After the five-day Russia-Georgia war, a chronicle of the cyber battle unfolds

August 12, 2008 | Dean Takahashi | Comments |

The war between Georgia and Russia lasted just five days, as long as the new cease-fire holds. But cyber security experts will be picking through the ashes of the accompanying Internet battle for sometime to come.

Just as happened last year with the May 2007 cyber war between Russia and Estonia, Georgian web sites buckled under overwhelming waves of bogus traffic, sent from huge swarms of compromised computers. The attacks began as probes as early as July 20, according to Internet experts. As the war began on Friday, millions of extraneous requests — a so-called Distributed Denial of Service (DDoS) attack — took down Georgia’s banking and government sites.

“It’s just like Estonia,” said Graham Cluley, a security expert at Sophos who wrote a timeline for the cyber war on his blog. “In modern warfare, it’s not unusual to see opposing forces take over TV stations, radios and newspapers. In our century, taking over Internet sites is now part of the same kind of strategy.”

The first attacks reported by the Russian press noted that the web site of the South Ossetian government had been hit with a DDoS attack, just hours after the shooting started on Aug. 8. On Aug. 9, the Georgian Ministry of Foreign Affairs web site was defaced, with photographs of Georgian president Mikheil Saaskashvili juxtaposed with Adolf Hitler’s image (pictured above). A group called the South Ossetia Hack Crew claimed responsibility for the defacements.

Other web sites, including the National Bank of Georgia, were also defaced. The attacks against banks are particularly scary. If banks can’t function, then no one can get cash. That can lead to chaos fairly quickly, a condition the attackers no doubt wanted.

Sites including Google’s BlogSpot and the Polish government agreed to take over hosting the web sites of the Georgian government. Later, Georgia moved its web site to Atlanta, Ga., where it is being hosted by Tulip Systems, a company owned by Georgian-born Nino Doijasvili. Cluley said that the vast infrastructure of Google, with its many different servers and data center locations, make it especially hard to overwhelm. Nevertheless, Cluley noted that Estonia was sending its own cyber-security experts to help Georgia.

On Monday, a Russian website became a target, as the news agency RIA Novosti was hit with a DDoS attack.

Cluley said there is a growing dossier for cyber warfare. In September, 2007, the Chinese military was blamed for attacks on a Pentagon computer system serving U.S. Defense Secretary Robert Gates. And earlier this year, German foreign intelligence was accused of spying on a ministry in Afghanistan. Belgium and India also blamed China for attacks against their official computer systems. Gadi Evron, a security expert who spoke about the Estonia cyber war at Black Hat last year, wrote a post-mortem on the Estonia experience.

But while it may seem obvious who was attacking who in this case, it won’t be easy to show that the Russian government was behind the attacks. That’s because DDoS attacks are made with millions of compromised computers from around the world. It’s very hard to trace down where the attacks start, Cluley said. Spammers are easier to catch because they leave a money trail that can be traced. But with political attacks, it isn’t easy to hunt down anyone and hold the attackers responsible. And, of course, the cooperation of the Russian government would be necessary in any investigation of cyber attacks. Svetlana Gladkova notes on her blog that Russian hackers probably didn’t need guidance from the Kremlin to attack.

Evron raised some interesting questions in his post mortem. “Does an Internet attack warrant a reaction from NATO? What about the UN? Is there such a thing as a ‘just’ Internet war and what is a country’s right to defend itself against one?”

Evron recommends that Western nations work out agreements and treaties to cover cyber war and how to react to it in a fast-moving world.

Next Story: Spot Runner lays off 50 as it realigns its strategy
Previous Story: Magnify360, which changes web sites based on your behavior, gets boost

Bookmark and Share

Photo of Dean Takahashi

About the Author, Dean Takahashi

Dean is lead writer for GamesBeat at VentureBeat. He covers video games, security, chips and a variety of other subjects. Dean previously worked at the San Jose Mercury News, the Wall Street Journal, the Red Herring, the Los Angeles Times, the Orange County Register and the Dallas Times Herald. He is the author of two books, Opening the Xbox and the Xbox 360 Uncloaked. Follow him on Twitter at @deantak, and follow VentureBeat on Twitter at @venturebeat.

