Jump to content

Cyberattacks during the Russo-Georgian War

From Wikipedia, the free encyclopedia
Russo-Georgian War
Main topics
Related topics
Georgia (country)AbkhaziaSouth OssetiaRussia

During theRusso-Georgian War,a series ofcyberattacksswamped and disabled websites of numerousSouth Ossetian,Georgian,RussianandAzerbaijaniorganisations. The attacks were initiated three weeks before the shooting war began.[1]

Attacks

[edit]

Georgia was already being attacked over the internet by 20 July 2008.[2][3]The website of the Georgian presidentMikheil Saakashviliwas targeted, resulting in overloading the site. The Web site was barraged with the message "win+love+in+Rusia". The site then was taken down for 24 hours.[4][5]

On 5 August 2008, the websites forOSInform News Agencyand OSRadio became victims of the hacking. The content of OSinform website at osinform.ru was replaced by the media of Alania TV website. Alania TV, a Georgian government backed television station, rejected responsibility for the hacking of the competing news agency website.Dmitry Medoyev,the South OssetianenvoytoMoscow,claimed that Georgia was attempting to suppress information on the casualties of the August 1-2 incident.[6]

On 5 August,Baku–Tbilisi–Ceyhan pipelinewas subject to a terrorist attack nearRefahiyeinTurkey,responsibility for which was originally taken byKurdistan Workers’ Party(PKK) but there iscircumstantial evidencethat it was instead a sophisticated computer attack on line's control and safety systems that led to increased pressure and explosion.[7]

According to researcherJart Armin,many Georgian servers were controlled from outside since late 7 August 2008.[8]On 8 August, the DDoS attacks reached their climax. The defacements began.[9]

On 8 August 2008, South Ossetian websites were attacked.[10][11]

On 9 August 2008, Russian and Turkish servers, allegedly controlled by the Russian hackers, were used to direct major Georgian Internet traffic. Although on the same day some Georgian Internet traffic was temporarily redirected to Germany, the Georgian traffic was soon again diverted to Moscow.[8][12]

On 10 August 2008, attacks took down the site ofRIA Novostifor several hours.[13]The next day, the sites of the Russian news agencies RIA Novosti,TASS,REGNUM News Agency,Lenta.ru,IzvestiaandEcho of Moscowwere being attacked.[14]

On 10 August, Jart Armin warned that Georgian official sites may be compromised.[8][12]

By 11 August 2008, the website of the Georgian president had been defaced and images comparing President Saakashvili toAdolf Hitlerwere posted. This was an example of cyber warfare combined with PSYOPs.[9]Georgian Parliament's site was also targeted by theDenial-of-service attack.[9][8]Attacks also targeted some Georgian commercial websites.[12][8][15]On 11 August, Foreign Ministry of Georgia said that Russia was conducting cyber battle against Georgian government sites simultaneously with a military operation, while a speaker for the Kremlin responded than it was Russian media and organisations that were being attacked.[16]The Ministry of Foreign Affairs started to use Google's Blogger service to spread news.[9][15]US servers were allocated to host the website of the Georgian President.[15]Among the victims of defacement were the websites of the National Bank of Georgia and the Georgian Parliament.[2][15]

Estoniaprovided hosting for Georgian governmental website and cyberdefense advisors.[17][3]Development Centre of State Information Systems of Estonia said that help had not been asked for by Georgia.[12]Private United States companies also assisted the Georgian government to protect its non-war making information such as the government payroll during the conflict.[18]It was reported that the Georgian communications infrastructure was being attacked by the Russian warplanes.[17]

The servers of the Azerbaijani news agency, Day.Az, were also targeted by cyberattacks, orchestrated by Russian intelligence services due to news agency's coverage.[19]ANS.az, one of the news websites in Azerbaijan, was also targeted.[20]The Georgian news siteCivil Georgiabegan usingBlogspotto disseminate news.[17]Despite the cyber-attacks, Georgian journalists succeeded in reporting on the war by using blogs.[21][22]

The U.S. presidential candidateBarack Obamacalled for ceasing the cyber attacks on the Georgia.[12]The President of Poland,Lech Kaczyński,criticized Russian obstruction of Georgian internet sites and proposed his website for spreading of the information.[15]Reporters Without Borderscriticized the internet attacks, "The Internet has become a battleground in which information is the first victim."[20]

The attacks involvedDenial-of-service attacks.[2][15][20]The New York Timesreported on 12 August that some experts noted this as the first time in history that a notable cyber attack and an actual military engagement happened at the same time. The attacks, originating from Russian hosting offices, did not cease on 12 August and stopgeorgia.ru, a Russian anti-Georgian website, was still running.[2]

