Cyberattack Against Georgia Preceded Real Attack

This is interesting:

Exactly who was behind the cyberattack is not known. The Georgian government blamed Russia for the attacks, but the Russian government said it was not involved. In the end, Georgia, with a population of just 4.6 million and a relative latecomer to the Internet, saw little effect beyond inaccessibility to many of its government Web sites, which limited the government's ability to spread its message online and to connect with sympathizers around the world during the fighting with Russia.

[...]

In Georgia, media, communications and transportation companies were also attacked, according to security researchers. Shadowserver saw the attack against Georgia spread to computers throughout the government after Russian troops entered the Georgian province of South Ossetia. The National Bank of Georgia's Web site was defaced at one point. Images of 20th-century dictators as well as an image of Georgia's president, Mr. Saakashvili, were placed on the site. "Could this somehow be indirect Russian action? Yes, but considering Russia is past playing nice and uses real bombs, they could have attacked more strategic targets or eliminated the infrastructure kinetically," said Gadi Evron, an Israeli network security expert. "The nature of what's going on isn't clear," he said.

[...]

In addition to D.D.O.S. attacks that crippled Georgia's limited Internet infrastructure, researchers said there was evidence of redirection of Internet traffic through Russian telecommunications firms beginning last weekend. The attacks continued on Tuesday, controlled by software programs that were located in hosting centers controlled by a Russian telecommunications firms. A Russian-language Web site, stopgeorgia.ru, also continued to operate and offer software for download used for D.D.O.S. attacks.

Welcome to 21st century warfare.

"It costs about 4 cents per machine," Mr. Woodcock said. "You could fund an entire cyberwarfare campaign for the cost of replacing a tank tread, so you would be foolish not to."

Posted on August 18, 2008 at 1:11 PM • 28 Comments

Comments

alAugust 18, 2008 1:41 PM

About 8000 USAF personnel are available. I hear they grow nice peaches in Georgia.

mcbAugust 18, 2008 1:57 PM

"About 8000 USAF personnel are available." Yeah, but I'll guess the American program costs significantly more than one tank tread...

Clive RobinsonAugust 18, 2008 2:48 PM

The whole thing looks like Russia has planed the whole "event" for some time.

The old "protect our people in another country" line had a grey beard on it when Hitler used it. It has subsiquently been used by China, Israel and a number of others.

The Balkans has seen this sort of thing for hundreds of years and it was only under Tito that there was any measure of stability. Unfortunatly as was seen rather than provide the foundation for peace Tito only managed to keep it in check and it exploded back after him.

Likewise Sadam kept the lid on the factions in Iraq but as has been seen after him the trouble flared up again

Basicaly I suspect the Russian Gov have been deliberatly stiring up the "russian patriots" in northan Georgia for some time, and providing them with arms and intel so that they became a very sucessful thorn in the side of the Georgian Democratic Government.

I further susspect that Russia pushed the issue along more rapidly recently due to the fact that Georgia nearly/ is going to become a member of NATO.

If they had joined ten months back then the NATO countries would be at war with Russia.

So the Russians get important teritory (think oil pipeline) and accsess to the sea and send a message to the U.S. To stop playing in their back yard.

I think a number of other ex USSR countries are starting to feel very scared as it looks like Cold War Policies are back on the table again.

TravisAugust 18, 2008 2:54 PM

I've said it before in multiple locations, and I'll say it here, now:

I adore the phrase "considering Russia is past playing nice and uses real bombs, they could have attacked more strategic targets or eliminated the infrastructure kinetically"

WotNoSpam.itAugust 18, 2008 3:19 PM

I've noticed, as others have on slashdot a large drop in email spam since these cyber attacks - maybe the Georgian's were big spammers until they got hit - or maybe the Russians took their guns off us while they attacked Georgia.

AlexAugust 18, 2008 3:50 PM

WotNoSpam.it, yes it sounds likely that someone rented a piece of the almighty botnet and that the result is less spam. From what I've heard the attacks came from RBN, Russian Busines Network, which is not linked to the Russian state. It is some kind of organisation that runs botnets for profit (not for fun).

Davi OttenheimerAugust 18, 2008 4:12 PM

@ Clive

"The whole thing looks like Russia has planed the whole 'event' for some time."

Of course they were, as were the Georgians; these are border countries with resource and identity issues you would normally expect, let alone intensified by the US supplying arms and training.

US trainers now claim that Georgia was not ready to fight, though:

http://hosted.ap.org/dynamic/stories/G/...

The Cold War restarted when the Cold War thinkers (Cheney and Rumsfeld) came back to office. All the anti-proliferation progress made in the early 1990s went up in smoke after Bush won in 2000. The current administration dismissed previous sanctions, negotiations and inspections and instead restarted proliferation and a doctrine of pre-emptive strikes.

