied involvement or knowledge of the attacks.

In Lithuania, the passage of the law has not caused protests or much outcry, although the ethnic Russian population in Vilnius is less than 10 percent, Urkis said.

Urkis said it is possible some Russians are upset over the law and would undertake the cyber attacks.

The CERT official said that the matter has been referred to the police, which has a special department under the Ministry of the Interior that handles cybercrime.

Officials do know that proxy servers likely located in Western Europe were employed to perform the hacking. That could make it more difficult for investigators, who will have to trace a winding electronic path in an attempt to find the perpetrators.

"I think it will take some time to find the real attackers," the CERT official said.

Subscribe to the Security Watch Newsletter

Comments