On 14 August 2008,The Washington Postreported that although a cease-fire was reached, communication infrastructure could not completely resume normal operation.[22]

Analysis

[edit]

The Russian authorities denied the allegations that they were responsible for the attacks, instead pointing the finger at ordinary citizens.[2]It was asserted that theRussian Business Network(RBN), the group fromSaint Petersburg,organised these cyber attacks.[2][8][9][12][23]RBN was considered to be one of leading cyber crime networks in the world, whose founder allegedly is related to an influential person in Russian politics.[24]

Dancho Danchev, a Bulgarian Internet security analyst, claimed that the Russian attacks on Georgian websites used “all the success factors for total outsourcing of the bandwidth capacity and legal responsibility to the average Internet user.”[9]

Security researcher forArbor NetworksJose Nazario toldCNETthat Georgian assault on the website of Russian newspaper served as a proof of actual Georgian response to the cyber attacks.[25]

Don Jackson, an employee ofSecureworks,observed thatbotnetswere prepared to attack Georgia in advance before the war. These botnets became operational just before Russian bombing of Georgia commenced on 9 August.[2]Don Jackson lent credence to the idea that the Russian government was behind the attack, rather than the RBN. Furthermore, Jackson found that not all the computers that were assaulting Georgian websites were controlled by RBN servers, but also were using "Internet addresses belonging to state-owned telecommunications companies in Russia".[26]

TheCNNreported that according to specialists, the cyberwar against Georgia "signals a new kind of cyberwar, one for which the United States is not fully prepared."[27]

The ex-chief ofComputer Emergency Response Teamof Israel, Gadi Evron, believed the attacks on Georgian internet infrastructure resembled a cyber-rampage, rather than cyber-warfare. Evron admitted that although the attacks could be "indirect Russian (military) action," the attackers "could have attacked more strategic targets or eliminated the (Georgian Internet) infrastructure kinetically." Six distinctbotnets,managed by distinct servers, were accounted for byShadowserver Foundation.[28]

Jonathan Zittrain, one of the founders of Harvard'sBerkman Klein Center for Internet & Society,said that the Russian army was capable of targeting Georgia's Internet infrastructure, while Bill Woodcock, the research director atPacket Clearing House,suggested the attacks were professionally "coordinated". The Russian newspaper, pro-Georgian Skandaly.ru, was also targeted by attacks, upon which Woodcock commented "This was the first time that they ever attacked an internal and an external target as part of the same attack." The attack script against Georgia was discovered on almost every Russian news site by Gary Warner, an expert at theUniversity of AlabamaatBirmingham.[3]Bill Woodcock also said cyber attacks would stay around as a part of military campaigns in the future due to their low-cost.[2]

The Economistdescribed in detail in December 2008 how detailed manuals how to carry out DDoS attack against Georgian sites was available for any volunteer on Russian sites, such as StopGeorgia. Even the US and UK embassies Tbilisi were designated targets. The paper could not definitely link the attacks to the Russian authorities.[29]

In March 2009, Greylogic researchers assumed that the attacks were possibly conducted by RussianGRUand theFSB,who used the Stopgeorgia.ru forum as a facade to cover up the state responsibility.[30]

John Bumgarner, member of the United States Cyber Consequences Unit(US-CCU)did a research on the cyberattacks during the Russo-Georgian War. The report, published in August 2009, concluded that the 2008 Russian cyber warfare against Georgia stressed the importance of worldwide partnership to ensure cyber safety. The report stated that the Russian military planning was known to the cyber attackers, who were supposedly civilians. Bumgarner’s research concluded that "The first wave of cyber-attacks launched against Georgian media sites were in line with tactics used in military operations."[31]"Most of the cyber-attack tools used in the campaign appear to have been written or customized to some degree specifically for the campaign against Georgia," the research stated. The attackers possibly knew that the invasion of Georgia would begin before it even started.[32]

Michael Chertoffwrote in 2011 that the 2008 war demonstrated that the cyber war was the war of the future. The USDepartment of Defensepublished the first cyber strategy.[33]

See also

[edit]

