Special Coverage: Information War Intensifies as Unrest in Kyrgyzstan Continues - Motives Remain Unclear as Disruptions Increase

Bishkek, 5 March February 2005 (ONI). The Kyrgyz Internet is becoming a battleground as unrest triggered by last week's inconclusive parliamentary vote spreads. Two leading Internet Service providers are embattled from an alleged hacker attack and pressure to remove information about growing unrest in the country. A series of e-mails from a hacker(s) calling himself "Shadow Team" posted to Elcat and Asia Info and obtained by ONI, claimed responsibility for the attacks and demanded that the service providers remove the websites of two Kyrgyz newspapers and < www.respublica.kg>. "Shadow Team" also sent e-mail to a popular regional news site < www.centralasia.ru>, demanding that it stop publishing all information about the situation in Kyrgyzstan. Respublica's ISP, Elcat, complied with the hackers' demands and temporarily suspended publishing the newspapers website. The decision to suspend the website appears to have been agreed to by Elcat and the publishers of the newspaper, as Elcat also hosts many Kyrgyz NGOs, international organizations and other civil society groups.

The attacks claimed by "shadow team" have proven disruptive to the Kyrgyz Internet at a critical time for political authorities. The identity of the hacker(s) remains unknown, and "shadow team" may itself be taking credit for others' work, or in at least one case, for the operation of a more general computer worm (variants of the W32/Bagle.dldr). Ongoing investigations by ONI researchers suggest that there are two simultaneous DDOS events occurring. The first is a result of a computer worm that is affecting Elcat servers but may not have any link to the elections. The second smaller attack maybe a DDOS caused by "shadow team". ONI research suggests that "shadow team" may be an independent CIS-based hacker working without any clear political motive.

The lack of a clearly defined motive for the attacks, or clarity if it is indeed an attack, opens the question of whose interest the hackers are ultimately serving - if anyone’s. The attacks have not affected the ability of the Kyrgyz newspaper to publish or distribute paper copies of their newspapers. Likewise, sites like centralasia.ru can easily circumvent DDOS attacks by mirroring on multiple IP addresses. The specific tool and vulnerability used in the attacks appears to be well known, so it is only a matter of time before the attack loses effectiveness.

Some opposition leaders have seized on the attacks claiming that the Kyrgyz government is launching an on-line censorship campaign. According to unconfirmed reports , government officials appear nervous about the perception that they are seen to be responsible for putting pressure on ISPs to close the newspaper sites. Sources claim that they have requested that Elcat reinstate the sites.

The denial of service attacks appear to be adding to the political unrest in Kyrgyzstan. The seriousness with which the ISPs, the government and the opposition are treating this matter suggests that the Internet is an increasingly important new battleground. An estimated 300,000 out of a total population of around 5 million in this post-Soviet republic have access to the Internet, and information obtained from the Internet is circulated widely to those without direct access. The rising concern among the government, ISPs and the opposition suggests that everyone has a stake in keeping the Internet open, while deflecting blame to "third parties" for circumstances leading to its closure.

The ONI will release a detailed report covering Internet access during the Kyrgyz election in the weeks following the second round of voting scheduled for 13 March.

* * *

The OpenNet Initiative (ONI) is a partnership between the Advanced Network Research Group, Cambridge Security Programme at Cambridge University, and the Citizen Lab at the Munk Centre for International Studies, University of Toronto, and the Berkman Center for Internet & Society at Harvard Law School. In the CIS region, the ONI works in partnership with the Eurasian i-Policy Network. ONI reports and bulletins covering the CIS are published in English and Russian at http://opennet.net and www.internetpolicy.kg. A blog of data collected by ONI researchers can be found on Civiblog.org kg.civiblog.org

Further background information about Kyrgyzstan can be found at the following sites:

http://www.eurasianet.org/resource/kyrgyzstan/index.shtml
http://www.alertnet.org/thefacts/countryprofiles/217261.htm