Cyberattacks during the Russo-Georgian War

From HandWiki
Short description: Series of cyber attacks during Russo-Georgian war in 2008

During the Russo-Georgian War, a series of cyberattacks swamped and disabled websites of numerous South Ossetian, Georgian, Russia n and Azerbaijani organisations. The attacks were initiated three weeks before the shooting war began.[1]

Attacks

On 20 July 2008, weeks before the Russian invasion of Georgia, "zombie" computers were already on the attack against Georgia.[2][3] The website of the Georgian president Mikheil Saakashvili was targeted, resulting in overloading the site. The traffic directed at the website included the phrase "win+love+in+Rusia". The site then was taken down for 24 hours.[4][5]

On 5 August 2008, the websites for OSInform News Agency and OSRadio were hacked. The OSinform website at osinform.ru kept its header and logo, but its content was replaced by the content of Alania TV website. Alania TV, a Georgian government supported television station aimed at audiences in South Ossetia, denied any involvement in the hacking of the rival news agency website. Dmitry Medoyev, the South Ossetian envoy to Moscow, claimed that Georgia was attempting to cover up the deaths of 29 Georgian servicemen during the flare-up on August 1 and 2.[6]

On 5 August, Baku–Tbilisi–Ceyhan pipeline was subject to a terrorist attack near Refahiye in Turkey, responsibility for which was originally taken by Kurdistan Workers' Party (PKK) but there is circumstantial evidence that it was instead a sophisticated computer attack on line's control and safety systems that led to increased pressure and explosion.[7]

According to Jart Armin, a researcher, many Georgian Internet servers were under external control since late 7 August 2008.[8] On 8 August, the DDoS attacks peaked and the defacements began.[9]

However, within hours the traffic was again diverted to Moscow-based servers.[8][10]

On 10 August 2008, RIA Novosti news agency's website was disabled for several hours by a series of Georgian counter-attacks.[11]

By 11 August 2008, the website of the Georgian president had been defaced and images comparing President Saakashvili to Adolf Hitler were posted. This was an example of cyber warfare combined with PSYOPs.[9] Georgian Parliament's site was also targeted.[9][8][12] Some Georgian commercial websites were also attacked.[10][8][12][13] The Ministry of Foreign Affairs set up a blog on Google's Blogger service as a temporary site. The Georgian President's site was moved to US servers.[9][12] The National Bank of Georgia’s Web site had been defaced at one point and 20th-century dictators' images and an image of Georgian president Saakashvili were placed.[2] The Georgian Parliament website was defaced by the "South Ossetia Hack Crew" and the content was replaced with images comparing President Saakashvili to Hitler.[12]

Estonia offered hosting for Georgian governmental website and cyberdefense advisors.[14][3] It was reported that the Russians bombed Georgia’s telecommunications infrastructure, including cell towers.[14] Private United States companies also assisted the Georgian government to protect its non-war making information such as the government payroll during the conflict.[15]

Russian hackers also attacked the servers of the Azerbaijani Day.Az news agency. The reason was Day.Az position in covering the Russian-Georgian conflict.[16] ANS.az, one of the leading news websites in Azerbaijan, was also attacked.[17] Russian intelligence services had also disabled the information websites of Georgia during the war.[16] The Georgian news site Civil Georgia switched their operations to one of Google's Blogspot domains.[14] Despite the cyber-attacks, Georgian journalists managed to report on the war. Many media professionals and citizen journalists set up blogs to report or comment on the war.[18][19][10]

Reporters Without Borders condemned the violations of online freedom of information since the outbreak of hostilities between Georgia and Russia. "The Internet has become a battleground in which information is the first victim," it said.[17]

The attacks involved Denial-of-service attacks.[12][17][2]

On 14 August 2008, it was reported that although a ceasefire reached, major Georgian servers were still down, hindering communication in Georgia.[19]

Analysis

The Russian government denied the allegations that it was behind the attacks, stating that it was possible that "individuals in Russia or elsewhere had taken it upon themselves to start the attacks".[2][20][21]

Dancho Danchev, a Bulgarian Internet security analyst claimed that the Russian attacks on Georgian websites used “all the success factors for total outsourcing of the bandwidth capacity and legal responsibility to the average Internet user.”[9]