References

[edit]
  1. ^Hollis, David (6 January 2011)."Cyberwar Case Study: Georgia 2008"(PDF).Small Wars Journal.Archived(PDF)from the original on 4 March 2022.Retrieved17 November2020.
  2. ^abcdefghMarkoff, John (12 August 2008)."Before the Gunfire, Cyberattacks".The New York Times.
  3. ^abcWentworth, Travis (23 August 2008)."How Russia May Have Attacked Georgia's Internet".Newsweek.Archived fromthe originalon 27 August 2008.
  4. ^Dancho Danchev (22 July 2008)."Georgia President's web site under DDoS attack from Russian hackers".ZDNet.
  5. ^Jeremy Kirk (21 July 2008)."Georgia president's Web site falls under DDOS attack".Computerworld.
  6. ^"S.Ossetian News Sites Hacked".Civil Georgia.5 August 2008.
  7. ^Jordan Robertson; Michael Riley (10 December 2014)."Mysterious '08 Turkey Pipeline Blast Opened New Cyberwar Era".Bloomberg.Archivedfrom the original on 10 December 2014.
  8. ^abcdefKeizer, Gregg (11 August 2008)."Cyberattacks knock out Georgia's Internet presence".Computerworld.
  9. ^abcdefDanchev, Dancho (11 August 2008)."Coordinated Russia vs Georgia cyber attack in progress".ZDNet.Archived fromthe originalon May 14, 2010.
  10. ^Хакеры атаковали правительственные сайты Южной Осетии(in Russian). Lenta.ru. 8 August 2008.
  11. ^Идет хакерская атака на осетинские информационные сайты(in Russian). RIA Novosti. 8 August 2008.
  12. ^abcdefJon Swaine (11 August 2008)."Georgia: Russia 'conducting cyber war'".The Telegraph.Archivedfrom the original on 2 September 2013.
  13. ^"RIA Novosti hit by cyber-attacks as conflict with Georgia rages".RIA Novosti. 10 August 2008. Archived fromthe originalon 12 August 2008.
  14. ^Российские информационные сайты подверглись массированной хакерской атаке(in Russian). Ura.ru. 11 August 2008.
  15. ^abcdefAsher Moses (12 August 2008)."Georgian websites forced offline in 'cyber war'".The Sydney Morning Herald.Archivedfrom the original on 14 September 2008.
  16. ^"Georgia says Russian hackers block govt websites".Reuters. 11 August 2008. Archived fromthe originalon 24 December 2014.
  17. ^abcNoah Shachtman (11 August 2008)."Estonia, Google Help 'Cyberlocked' Georgia (Updated)".Wired.
  18. ^Steven Korns and Joshua E. Kastenberg, Georgia's Cyber Left Hook, Parameters: Journal of the Army War College (2008), 59-64
  19. ^"Russian intelligence services undertook large scale attack against Day.Az server".Today.az.11 August 2008.
  20. ^abc"Russian and Georgian websites fall victim to a war being fought online as well as in the field".Reporters Without Borders.13 August 2008. Archived fromthe originalon 6 December 2010.
  21. ^Onnik Krikorian (24 August 2008)."Georgia: Regional Reporters".Global Voices.
  22. ^abKim Hart (14 August 2008)."Longtime Battle Lines Are Recast In Russia and Georgia's Cyberwar".The Washington Post.
  23. ^Siobhan Gorman (12 August 2008)."Georgia States Computers Hit By Cyberattack".The Wall Street Journal.
  24. ^"The hunt for Russia's web crims".The Age. 13 December 2007.
  25. ^Robert Vamosi (12 August 2008)."Russia and Georgia continue attacks--online".CNET.
  26. ^"Expert: Cyber-attacks on Georgia websites tied to mob, Russian government".LA Times Blogs - Technology.13 August 2008.Archivedfrom the original on 4 March 2022.Retrieved17 November2020.
  27. ^"U.S. at risk of cyberattacks, experts say".CNN. 18 August 2008.
  28. ^Waterman, Shaun (18 August 2008)."Analysis: Russia-Georgia cyberwar doubted".Middle East Times.Archived fromthe originalon 5 December 2008.
  29. ^"Marching off to cyberwar".The Economist. 4 December 2008.Archivedfrom the original on 6 May 2009.
  30. ^Leyden, John (23 March 2009)."Russian spy agencies linked to Georgian cyber-attacks".The Register.
  31. ^Brian Prince (18 August 2009)."Cyber-attacks on Georgia Show Need for International Cooperation, Report States".eWeek. Archived fromthe originalon 22 January 2013.
  32. ^Mark Rutherford (18 August 2009)."Report: Russian mob aided cyberattacks on Georgia".CNET. Archived fromthe originalon 25 March 2012.
  33. ^Jeffrey Carr (2011).Inside Cyber Warfare(PDF).O'Reilly. Archived fromthe original(PDF)on 21 July 2016.
[edit]
Retrieved from "https://en.wikipedia.org/w/index.php?title=Cyberattacks_during_the_Russo-Georgian_War&oldid=1232783812"