Sign in / up

back to article Russian IT guy sent to labor camp for DDoSing Kremlin websites

A Russian IT worker accused of participating in pro-Ukraine denial of service attacks against Russian government websites has been sentenced to three years in a penal colony and ordered to pay 800,000 rubles (about $10,000).  According to the state-owned TASS news agency, a Russian regional court handed down the sentence …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. An_Old_Dog Silver badge

    Possibilities

    On the first claw, how smart and well-educated could he have been if he launched these attacks from his own PC -- was he just some script kiddie?

    On the second claw, smart people have been known to do dumb things.

    On the third claw, he could have been framed by some local rival (open wireless, spoofed MAC address, etc.)

    And on the fourth claw, he could have been framed by someone(s) in the Russian government, for reasons of their own. With all the computer-based attacks going on over there, it's a plausible charge.

    12 2 Reply
    1. David 132 Silver badge
      Reply Icon
      Thumb Up

      Re: Possibilities

      Given the old intelligence community saying that’s along the lines of “Russians lie. They know you know they’re lying, and they know that you know this, and they keep lying anyway”… I would frankly need to look out of the window myself if someone in the Russian government claimed that the sky was blue.

      Who knows what this poor sod actually did to incur the disfavour of Putin’s goons. Could have hacked Kremlin IT systems, might have accessed BBC.com or even asked awkward questions about Prigozhin’s apparent offer to betray the positions of Russian troops in exchange for an easy ride.

      13 2 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: Possibilities

        At least three Russian scientists who have worked on hypersonic missile development have been arrested on suspicion of treason over the past year, their colleagues said in an open letter published Monday. themoscowtimes May 17,2023

        5 0 Reply
        1. Bebu Silver badge
          Reply Icon
          Mushroom

          Re: Possibilities

          "At least three Russian scientists who have worked on hypersonic missile development have been arrested on suspicion of treason over the past year, their colleagues said in an open letter published Monday. the moscow times May 17,2023"

          Once the regime engages in this sort of soviet era lunacy their "use by" date is well past "best before."

          I reckoned UA Pres. Z. must a have felt much like Churchill when the US entered WW2 when I read this in

          https://www.abc.net.au/news/2023-05-18/russias-hypersonic-missile-scientists-face-treason-accusations/102360118

          《such cases were having a chilling effect on young Russian scientists.

          "Even now, the best students refuse to come to work with us, and our best young employees are leaving science.

          "A number of research areas that are critically important to laying the fundamental groundwork for the aerospace technology of the future are simply closing because employees are afraid to engage in such research."》

          I could imagine a few pissed-off missile boffins "testing" a couple hypersonics by delivering a number of hyperbaric devices to some well known Moscow landmarks.

          13 0 Reply
          1. Jellied Eel Silver badge
            Reply Icon

            Re: Possibilities

            Once the regime engages in this sort of soviet era lunacy their "use by" date is well past "best before."

            Given the lead Russia and China appear to have wrt hypersonic weapons... Don't you think our intelligence services might be trying to find out how they work? And if they're not, they should be..

            I reckoned UA Pres. Z. must a have felt much like Churchill when the US entered WW2 when I read this in

            For some reason, Zelensky seems keen to avoid Kiev ever since someone flew a drone into a flagpole in Moscow. Not sure that Russia would really want to assassinate him given the charm offensive he's doing. He really seems to have impressed the Arab League. Then again, Russia's Patriot hunting in downtown Kiev was also a little strange. While they're guarding El Presidente, they're not doing the theatre defence they're supposed to be doing.. Unless Russia's got bored of the antics and really is planning a decapitation strike.

            0 11 Reply
            1. M.V. Lipvig Silver badge
              Reply Icon

              Re: Possibilities

              What makes you think the West doesn't already know all there is to know on Russia's hypersonic missiles, considering 30 year old missile defense systems are easily able to pluck them out of the air? Western spy agencies are incredibly effective these days.

              3 0 Reply
              1. Jellied Eel Silver badge
                Reply Icon

                Re: Possibilities

                ...considering 30 year old missile defense systems are easily able to pluck them out of the air? Western spy agencies are incredibly effective these days.

                Of course. After all Russia has been out of missiles and ammunition for over a year, but still seem pretty handy with their shovels. Or helping Kiev's mayor identify a KAB-500 as a Kinzhal. With expert intelligence like that, it's easy to understand the 97% success rate that Ukraine's achieved, but no other nation has. There is however no solid evidence that Ukraine's shot down any Kinzhals, only claims to have done so. There is evidence that they tried to, and launched 30+ missiles at.. something, but may have missed and now have 1 less Patriot. Raytheon thanks them for their service, and would like to point out that 30 missiles is around 10% of their annual missile production.

                Still doesn't really explain why Russia's been attacking Kiev though, unless it's planning to achieve air superority over it for some reason.