  • Excellent summary of the situation Dean. I do believe that such attacks will continue against various countries and institutions that happen not to please attackers in some way. And it is definitely a valid question if we should have international agreements or a special agency in the UN to regulate such issues and help investigate accidents and hopefully prevent them in the future.
  • Karpy
    A top ranking Chinese general spoke to the graduating class of their version of West Point in the late 90's. He told them that they war with the US was inevitable, that China would prevail, and that they would be the ones in the fight. He then went on to describe the strategy. After a false diplomatic crisis was underway, they would hit America with a massive cyber-attack that would shut down our infrastructure. Our satellites would be destroyed in space, and at least one carrier group would be destroyed. Two or three medium sized cities such as Seattle and St Louis would be taken out with nuclear weapons launched from ballistic missile submarines. They do not believe America has the will to respond with an overwhelming attack, and would absorb the expected equal response. They would pause to evaluate the effects on America. Once maximum effect had been achieved and the nation in heavy crisis, they would strike several American cities intended to annihilate the populations. They would advise Washington that an retaliation would result in an even larger attack, and stand by. They did not believe we had the will to or fortitude to endure incremental, escalating nuclear strikes. The entire speech was posted in Proceedings, which is the magazine of the United States Naval Institute. It was not reported in the press that I recall. At the time, China did not have nuclear strategic missile submarines, or a space program. Most people scoffed at the idea of the backwards Chinese being able to launch any type of cyber attack. A few months after the article appeared, the Chinese military initiated a series of cyber attacks against known Western hackers. The hacker rallied, rose to the challenge and won the skirmish, but the Chicoms gained valuable experience as intended. They have recently shut down power plants in Florida and the North east. They routinely invade US Government sites. The war was based on the idea that America does not have the will or courage to fight a prolonged war, and that we would surrender rather then face serious loss of life, if not basic discomfort at home. This was also Bin Ladin's reasoning for striking the US on 9/11, and recent political moves in Iraq are validating that line of thought.
  • Hans Gottschalk
    Why would a Chinese general come to West Point to inform his potential opponents that a "war" was coming up? And where is the link to the Naval Institute proceedings?

    Wow, another confused Republican.
  • moses
    "graduating class of their version of West Point"- the Chinese equivalent of West Point, not the US West point.
  • Peachy
    Nice piece Dean. Not caught much news in the last week or so but even the bits I have seen have not mentioned this type of thing. Superb angle, liked the War Games from yesterday too.

    Thanks

    Peachy
  • International Website Where You Can Show Your Support And Solidarity To Georgia:

    http://www.georgiasupporters.com

    Please Share This Website With Everyone You Know (Add this address to your MSN, Orkut, ICQ etc)!
  • Encyclopedian
    > May 2007 cyber war between Russia and Estonia

    Except it wasn't between Russia and Estonia. It was between a guy in Estonia and Estonia. Check your fact before relying on someone else's assumptions.

    <quote from wikipedia>
    On 24 January 2008, Dmitri Galushkevich, a student living in Tallinn, was found guilty of participating in the assault. He was fined 17,500 kroons (approximately US$1,640) for attacking the website of the Estonian Reform Party.
    </quote>
  • bubba
    There were many other attacks that came from inside Russia. Check YOUR facts first.
  • Hans Gottschalk
    > And earlier this year, German foreign intelligence was accused of spying on a ministry in Afghanistan.

    AFAIR that happened *inside* Germany. They were reading E-Mails of Germany's largest weekly news magazine, Der Spiegel. That's also why it's illegal (journo privileges). Foreign intelligence is *supposed* to spy, but in foreign countries and on foreigners. Germany's BND normally does it, and so do CIA and NSA. I can see the NSA antennas from where I write this ;-)

    And foreign intelligence is a *good* thing: had the EU known in advance what Georgian president Mikheil Saaskashvili was up to, somebody would have told him that his plans would find no support.