Jose Nazario, security researcher for Arbor Networks, told CNET that he was seeing evidence that Georgia was responding to the cyber attacks, attacking at least one Moscow-based newspaper site.[22]

According to Don Jackson, director of threat intelligence at SecureWorks, this was lending credence to the idea that the Russian government was indeed behind the attack, rather than the RBN.[23] Furthermore, Jackson found that not all the computers that were attacking Georgian websites were on RBN servers, but also on "Internet addresses belonging to state-owned telecommunications companies in Russia".[23]

Gadi Evron, the former chief of Israel's Computer Emergency Response Team, believed the attacks on Georgian internet infrastructure resembled a cyber-riot, rather than cyber-warfare. Evron admitted the attacks could be "indirect Russian (military) action," but pointed out the attackers "could have attacked more strategic targets or eliminated the (Georgian Internet) infrastructure kinetically." Shadowserver registered six different botnets involved in the attacks, each controlled by a different command server.[24][25]

In March 2009, Security researchers from Greylogic concluded that Russia's GRU and the FSB were likely to have played a key role in co-coordinating and organizing the attacks. The Stopgeorgia.ru forum was a front for state-sponsored attacks.[26]

John Bumgarner, member of the United States Cyber Consequences Unit (US-CCU) did a research on the cyberattacks during the Russo-Georgian War. The report concluded that the cyber-attacks against Georgia launched by Russian hackers in 2008 demonstrated the need for international cooperation for security. The report stated that the organizers of the cyber-attacks were aware of Russia's military plans, but the attackers themselves were believed to have been civilians. Bumgarner’s research concluded that the first-wave of cyber-attacks launched against Georgian media sites were in line with tactics used in military operations.[27] "Most of the cyber-attack tools used in the campaign appear to have been written or customized to some degree specifically for the campaign against Georgia," the research stated.[28]

