Georgia’s Imedi TV switches website security to firm used by Russian Defence Ministry and Hamas
After being hit with UK sanctions, Georgian pro-government media outlet Imedi appeared to have switched security providers for their website from the US-based CloudFlare to DDoS-Guard, a Russian company which has counted the Russian Defence Ministry, National Bank, and Hamas as its clients.
Georgian netizens noticed that the media outlet’s website was being served by DDoS-Guard’s servers days after Imedi was sanctioned by the UK for Russian disinformation.
Social media user Temur Gorgadze was among those who noted that Imedi’s domain had ‘moved to a new server’ following the sanctions. He made a post on Facebook after Imedi’s website became briefly unavailable on Wednesday.
Imedi at first denied the outage was related to the sanctions, but shortly after, published a statement confirming the two incidents were linked.
DDoS-Guard provides, among other things, protection against DDoS, or distributed denial of service, attacks — malicious attempts to disrupt servers, services, or websites by flooding them with internet traffic from multiple sources and rendering them unusable.
Using open source information, an expert speaking to OC Media, who wished to remain anonymous, was able to deduce that prior to using DDoS-Guard, Imedi’s website had been using CloudFlare, a US-based company providing the same services as DDoS-Guard, for the same purpose.
‘If this [information] is correct, then Imedi.ge used CloudFlare and then switched to DDoS-Guard sometime between 24–26 February’, the expert said, stressing that such open source information could sometimes be, ‘though very, very seldomly’, wrong.
He also noted that it’s nearly impossible to easily know if DDoS-Guard was providing Imedi.ge both hosting and protection, or whether the domain was being hosted elsewhere, since the proxy obfuscates the true endpoint server.
Imedi, alongside another TV channel, POSTV, were both sanctioned by the UK on 24 February. Imedi’s website experienced an outage on the same day.
It is unclear whether the migration to DDoS-Guard’s services had any clear link to the sanctions imposed by the UK. However, CloudFlare has previously stressed its compliance with Russia-related sanctions.
‘We expect additional sanctions are likely to come from governments as they determine additional steps are appropriate, and we will continue to move quickly to comply with those requirements as they are announced’, CloudFlare wrote on their blog in March 2022, shortly after Russia’s full-scale invasion of Ukraine.
Digital security expert Nino Gamisonia told OC Media that it was ‘obvious’ that the transition from CloudFlare to DDoS-Guard happened as a result of the sanctions.
‘Non-technically, Imedi moving to a provider such as DDoS-Guard, a company with a bad reputation and a history of servicing high-risk or politically sensitive clients, also carries reputation risks for Imedi itself. But to be honest, they didn’t have any other choice rather than moving to such a service provider’, Gamisonia added.
OC Media has asked CloudFlare if they had made the decision to suspend their services to Imedi, and if so, whether that decision was related to the UK sanctions, but has not received a response as of publication.
DDoS-Guard has serviced a number of clients around the world, including the Russian National Bank and the Russian Defence Ministry.
It has drawn controversy for offering protection services to Parler, an American social media network attracting a far-right userbase, and Kiwi Farms, a web forum used to discuss, harass, and dox online figures and communities. DDos-Guard was also found to have provided services to Hamas, the Palestinian group ruling the Gaza Strip.
According to Russian independent media outlet Meduza, Parler defaulted to using DDoS-Guard’s services after Amazon Web Services refused to host it and Apple and Google removed it from their respective app stores. Parler was allegedly used to coordinate the storming of the US Capitol on 6 January.
‘DDoS-Guard has long insisted that it will work with any clients who obey the law, but Meduza learned that the company is, in fact, suspected of hosting multiple internet scammers responsible for stealing banking data, and one of the world’s largest online stores for illegal drugs operates using an infrastructure associated with DDoS-Guard’, Meduza wrote.
According to Wappalyzer, which breaks down technologies used by websites, the vast majority of DDos-Guard’s clients come from Russia, at 72%, followed by the UAE and the Netherlands, both at 8%.
Helena Bedwell