The President from Texas might want to consider how the US annexed his adopted home state from Mexico, as well as how his administration dismissed the UN, before he tries to criticize Russia and call on the UN to stand against them.

http://en.wikipedia.org/wiki/Mexican-American_War

http://www.thenation.com/blogs/capitalgames?...

Davi OttenheimerAugust 18, 2008 4:14 PM

Ooops, forgot to point out this nugget from the AP article cited above:

"As soon as combat began, the army's communications network largely collapsed, he said, so troops conducted operations using regular cell phones. That left their communications easily accessible to Russian intelligence."

Doh.

ShaneAugust 18, 2008 4:28 PM

@Davi

"The Cold War restarted when the Cold War thinkers (Cheney and Rumsfeld) came back to office."

Yea... well don't forget good ole' Mr. Putin, he's cut from the same terrible cloth.

Clive RobinsonAugust 18, 2008 5:00 PM

@ Davi, Shane,

Do you want a little bet on how long it will be before we start to look for colour under our beds again?

Even though I am old enough to remember where I was when JFK got shot it still takes me by surprise just how often the wheel of history runs the same old course 8(

MacGyverAugust 18, 2008 5:24 PM

I'll start freaking out when they tell me that a cyber attack took out the Georgian water, electricity, transportation and gas infrastructures.

Mac

Ross SniderAugust 18, 2008 6:42 PM

Let's not be unreasonable here. Doesn't anyone remember Estonia and the great Russian army attack on them? Yeah, it was a kid with a botnet.

When is the media going to start presenting stories about Russia's infrastructure and DoS'ed websites? Any Georgian can log into stopgeorgia.ru, download tools and hit the Russians back. I'm sure they are.

I'm not saying we shouldn't be wary of cyber attacks - but really - let's not overcomplicate this and overindulge ourselves with the idea that the internet is just as or more effective at winning wars than bullets and bombs. There are serious ramifications to having your communication topology owned or down - but we've seen this throughout all wars in all of humankind. Remember spies? Yeah? That's owning a communication topology. Sabotage? Yeah - we've always done that too.

It's through a new medium, but it isn't a new thing. Both sides are bound to be doing it to - so I'm not sure why we have this anti-Russia sting to all of our reports.

indicatorsAugust 18, 2008 7:34 PM

While the Republic of Georgia got hit, they are lucky. It sends a good message to get ready in many ways. Small little measures, can really add up in advance.
Other message is simple, get your IT solid. Forget M$ and Linux. *BSD or LynxOS if necessary.
The flip side is simple, high grade IT is great for making a statement to the world about current events, especially if streaming video is up.
Community support of a group worldwide can really add up, every dollar helps, it also starts up the movement.
Its is tragically funny how many governments neglect IT.

Michael LambrellisAugust 18, 2008 9:59 PM

@Clive,

The reason the wheel of history is running in the same track is because the powers are pulling the same old stunts.

JFK moved missiles into eastern Turkey just over the border from the USSR and those bad russkies responded with the Cuban missile "crisis". Now we have Bush crowding the Russian sphere of influence (all those former USSR satellites make wonderful markets for Boeing and Raytheon), and being surprised that the Russian bear is still a bear (poke it at your peril).

That being said, I agree with MacGyver on the whole "cyber-war" thing. Wake me when the real infrastructure starts shutting down as a result of these "attacks".

freshAugust 19, 2008 1:43 AM

Don't forget that Georgian sites are small and not oriented on high load.

So when this campain began, Georgian news sites were falled due to lot of traffic.

BUT, really highly optimized pro-goverment *Russian* news sites were attacked (and were uanavailable):
http://en.rian.ru/russia/20080810/115936419.html

Think about it. Join it with information that Georgia turned off *.ru zone and all russian tele-channels (georgian people still have no access to real ossetian victims body-count, killed by Saakashvilli missiles http://www.flickr.com/photos/29507379@N06/ ).

Maybe this will help to realize who is attacked indeed, it's goals etc.

Why am i typing it?... Just a hope.

maxpicAugust 19, 2008 2:55 AM

Rebember that Georgian began this war. They bomb the separatists. They made an "in house" stategies against Russian to pump the Georgian people.
I think this is all part of a strategy.
Remember the PNAC and "Further, the process of transformation, even if it brings revolutionary change, is likely to be a long one, absent some catastrophic and catalyzing event – like a new Pearl Harbor"

AlexAugust 19, 2008 3:11 AM

From a political point of view, Patrick J. Buchanan summarizes it best:

"Had Georgia been in NATO when Mikheil Saakashvili invaded South Ossetia, we would be eyeball to eyeball with Russia, facing war in the Caucasus, where Moscow’s superiority is as great as U.S. superiority in the Caribbean during the Cuban missile crisis.