    The West (and Nato in particular) need to decide whether they want to support every autonomy movement in the world, like they do with Kosovo and Tibet. However, then IRA and Basque separatists, a separate Kurdistan and the South Ossetian Republic have to be accepted as well. If not, the support for Kosovo and Tibet is an act of imperialism (which is what I believe).

    Back to the main topic: it is inevitable to build up several autonomous, self supporting subnets inside each country for critical services, be it power generation and distribution (those cases missing in your article), or banks and trade exchanges, or police etc. The concept of having a single, global Internet without filters at borders and without national firewalls for critical services is an illusion that will die last in Silicon Valley. For the mobile telephone networks this separation is already happening in Europe: in a few years every EU state will operate a digital mobile system that is *exclusive* to police and emergency services (based on the TETRA technology of Motorola).

    The whole idiotic dogma of net neutrality, which is part of an imperialistic disrepect for the diverse legal systems of countries outside the US, has also helped morph cyber espionage into a cyber warfare that can shut down powerplants and hospitals.
  • The Georgian government did not start the war and did not fire the first shot!

    The Georgian government has been saying since beginning of August 2008 that the situation in South Ossetia is escalating and the Russian “peacekeepers” are staging provocations together with illegal armed forces of South Ossetian separatist regime. They started killing Georgian police officers and firing artillery shells at the Georgian villages located in South Ossetia, but the world was preoccupied with getting ready for the opening ceremony of Beijing 2008 Olympics.


    When the Georgian government officials told the Europeans in Brussels that we were at the brink of war, the Europeans politely warned the Georgians not to use the word “war” in the city of Brussels, because they do not like the word “war.” It seems that old Europe is getting older each day and with the age, because numerous warnings and cries by the Georgian officials fell on the deaf ears of old Europe. Never mind the fact that it took Hitler conquering Poland and Czechoslovakia, before the Western Europe realized this was a war.


    And what about the Americans? The American society is in the midst of elections, the Democrats want to see Europe take more responsibility for security in Caucasus region, the Republicans are divided and worried about gay marriage and abortion rights… The friends of Georgia in new Europe are trying everything to force the old Europe take harsher approach towards Russia, but Europe is dependent on Russian natural gas and oil.

    Giving up on a young democracy does not seem plausible for the Europeans, but the old Europe is scared of the new Russian bear. The new Russia is controlled by a xenophobic psychopath who has decided to break all the rules of the game, in order to change those rules. And the question comes: how can you stop a bully? Everyone can keep condemning the Russian government, but that paper will wind up in Putin’s toilet again… The only way to stop a bully is bully up against the bully – simple rule of life.


    With the recognition of South Ossetia and Abkhazia, the Russian government has proven the world that they will violate international laws whenever they feel like it and they will use aggression in the name of peace as they did in Prague 1968. If the world would not stand up for Georgia, who will be the next prey of the hungry Russian bear? Maybe Ukraine? Or Moldova? Or who knows… The Russian government is as unpredictable as the weather in England…


    The Georgian people are united and stand united, we have survived the onslaught by Mongols, Persians, Arabs, Turk-Seljuks throughout the history and we have still survived and we are not scared of the Russian bear either.


    Just last question to Mr. Putin. Mr. Putin, if you are so concerned about the freedom of small minorities, why not recognize the independence of Chechnya? Then Daghestan? Then Ingushetia? And then all the other autonomous republics where the citizens do not even speak Russian? Think about that at first and then lets discuss the independence of South Ossetia and Abkhazia, after 300,000 Georgian refugees return to their own homes.


    And to my fellow Abkhazian and South Ossetian brothers and sisters. Yes, there will be dancing and celebration in Sokhumi and Tskinvali, Yes you will be smiling and waving flags - Georgian flags of course….
  • edhardy622
    British law student sues Abercrombie-Fitch for disability discrimination.
    http://www.abercrombieonsale.co.uk