                1 9 Reply
      2. Quinch
        Reply Icon

        Re: Possibilities

        "I would frankly need to look out of the window myself if someone in the Russian government claimed that the sky was blue."

        Probably best to observe that window from a distance, tho.

        15 0 Reply
        1. John Brown (no body) Silver badge
          Reply Icon
          Alert

          Re: Possibilities

          Or at least make sure it's a ground floor window.

          9 0 Reply
          1. JassMan
            Reply Icon

            Re: Possibilities

            I expect that in Russia you can suffer a broken neck even falling from a ground floor window.

            0 0 Reply
    2. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Possibilities

      I don't think you've thunk this through...how do you DDoS someone from your own PC? Wouldn't be very distributed would it? The skid way to this would be to buy time on a botnet on the darknet for some bitcoins or something...and the non-skid way would be to build a worm that infects a shit ton of Russian machines (or even better foreign machines) with a command and control server in a country that won't co-operate with Russia right now (basically anywhere). Either way, if he kept schtum, odds of being caught are pretty low.

      I think all the reasons you stated are far too convoluted to be true.

      Most likely, given how polarised Russia probably is...he bragged to a mate, who he didn't know was a bell-end nationalist, and got shopped. Someone likely said something to someone.

      Also, come on man...what is this?..."how smart and well-educated could he have been if he launched these attacks from his own PC".

      Some of the biggest cunts on earth that do the dumbest shit are "smart and well educated"...a lot of them come out of Eton and Harrow.

      Well educated is not synonymous with being intelligent...never has been.

      You could have the shittiest education known to man and still be the most intelligent man on Earth. Crap education makes your life harder, but it doesn't make you dumber. On the flipside, an amazing education can make your life leaps and bounds easier, but it won't make you any more intelligent...you just tend to sound a bit posher and are more likely to claim that you "prefer classical music" you are also more likely to end up being an MP...a job that famously seems to be "intelligence repellent".

      7 0 Reply
      1. Andy Non Silver badge
        Reply Icon

        Re: Possibilities

        I accidentally managed to DDoS my employer once (a large multi-national with many sites). I accessed a particular part of the company's public facing website from the browser on my desktop computer within the company. Noted that is was responding extremely slowly and left the page loading. Ten minutes or so later got a call from the IT security department at a different site asking me what I was doing as I appeared to be DDoSing the website! They traced the source of the issue back to my IP address and computer. I can only assume there was some sort of misconfiguration of the security system, firewall or god knows what that resulted in the website being flooded with continuous requests. I closed my browser and the problem disappeared. No idea how it actually happened.

        4 0 Reply
        1. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Re: Possibilities

          That was a DoS, not a DDoS, unless you went around the office and got everyone else to try to access the same page!*

          The first D stands for "Distributed". You just did a plain old "Denial of Service"!

          Never mind, from what you said, your IT guy didn't know the difference either.

          * or any one of probably a dozen different ways that don't actually require social engineering your colleagues, but start with the simple approach first.

          2 0 Reply
        2. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Re: Possibilities

          Your IT department doesn't know the difference between a DDoS and a DoS attack. No wonder the site went down.

          2 0 Reply
      2. An_Old_Dog Silver badge
        Reply Icon

        Re: Possibilities - Response

        @ AC 20th May 2023 15:11 GMT: You have over-literally read what I wrote, and mis-interpreted what I wrote to ascribe to me opinions I neither hold nor advanced. So, by the numbers ...

        1. "I don't think you've thunk this through...how do you DDoS someone from your own PC?"

        Answer: you don't literally do that. However, From TFA: That said, this traffic can be traced to its sources, which may reveal the true origin and orchestrator of an assault.

        So, if they -- the FSB, per the referenced TASS article -- truly traced things back to this guy, he (Mr. Kotikov) probably did things the stupid way, and used his own PC to talk with his C&C server(s).

        From the TASS article, via Google Translate, "The personal computer used by him as a means of committing a crime was onfiscated into the property of the state," the FSB said.

        The smarter way would be to not use your own PC for any part of it. It's like not using your own car, as the getaway vehicle, and not using your personally-owned gun, to commit a bank robbery.

        2. "Also, come on man...what is this?..."how smart and well-educated could he have been if he launched these attacks from his own PC." Some of the biggest cunts on earth that do the dumbest shit are "smart and well educated"...a lot of them come out of Eton and Harrow."

        Answer: re-read the line I wrote which starts with, "On the second claw".

        3. "Well educated is not synonymous with being intelligent...never has been."

        Answer: I never claimed nor implied education and intelligence were equivalent. I think of education as, "knowing stuff", whether from formal classes, from things you've read, or from personal experience. I think of intelligence as the ability to learn things.

        To successfully work in a technical area of IT, you need, unless you're just a waste-of-oxygen, poseur political animal, some education (of whatever type), some intelligence, logical thinking, imagination, and creativity.

