MarketCyberattacks during the Russo-Georgian War
Company Profile

Cyberattacks during the Russo-Georgian War

During the Russo-Georgian War, a series of cyberattacks swamped and disabled websites of numerous South Ossetian, Georgian, Russian and Azerbaijani organisations. The attacks were initiated three weeks before the shooting war began.

Attacks
Georgia was already being attacked over the internet by 20 July 2008. The website of the Georgian president Mikheil Saakashvili was targeted, resulting in overloading the site. The Web site was barraged with the message "win+love+in+Rusia". The site then was taken down for 24 hours. On 5 August 2008, the websites for OSInform News Agency and OSRadio became victims of the hacking. The content of OSinform website at osinform.ru was replaced by the media of Alania TV website. Alania TV, a Georgian government backed television station, rejected responsibility for the hacking of the competing news agency website. Dmitry Medoyev, the South Ossetian envoy to Moscow, claimed that Georgia was attempting to suppress information on the casualties of the August 1-2 incident. On 5 August, Baku–Tbilisi–Ceyhan pipeline was subject to a terrorist attack near Refahiye in Turkey, responsibility for which was originally taken by Kurdistan Workers’ Party (PKK) but there is circumstantial evidence that it was instead a sophisticated computer attack on line's control and safety systems that led to increased pressure and explosion. According to researcher Jart Armin, many Georgian servers were controlled from outside since late 7 August 2008. On 9 August 2008, Russian and Turkish servers, allegedly controlled by the Russian hackers, were used to direct major Georgian Internet traffic. Although on the same day some Georgian Internet traffic was temporarily redirected to Germany, the Georgian traffic was soon again diverted to Moscow. The next day, the sites of the Russian news agencies RIA Novosti, TASS, REGNUM News Agency, Lenta.ru, Izvestia and Echo of Moscow were being attacked. On 10 August, Jart Armin warned that Georgian official sites may be compromised. The Ministry of Foreign Affairs started to use Google's Blogger service to spread news. Among the victims of defacement were the websites of the National Bank of Georgia and the Georgian Parliament. It was reported that the Georgian communications infrastructure was being attacked by the Russian warplanes. ANS.az, one of the news websites in Azerbaijan, was also targeted. Despite the cyber-attacks, Georgian journalists succeeded in reporting on the war by using blogs. The U.S. presidential candidate Barack Obama called for ceasing the cyber attacks on the Georgia. The President of Poland, Lech Kaczyński, criticized Russian obstruction of Georgian internet sites and proposed his website for spreading of the information. The attacks involved Denial-of-service attacks. On 14 August 2008, The Washington Post reported that although a cease-fire was reached, communication infrastructure could not completely resume normal operation. == Analysis ==
Analysis
The Russian authorities denied the allegations that they were responsible for the attacks, instead pointing the finger at ordinary citizens. RBN was considered to be one of leading cyber crime networks in the world, whose founder allegedly is related to an influential person in Russian politics. Dancho Danchev, a Bulgarian Internet security analyst, claimed that the Russian attacks on Georgian websites used “all the success factors for total outsourcing of the bandwidth capacity and legal responsibility to the average Internet user.” Security researcher for Arbor Networks Jose Nazario told CNET that Georgian assault on the website of Russian newspaper served as a proof of actual Georgian response to the cyber attacks. Don Jackson, an employee of Secureworks, observed that botnets were prepared to attack Georgia in advance before the war. These botnets became operational just before Russian bombing of Georgia commenced on 9 August. The CNN reported that according to specialists, the cyberwar against Georgia "signals a new kind of cyberwar, one for which the United States is not fully prepared." The ex-chief of Computer Emergency Response Team of Israel, Gadi Evron, believed the attacks on Georgian internet infrastructure resembled a cyber-rampage, rather than cyber-warfare. Evron admitted that although the attacks could be "indirect Russian (military) action," the attackers "could have attacked more strategic targets or eliminated the (Georgian Internet) infrastructure kinetically." Six distinct botnets, managed by distinct servers, were accounted for by Shadowserver Foundation. Jonathan Zittrain, one of the founders of Harvard's Berkman Klein Center for Internet & Society, said that the Russian army was capable of targeting Georgia's Internet infrastructure, while Bill Woodcock, the research director at Packet Clearing House, suggested the attacks were professionally "coordinated". The Russian newspaper, pro-Georgian Skandaly.ru, was also targeted by attacks, upon which Woodcock commented "This was the first time that they ever attacked an internal and an external target as part of the same attack." The attack script against Georgia was discovered on almost every Russian news site by Gary Warner, an expert at the University of Alabama at Birmingham. In March 2009, Greylogic researchers assumed that the attacks were possibly conducted by Russian GRU and the FSB, who used the Stopgeorgia.ru forum as a facade to cover up the state responsibility. John Bumgarner, member of the United States Cyber Consequences Unit (US-CCU) did a research on the cyberattacks during the Russo-Georgian War. The report, published in August 2009, concluded that the 2008 Russian cyber warfare against Georgia stressed the importance of worldwide partnership to ensure cyber safety. The report stated that the Russian military planning was known to the cyber attackers, who were supposedly civilians. Bumgarner’s research concluded that "The first wave of cyber-attacks launched against Georgian media sites were in line with tactics used in military operations." "Most of the cyber-attack tools used in the campaign appear to have been written or customized to some degree specifically for the campaign against Georgia," the research stated. The attackers possibly knew that the invasion of Georgia would begin before it even started. Michael Chertoff wrote in 2011 that the 2008 war demonstrated that the cyber war was the war of the future. The US Department of Defense published the first cyber strategy. ==See also==
Source: Wikipedia ↗
tickerdossier.comtickerdossier.substack.com