If the Russia-Georgia war proves nothing else, it is the insanity of giving erratic hotheads in volatile nations the power to drag the United States into war."

From a computer perspective I can note that the "hacktivism" trend seems to grow stronger for each conflict. But it doesn't look like governments are using it yet. Maybe we will see that in future conflicts.

ConcernedAugust 19, 2008 7:31 AM

Some bloggers might feel the US is the root of all evil, but it clearly tries to promote freedom around the world. Russia clearly invaded to stop Georgia from joining NATO and indicate to former satellite nations that they better remember they are in Russia's sphere of influence, not the US. It is chilling at how completely NATO, UN, and US agreed and left Georgia to get crushed. Russia also needs to ensure its oil transit routes now that it has focused its strategy on becoming a superpower in energy. Taking out the electronic and communications infrastructure is now firmly established as part of modern warfare. I feel sorry for eastern europe countries which had started to feel a breath of freedom (economic and political). The world was also a kinder place when Russia and the US were not having a cold war.

FDHYAugust 19, 2008 8:34 AM

It's conceivable that it could have been the Russians. It could have been another enemy of the state of Georgia as well... Perhaps further evidence will be found to pinpoint the source.

Clive RobinsonAugust 19, 2008 10:14 AM

@ Alex,

"If the Russia-Georgia war proves nothing else, it is the insanity of giving erratic hotheads in volatile nations the power to drag the United States into war."

I wonder just who Pat Buchanan was refering to when he said "erratic hotheads", the "Politicos" or the Russian passport holding "terrorists / freedom fighters / seperatists / whatever sound bite sounds fits your view"?

After all just why did the U.S. invade Afganistan or Iraq? Which hot head where they (supposadly) persuing, terrorist (Osama) or president (Sadam)...

AlexAugust 19, 2008 12:51 PM

@Clive Robinson,

Buchanan ment the Georgian president "Misha" Sakahsvili. If his country would have been inside NATO then US would be forced to defend Georgia even though the conflict was provoked by Misha and not by Russia. The last thing the US needs now is another war. Luckily enough Georgia is not in NATO so this little trifle didn't escalate into a big war.

When it comes to Iraq I have absolutely no idea what the reasons are for that operation. It seems strange to loose so many lives and so much money without any obvious profit for any side (except for the arms industry).

KhriundikAugust 19, 2008 1:47 PM

Guys, welcome to realpolitik. It is axiomatic that each current or former superpower has its interests. Some are vital, others are not. It is interesting that US, while constantly poking around Russia's backyard, in fact was ignoring Russia's legitimate and vital interests. One should just recall how US invaded the Dominican Republic, Grenada or Panama, when it was not really endangering but just "perceived as endangering" US interests. Russia's concerns were much more vital and serious than US cases in its own hemisphere. It seems that Russians has long been warning US not to cross the line. Their warnings and signals have been ignored. Now, there is some information that it seems like US gave promises to Russia to keep Georgian leadership in check. Forget democracy vs tyranny. It is just a smokescreen. Russia was provoked. The other story is that it was preparing itself for this provocation in view of US irresponsible actions. These actions gave Russia too much reason to believe it was being encircled by color coded revolutions which were US-supported projects. Still another (human) side of the story is a dismal quality of "leadership" material used to project US interests in this post-Soviet area. One has just to watch Georgian commander-in-chief uncontrollably chewing his necktie to realize what kind of idiots are touted as "beacons of democracy".

PHBAugust 20, 2008 9:00 AM

The Estonian DDoS was NOT JUST one kid with a botnet. There were many people involved, they caught only one and we do not know whether the one they caught was acting for someone else (he is unlikely to admit it).

Whether the GRU actually pays for these attacks or they are simply unilateral efforts by irregulars will not be known for years. But we know for a fact that Putin has opponents murdered on the streets of London with Polonium poisoned teapots. And given that the GRU could have chosen a more easily obtained poison they certainly wanted to send the message that they are a bunch of terrorist thugs.

But the coincidence of the botnet recruitment ahead of the Georgian crisis is almost certainly due at most to the events having a common cause, at least with respect to timing. If the GRU knew that Georgia was planning an attack they would not be making highly visible plans for a cyberwar, its not like the effect of the attack was particularly severe.

More likely the bots were being recruited for DDoS extortion on gambling sites ahead of the Olympics and the Georgians timed their action ahead of the opening in the hopes of securing their position during the Olympic truce.

mooAugust 20, 2008 11:48 AM

"As soon as combat began, the army's communications network largely collapsed, he said, so troops conducted operations using regular cell phones. That left their communications easily accessible to Russian intelligence."


Well, that is obviously the whole point of taking out the secure channels, right? Either they talk to each other in the clear where the enemy can listen in, or they don't talk to each other at all.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..