        4. "Most likely, given how polarised Russia probably is...he bragged to a mate, who he didn't know was a bell-end nationalist, and got shopped."

        Answer: This would be on the fifth claw, which I had not thought of. But do see the line I wrote beginning with, "On the second claw".

        1 1 Reply
        1. M.V. Lipvig Silver badge
          Reply Icon

          Re: Possibilities - Response

          "The smarter way would be to not use your own PC for any part of it. It's like not using your own car, as the getaway vehicle, and not using your personally-owned gun, to commit a bank robbery."

          Unless he admitted to it, it would be possible that someone else used his computer for this.

          0 0 Reply
          1. Anonymous Coward
            Reply Icon
            Anonymous Coward

            Re: Possibilities - Response

            Even more likely, they just forced a confession out of him.

            0 0 Reply
        2. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Re: Possibilities - Response

          You actually did...

          "how smart and well-educated could he have been".

          You could split hairs on semantics, but you implied that a lack of education makes people stupid. Which isn't true. You could attend the finest technical institution in the world for technical education, and they still won't teach you how to cover your tracks and get away with it if you launch a cyberattack.

          0 0 Reply
        3. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Re: Possibilities - Response

          The smarter way would be to communicate with the C+C server over Tor or a VPN. You should also be aware, that C+C servers typically don't operate the way you think they do. They very rarely communicate directly with bots on their network. It's usually done via some third party, public facing social media platform like Twitter.

          E.g. command is sent from some dashboard on the darknet, a coded tweet is posted (it might be located by searching for replies on a particular tweet, or a hashtag, could be embedded using stego in a JPEG), the bots periodically check on a thread or for the parameters above and receive their commands. This is why botnets are so damned hard to take down.

          "To successfully work in a technical area of IT, you need, unless you're just a waste-of-oxygen, poseur political animal, some education (of whatever type), some intelligence, logical thinking, imagination, and creativity."

          Intelligence...I don't think you need to be intelligent, but on average people working in certain areas of tech do have well above average intelligence. I don't know anyone in tech that anyone could classify as "not intelligent"...but that doesn't make it a pre-requisite...the honest answer to this, is we don't actually know (or at least, I don't).

          Logical thinking...definitely. Logic is the basis of tech.

          Imagination and Creativity...absolutely. I know a few very talented developers that have no imagination or creativity, really holds them back. I firmly believe an average techie with above average creativity can easily run circles around a top tier techie with no creativity. The more imaginative and creative you are, the better at solving problems you are likely to be and therefore the better you probably are at your job...even if your actual technical skill isn't that great.

          Education...Maybe, but it's less important than the first three depending on the type of education. Quite a lot of us working in tech have no formal education or qualifications in the area of tech...because there was no such thing when we were younger...you could call us "Self Educated" I suppose...I am almost entirely self taught, you have to be mostly self taught because tech moves at a pace that dates any formal education you had pretty quickly...when I was a young un weighing up university, the Internet had been around for a few years and they were still teaching COBOL, FORTRAN and punch cards...so as any smart person would do if they wanted to enter the industry at the time, I decided not to waste 4 years learning decades old tech and taught myself...I then picked up certs along the way...most of the smartest people that have ever lived were autodidacts.

          0 0 Reply
  2. Anonymous Coward
    Anonymous Coward

    Anyone got the relevant IP's at hand?

    And is the Low Orbit Ion Cannon (LOIC) still up and running, or are there better higher PPS alternatives???

    (just curious, as the last time i used it was to DDOS my IP on AOL back in 1996), FYI it worked ;p :)))))

    0 0 Reply
  3. Dinanziame Silver badge
    Meh

    "illegal invasion"

    I hope Russia loses the war and gets kicked out of Ukraine; but I can't prevent myself from wincing when I read, like in this article, the words "illegal invasion". The expression is at best absurd, and at worst hypocritical. Invasions are not regulated by laws, and cannot be legal or illegal (Which does not prevent the possiblity of war crimes during said invasions, but that's a different matter). For that matter, if you ever entertain the idea of using the words "legal invasion"... please don't. Regardless of the invader, invaded, and motives, it's just wrong.

    5 5 Reply
    1. Potemkine! Silver badge
      Reply Icon

      Re: "illegal invasion"

      Regardless of the invader, invaded, and motives, it's just wrong.

      I'm quite happy Allied forces invaded France in June and August 1944.

      5 0 Reply
      1. Dinanziame Silver badge
        Reply Icon

        Re: "illegal invasion"

        So am I, but I still hope nobody ever calls it a "legal invasion." It's a terrible sentence, even when the invasion itself is justified.

        1 0 Reply
  4. Anonymous Coward
    Anonymous Coward

    And on the bright side

    It's no longer enough to post an interesting link on Slashdot

    0 0 Reply
  5. Claverhouse Silver badge
    Holmes

    I Wonder...

    ... if the USA has jail-time for anyone DDoSing US Government websites ?

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like