THE CYBER DIMENSION OF RUSSIA’S ATTACK ON GEORGIA
Publication: Eurasia Daily Monitor Volume: 5 Issue: 175
By:
A growing body of evidence suggests that Russia’s disproportionate military assault on Georgia in the aftermath of Tbilisi’s failed bid to retake the breakaway region of South Ossetia was preceded and accompanied by a series of coordinated and sophisticated cyber assaults on Georgia’s embryonic Internet infrastructure.
The distributed denial of service (DDOS) attacks against Georgian websites began almost two months before the short-lived war between Russia and Georgia (The Washington Post, August 14). In July United States-based Internet watchdogs registered DDOS attacks against the official website of the President of Georgia, Mikheil Saakashvili, which disabled the website for a 24-hour period. The attacks were directed by the command and control server in the United States, which had become operational several weeks prior to the cyber assault (International Herald Tribune, August 13; The Independent, August 17).
DDOS attacks are carried out when compromised personal computers organized into vast networks (botnets) are ordered by hackers to send millions of specifically composed requests simultaneously to a designated website or websites in order to overload a server and cause it to shut down. The botnets are large sets of personal computers that have been infected with malicious software (malware) programs that allow hackers to control them remotely. The owners of these “zombie” PCs are often completely unaware that their computers are involuntarily participating in such cyber attacks (Reuters, August 16; UPI, August 18).
The July attack appeared to be a dress rehearsal of what was to follow in August. By August 8, as Russian tanks began to roll through the Roki Tunnel into South Ossetia, the Georgian government and media websites started to crash intermittently under the relentless assault of multiple botnet-based DDOS attacks. According to the Shadowserver Foundation, a volunteer watchdog group specializing in analyzing malicious activities on the Internet, the first concerted attack began at 2:00 PM GMT on August 8. The Shadowserver identified six different botnets that participated in the attacks on Georgian government and media websites (UPI, August 18).
In the early stages of the conflict the Russian hacktivists (hacker activists) managed to shut down the websites of the President of Georgia, Georgian Parliament, the Ministry of Defense, the Ministry of Foreign Affairs, the National Bank of Georgia, the English-language on-line news dailies The Messenger and www.civil.ge, as well as the on-line version of the popular Rustavi 2 television channel. In addition, the websites of the Georgian Ministry of Foreign Affairs and National Bank of Georgia were defaced with the digitally reformatted image of President Saakashvili superimposed on a collage of photos of Nazi leader Adolph Hitler (The New York Times, August 12; International Herald Tribune, August 13; The Washington Post, August 14; The Independent, August 17).
Facing the cyber emergency, the websites of the Georgian Ministry of Foreign Affairs and www.civil.ge were temporarily accommodated with Google’s permission on Blogspot domain, which is better protected against a sustained DDOS attack (The New York Times, August 12; Transitions Online, https://blogs.tol.org, August 15). On August 9 the President’s website and the on-line version of the Rustavi 2 television channel were transferred to the new host, Tulip Systems, Inc., an Atlanta-based Internet hosting company owned by the Georgia native Nino Doijashvili. As it turned out, Doijashvili was on vacation in Georgia when the Russian invasion began and, after finding out about the troubles with the aforementioned websites, she contacted the Georgian government to offer assistance (The New York Times, August 12; The Atlanta Journal-Constitution, August 17).
In an unprecedented show of solidarity and support, Estonia, where the NATO Cyber Defense Center (see EDM, May 15) is located, began to host the website of the Georgian Ministry of Foreign Affairs and dispatched two information security specialists from its Computer Emergency Response Team (CERT) to assist the Georgian authorities (Wired/Danger Room, August 11; The Earth Times, www.earthtimes.org, August 11; IDG News Service, August 12; Rosbalt news agency, August 13). According to a press statement released by Estonia’s State Center of Development of Information Systems, in addition to the website of the Georgian Ministry of Foreign Affairs, Estonia is now also hosting the websites of the National Bank of Georgia and the English-language on-line news portal www.civil.ge (www.lenta.ru, August 27; www.iToday.ru, August 27).
One of the nerve centers of the Russian cyber attack on Georgia was the website www.StopGeorgia.ru, which was set up specifically to coordinate the on-line activities of Russian hacktivist underground. The website featured a continuously updated scoreboard with the list of target websites, which included mostly Georgian government websites but also the websites of the American and British Embassies in Tbilisi. The visitors were encouraged to download a free software program called DoSHTTP, which allowed them to join the massive DDOS attacks against the targeted websites (Slate, https://www.slate.com, August 14). Another disturbing sign of sophisticated planning that went in to the Russian cyber attack was that the Russian hackers preempted a retaliation by far fewer Georgian hackers by shutting down the two most popular websites of Georgian hackers—www.hacker.ge and www.warez.ge–in the initial stages of the cyber assault (UPI, August 18).
The Russian on-line offensive against Georgia was not limited to the botnet-based DDOS attacks organized and coordinated by the Russian hacktivist underground. The Russian bloggers entered the fray enthusiastically when they manipulated the results of the non-scientific Quickvote on-line poll on the CNN website to qualify Russia’s actions in Georgia as justified as peacekeeping. As the Russian on-line journal www.webplanet.ru reports, the news of the CNN on-line poll was quickly disseminated through the vast Russian “blogosphere” with appeals to visitors to go to the CNN website to click on the answer that justified Russia’s actions as peacekeeping. The indexed search on the Russian on-line search engine www.yandex.ru yielded thousands of Russian blogs containing a reference to the CNN poll. As a result, Russia’s actions were qualified as peacekeeping by an overwhelming 92 percent of the predominantly Russian on-line voters before the Quickvote was taken down by CNN (www.profy.com, August 12; www.webplanet.ru, August 12; Transitions Online, https://blogs.tol.org, August 15).
In terms of actual damage, the Russian cyber attack had a significant impact only on the timely dissemination of information from Georgia during the first five days of the conflict. Georgia’s relative backwardness with regard to the Internet availability–only 7 percent of the population has access to the Internet–turned out to be a blessing in disguise (Global Voices, www.globalvoicesonline.org, August 17). According to the World Economic Forum, Georgia ranks 93rd among 122 nations in Internet use; and it holds 74th place out of 234 nations (behind Nigeria, Bangladesh, Bolivia, and el Salvador) if judged in terms of the number of Internet addresses (International Herald Tribune, August 13; Defense News, August 18). If Georgia had been more dependent on the Internet, the Russian cyber attack might have produced more dire consequences, as Russian hacktivists could have disrupted the energy, transportation, communications, and banking networks. It should be recalled here that the Russian cyber attack on far more advanced Estonia nearly brought its government and banking sector to a standstill in 2007, when irate Russian hacktivists launched on-line campaign in retaliation for the relocation of the Soviet-era World War Two monument.
However, from the viewpoint of information warfare the Russian hacktivists made a considerable and valuable contribution to shaping global public opinion in support of Moscow’s actions, before it was reversed under the influence of news reports from foreign journalists, who descended on Georgia en masse to cover the crisis.