During the five-day Russian-Georgian war in 2008, attacks on Georgian government websites were carried out by civilians – with little or no direct involvement on the part of the Russian government or military.
So says a report from the U.S. Cyber Consequences Unit (US-CCU), an independent nonprofit research institute. In addition, most of those carrying out the cyberattacks were Russians, but as the attacks continued, sympathizers outside Russia joined in. The organizers of the cyberattacks, however, had advance notice of Russian military intentions, the report said.
Moreover, according to the report, the forums used to recruit and arm the cyberattackers were largely social networking sites, based in the Russian language.
Some of the webservers and addresses used to control and coordinate the attacks, said the report, had previously been used by Russian criminal organizations. And the botnets used in the first wave of attacks were closely associated with Russian organized crime.
The tools for the attacks appeared to have been written or customized specifically for the campaign against Georgia. For example, one tool repeatedly requested non-existent web pages, which overwhelmed servers as they looked for pages that were not there. It specifically targeted 17 different Georgian websites, according to the report.
“The most important lesson here is that Georgia was not prepared for anything of this sort,” Ariel Silverstone, an independent security consultant in Atlanta, told SCMagazineUS.com on Monday.
Georgia could have done several things to defend against the attacks, he said.
“They could have had better firewalls. Apparently, they didn’t because some of the attacks that succeeded against them were very simple,” Silverstone said.
“Also, some of their sites were not patched,” he added. “And they could have simply shut off the connection to a specific group of subnets — if an attack coming though the pipe is too strong, shut off the pipe, or divert it.”
“The real story here isn’t about Georgia, of course,” John Bumgarner, chief technical officer at the US-CCU, and primary author of the report, told SCMagazineUS.com on Monday in an email. “It’s about the sort of cyber campaign that we can now expect to accompany most future international conflicts if they become intense enough.”
Other observers tend to agree.
“Worldwide, governments need to be more involved and coordinate better on cyber warfare issues,” Sam Masiello, VP, information security at MX Logic, told SCMagazineUS.com in an email Monday. “Cyberwarfare moves at a speed much faster, and has the potential to cause more damage to critical infrastructures quicker, than any military offensive.”