[aaus-list] cyberattacks on Georgia

Roma Hadzewycz staff at ukrweekly.com
Mon Sep 15 09:43:51 EDT 2008 

Eurasia Daily Monitor, September 12:


THE CYBER DIMENSION OF RUSSIA’S ATTACK ON GEORGIA

A growing body of evidence suggests that Russia’s disproportionate  
military assault on Georgia in the aftermath of Tbilisi’s failed bid  
to retake the breakaway region of South Ossetia was preceded and  
accompanied by a series of coordinated and sophisticated cyber  
assaults on Georgia’s embryonic Internet infrastructure.

The distributed denial of service (DDOS) attacks against Georgian  
websites began almost two months before the short-lived war between  
Russia and Georgia (The Washington Post, August 14). In July United  
States-based Internet watchdogs registered DDOS attacks against the  
official website of the President of Georgia, Mikheil Saakashvili,  
which disabled the website for a 24-hour period. The attacks were  
detected by the command and control server in the United States,  
which had become operational several weeks prior to the cyber assault  
(International Herald Tribune, August 13; The Independent, August 17).


DDOS attacks are carried out when compromised personal computers  
organized into vast networks (botnets) are ordered by hackers to send  
millions of specifically composed requests simultaneously to a  
designated website or websites in order to overload a server and  
cause it to shut down. The botnets are large sets of personal  
computers that have been infected with malicious software (malware)  
programs that allow hackers to control them remotely. The owners of  
these “zombie” PCs are often completely unaware that their  
computers are involuntarily participating in such cyber attacks  
(Reuters, August 16; UPI, August 18).

The July attack appeared to be a dress rehearsal of what was to  
follow in August. By August 8, as Russian tanks began to roll through  
the Roki Tunnel into South Ossetia, the Georgian government and media  
websites started to crash intermittently under the relentless assault  
of multiple botnet-based DDOS attacks. According to the Shadowserver  
Foundation, a volunteer watchdog group specializing in analyzing  
malicious activities on the Internet, the first concerted attack  
began at 2:00 PM GMT on August 8. The Shadowserver identified six  
different botnets that participated in the attacks on Georgian  
government and media websites (UPI, August 18).

In the early stages of the conflict the Russian hacktivists (hacker  
activists) managed to shut down the websites of the President of  
Georgia, Georgian Parliament, the Ministry of Defense, the Ministry  
of Foreign Affairs, the National Bank of Georgia, the English- 
language on-line news dailies The Messenger and www.civil.ge, as well  
as the on-line version of the popular Rustavi 2 television channel.  
In addition, the websites of the Georgian Ministry of Foreign Affairs  
and National Bank of Georgia were defaced with the digitally  
reformatted image of President Saakashvili superimposed on a collage  
of photos of Nazi leader Adolph Hitler (The New York Times, August  
12; International Herald Tribune, August 13; The Washington Post,  
August 14; The Independent, August 17).





(Screenshot from the website of the Georgian Ministry of Foreign  
Affairs after it had been defaced by the Russian hacktivists)


Facing the cyber emergency, the websites of the Georgian Ministry of  
Foreign Affairs and www.civil.ge were temporarily accommodated with  
Google’s permission on Blogspot domain, which is better protected  
against a sustained DDOS attack (The New York Times, August 12;  
Transitions Online, http://blogs.tol.org, August 15). On August 9 the  
President’s website and the on-line version of the Rustavi 2  
television channel were transferred to the new host, Tulip Systems,  
Inc., an Atlanta-based Internet hosting company owned by the Georgia  
native Nino Doijashvili. As it turned out, Doijashvili was on  
vacation in Georgia when the Russian invasion began and, after  
finding out about the troubles with the aforementioned websites, she  
contacted the Georgian government to offer assistance (The New York  
Times, August 12; The Atlanta Journal-Constitution, August 17).

In an unprecedented show of solidarity and support, Estonia, where  
the NATO Cyber Defense Center (see EDM, May 15) is located, began to  
host the website of the Georgian Ministry of Foreign Affairs and  
dispatched two information security specialists from its Computer  
Emergency Response Team (CERT) to assist the Georgian authorities  
(Wired/Danger Room, August 11; The Earth Times, www.earthtimes.org,  
August 11; IDG News Service, August 12; Rosbalt news agency, August  
13). According to a press statement released by Estonia’s State  
Center of Development of Information Systems, in addition to the  
website of the Georgian Ministry of Foreign Affairs, Estonia is now  
also hosting the websites of the National Bank of Georgia and the  
English-language on-line news portal www.civil.ge (www.lenta.ru,  
August 27; www.iToday.ru, August 27).

One of the nerve centers of the Russian cyber attack on Georgia was  
the website www.StopGeorgia.ru, which was set up specifically to  
coordinate the on-line activities of Russian hacktivist underground.  
The website featured a continuously updated scoreboard with the list  
of target websites, which included mostly Georgian government  
websites but also the websites of the American and British Embassies  
in Tbilisi. The visitors were encouraged to download a free software  
program called DoSHTTP, which allowed them to join the massive DDOS  
attacks against the targeted websites (Slate, http://www.slate.com,  
August 14). Another disturbing sign of sophisticated planning that  
went in to the Russian cyber attack was that the Russian hackers  
preempted a retaliation by far fewer Georgian hackers by shutting  
down the two most popular websites of Georgian hackers—www.hacker.ge  
and www.warez.ge--in the initial stages of the cyber assault (UPI,  
August 18).

The Russian on-line offensive against Georgia was not limited to the  
botnet-based DDOS attacks organized and coordinated by the Russian  
hacktivist underground. The Russian bloggers entered the fray  
enthusiastically when they manipulated the results of the non- 
scientific Quickvote on-line poll on the CNN website to qualify  
Russia’s actions in Georgia as justified as peacekeeping. As the  
Russian on-line journal www.webplanet.ru reports, the news of the CNN  
on-line poll was quickly disseminated through the vast Russian  
“blogosphere” with appeals to visitors to go to the CNN website to  
click on the answer that justified Russia’s actions as peacekeeping.  
The indexed search on the Russian on-line search engine www.yandex.ru  
yielded thousands of Russian blogs containing a reference to the CNN  
poll. As a result, Russia’s actions were qualified as peacekeeping  
by an overwhelming 92 percent of the predominantly Russian on-line  
voters before the Quickvote was taken down by CNN (www.profy.com,  
August 12; www.webplanet.ru, August 12; Transitions Online, http:// 
blogs.tol.org, August 15).

Roma Hadzewycz
Editor-in-Chief
The Ukrainian Weekly and Svoboda
2200 Route 10
Parsippany, NJ 07054
tel: 973-292-9800, x 3049
fax: 973-644-9510


-------------- next part --------------
Skipped content of type multipart/related

More information about the aaus-list mailing list