See also

References

  1. Hollis, David (6 January 2011). "Cyberwar Case Study: Georgia 2008". Small Wars Journal. https://smallwarsjournal.com/blog/journal/docs-temp/639-hollis.pdf. Retrieved 17 November 2020. 
  2. 2.0 2.1 2.2 2.3 Markoff, John (12 August 2008). "Before the Gunfire, Cyberattacks". The New York Times. https://www.nytimes.com/2008/08/13/technology/13cyber.html. 
  3. 3.0 3.1 Wentworth, Travis (23 August 2008). "How Russia May Have Attacked Georgia's Internet". Newsweek. http://www.newsweek.com/how-russia-may-have-attacked-georgias-internet-88111. 
  4. Dancho Danchev (22 July 2008). "Georgia President's web site under DDoS attack from Russian hackers". ZDNet. http://www.zdnet.com/article/georgia-presidents-web-site-under-ddos-attack-from-russian-hackers/. 
  5. "Georgia president's Web site falls under DDOS attack". Computerworld. 21 July 2008. http://www.computerworld.com/article/2534930/networking/georgia-president-s-web-site-falls-under-ddos-attack.html. 
  6. "S.Ossetian News Sites Hacked". Civil Georgia. 5 August 2008. http://www.civil.ge/eng/article.php?id=18896. 
  7. "Mysterious '08 Turkey Pipeline Blast Opened New Cyberwar Era". Bloomberg.com. 10 December 2014. https://www.bloomberg.com/news/2014-12-10/mysterious-08-turkey-pipeline-blast-opened-new-cyberwar.html. 
  8. 8.0 8.1 8.2 8.3 Keizer, Gregg (11 August 2008). "Cyberattacks knock out Georgia's Internet presence". Computerworld. http://www.computerworld.com/s/article/9112201/Cyberattacks_knock_out_Georgia_s_Internet_presence. 
  9. 9.0 9.1 9.2 9.3 9.4 Danchev, Dancho (11 August 2008). "Coordinated Russia vs Georgia cyber attack in progress". ZDNet. http://www.zdnet.com/blog/security/coordinated-russia-vs-georgia-cyber-attack-in-progress/1670. 
  10. 10.0 10.1 10.2 "Georgia: Russia 'conducting cyber war'". The Telegraph. 11 August 2008. https://www.telegraph.co.uk/news/worldnews/europe/georgia/2539157/Georgia-Russia-conducting-cyber-war.html. 
  11. Woodcock, Bill (11 August 2008). "The digital frontlines in the Georgia conflict". The Takeaway. The World (Public Radio International). https://theworld.org/stories/2008-08-11/digital-frontlines-georgia-conflict. 
  12. 12.0 12.1 12.2 12.3 12.4 Asher Moses (12 August 2008). "Georgian websites forced offline in 'cyber war'". The Sydney Morning Herald. http://www.smh.com.au/news/technology/georgian-websites-forced-offline/2008/08/12/1218306848654.html. 
  13. "Georgia says Russian hackers block govt websites". Reuters. 11 August 2008. http://uk.reuters.com/article/us-georgia-ossetia-hackers-idUKLB2050320080811. 
  14. 14.0 14.1 14.2 Shachtman, Noah (11 August 2008). "Estonia, Google Help 'Cyberlocked' Georgia (Updated)". Wired. https://www.wired.com/2008/08/civilge-the-geo/. Retrieved 6 March 2017. 
  15. Steven Korns and Joshua E. Kastenberg, Georgia's Cyber Left Hook, Parameters: Journal of the Army War College (2008), 59-64
  16. 16.0 16.1 "Russian intelligence services undertook large scale attack against Day.Az server". Today.az. 11 August 2008. http://www.today.az/news/politics/46885.html. 
  17. 17.0 17.1 17.2 "Russian and Georgian websites fall victim to a war being fought online as well as in the field". Reporters Without Borders. 13 August 2008. https://en.rsf.org/georgia-russian-and-georgian-websites-fall-13-08-2008,28167.html. 
  18. "Georgia: Regional Reporters". Global Voices. 24 August 2008. http://globalvoicesonline.org/2008/08/24/georgia-regional-reporters/. 
  19. 19.0 19.1 "Longtime Battle Lines Are Recast In Russia and Georgia's Cyberwar". The Washington Post. 14 August 2008. https://www.washingtonpost.com/wp-dyn/content/article/2008/08/13/AR2008081303623.html. 
  20. "Georgia States Computers Hit By Cyberattack". The Wall Street Journal. 12 August 2008. https://www.wsj.com/articles/SB121850756472932159. 
  21. "The hunt for Russia's web crims". The Age. 13 December 2007. http://www.theage.com.au/news/security/the-hunt-for-russias-web-crims/2007/12/12/1197135470386.html. 
  22. "Russia and Georgia continue attacks--online". CNET. 12 August 2008. http://www.cnet.com/news/russia-and-georgia-continue-attacks-online/. 
  23. 23.0 23.1 "Expert: Cyber-attacks on Georgia websites tied to mob, Russian government" (in en-US). 2008-08-13. https://latimesblogs.latimes.com/technology/2008/08/experts-debate.html. 
  24. "Unlikely That Russians Hacked Georgia Though Attacks Were Political | Cyber Talk Blog by Shimon Sheves" (in en-US). http://www.cybertalkblog.co.uk/unlikely-that-russians-hacked-georgia-though-attacks-were-political/. 
  25. "Marching off to cyberwar". The Economist. 4 December 2008. http://www.economist.com/science/tq/displaystory.cfm?story_id=12673385&CFID=34793589&CFTOKEN=83946352. 
  26. Leyden, John (23 March 2009). "Russian spy agencies linked to Georgian cyber-attacks". The Register. https://www.theregister.co.uk/2009/03/23/georgia_russia_cyberwar_analysis/. 
  27. Brian Prince (18 August 2009). "Cyber-attacks on Georgia Show Need for International Cooperation, Report States". eWeek. http://www.eweek.com/c/a/Security/Cyber-Attacks-on-Georgia-Show-Need-for-International-Cooperation-Report-States-294120/. [yes|permanent dead link|dead link}}]
  28. Mark Rutherford (18 August 2009). "Report: Russian mob aided cyberattacks on Georgia". CNET. http://news.cnet.com/8301-13639_3-10312708-42.html. 

External links