Cyberattacks during the Russo-Georgian War
On July 20, weeks before the Russian invasion of Georgia, the "zombie" computers were already on the attack against Georgia. Russians directed the infected computers around the world to barrage Georgian Web sites, including the pages of the president, the parliament, the foreign ministry, news agencies and banks. The website of the Parliament of Georgia was replaced by images comparing Georgian president Mikheil Saakashvili to Adolf Hitler. The attacks involved Denial-of-service attacks. According to some experts, it was the first time in history a known cyberattack had coincided with a shooting war.
On 5 August 2008, the websites for OSInform News Agency and OSRadio were hacked. The OSinform website at osinform.ru kept its header and logo, but its content was replaced by the content of Alania TV website. Alania TV, a Georgian government supported television station aimed at audiences in South Ossetia, denied any involvement in the hacking of the rival news agency website. Dmitry Medoyev, the South Ossetian envoy to Moscow, claimed that Georgia was attempting to cover up the deaths of 29 Georgian servicemen during the flare-up on August 1 and 2.
On 9 August 2008, key sections of Georgia's Internet traffic reportedly had been rerouted through servers based in Russia and Turkey, where the traffic was either blocked or diverted. The Russian and Turkish servers were allegedly controlled by the Russian hackers. Later on the same day, the network administrators in Germany had been able to temporarily reroute some Georgian Internet traffic directly to servers run by Deutsche Telekom AG. However, within hours the traffic had been again diverted to Russian servers based in Moscow.
On 10 August 2008, RIA Novosti news agency's website was disabled for several hours by a series of attacks. Maxim Kuznetsov, head of the agency's IT department said: "The DNS-servers and the site itself have been coming under severe attack."
Russian hackers disabled the servers of the Azerbaijani Day.Az news agency. The reason was Day.Az position in covering the Russian-Georgian conflict. Russian intelligence services had also disabled the information and governmental websites of Georgia during the war. Despite the cyber-attacks, Georgian journalists managed to report on the war. Many media professionals and citizen journalists set up blogs to report or comment on the war. The Georgian news site Civil Georgia switched their operations to one of Google's Blogspot domains. Estonia offered technical assistance and mirrored web pages for Georgian websites to use during the attacks. The Georgian President's site was moved to US servers.
The President of Poland, Lech Kaczyński, said that Russia was blocking Georgian "internet portals" to supplement its "military aggression". He offered his own website to Georgia to aid in the "dissemination of information". Reporters Without Borders condemned the violations of online freedom of information since the outbreak of hostilities between Georgia and Russia. "The Internet has become a battleground in which information is the first victim," it said.
The Russians reportedly bombed Georgia’s telecommunications infrastructure, including cell towers.
While Day.az claimed that Russian intelligence services conducted the denial-of-service attacks (DDoS) on Georgian informational and governmental websites in this period, the Russian government denied the allegations, stating that it was possible that individuals in Russia or elsewhere had taken it upon themselves to start the attacks. It was asserted that the St. Petersburg-based criminal gang known as the Russian Business Network (RBN) was behind many of these cyber attacks. RBN was considered to be among the world's worst spammer, child-pornography, malware, phishing and cybercrime hosting networks. It is thought that the RBN's leader and creator, known as Flyman, is the nephew of a powerful and well-connected Russian politician.
Dancho Danchev, a Bulgarian Internet security analyst claimed that the Russian attacks on Georgian websites used “all the success factors for total outsourcing of the bandwidth capacity and legal responsibility to the average Internet user.”
The Economist wrote that anyone who wished to take part in the cyberattack on Georgia could do so from anywhere with an internet connection, by visiting one of pro-Russia websites and downloading the software and instructions needed to perform a distributed denial-of-service attack (DDoS) attack. One website, called StopGeorgia, provided a utility called DoSHTTP, plus a list of targets, including Georgian government agencies and the British and American embassies in Tbilisi. Launching an attack simply required entering the address and clicking a button labelled "Start Flood". The StopGeorgia website also indicated which target sites were still active and which had collapsed. Other websites explained how to write simple programs to send a flood of requests, or offered specially formatted webpages that could be set to reload themselves repeatedly, barraging particular Georgian websites with traffic.
John Bumgarner, member of the United States Cyber Consequences Unit (US-CCU) did a research on the cyberattacks during the Russo-Georgian War. The report concluded that the cyber-attacks against Georgia launched by Russian hackers in 2008 demonstrated the need for international cooperation for security. The report stated that the organizers of the cyber-attacks were aware of Russia's military plans, but the attackers themselves were believed to have been civilians. Bumgarner’s research concluded that the first-wave of cyber-attacks launched against Georgian media sites were in line with tactics used in military operations. "Most of the cyber-attack tools used in the campaign appear to have been written or customized to some degree specifically for the campaign against Georgia," the research stated. While the cyberattackers appeared to have had advance notice of the invasion and the benefit of some close cooperation from the state institutions, there were no fingerprints directly linking the attacks to the Russian government or military.
- Wentworth, Travis (22 August 2008). "How Russia May Have Attacked Georgia's Internet". Newsweek.
- Markoff, John (12 August 2008). "Before the Gunfire, Cyberattacks". The New York Times.
- "S.Ossetian News Sites Hacked". Civil Georgia. 5 August 2008.
- Keizer, Gregg (11 August 2008). "Cyberattacks knock out Georgia's Internet presence". Computerworld.
- "RIA Novosti hit by cyber-attacks as conflict with Georgia rages". RIA Novosti. 2008-08-10. Archived from the original on 2008-08-12.
- "Russian intelligence services undertook large scale attack against Day.Az server". Today.az. 11 August 2008.
- "Georgia: Regional Reporters". Global Voices. 2008-08-24.
- "Estonia, Google Help 'Cyberlocked' Georgia (Updated)". 2008-08-11.
- Asher Moses (2008-08-12). "Georgian websites forced offline in 'cyber war'". The Sydney Morning Herald. Archived from the original on 2008-09-14.
- "Russian and Georgian websites fall victim to a war being fought online as well as in the field". Reporters Without Borders. 2008-08-13.
- "Georgia States Computers Hit By Cyberattack". The Wall Street Journal. 2008-08-12.
- "The hunt for Russia's web crims". The Age. 2007-12-13.
- Danchev, Dancho (11 August 2008). "Coordinated Russia vs Georgia cyber attack in progress". ZDNet.
- "Russia and Georgia continue attacks--online". CNET. 12 August 2008.
- Waterman, Shaun (18 August 2008). "Analysis: Russia-Georgia cyberwar doubted". Middle East Times. Archived from the original on 2008-12-05.[dead link]
- "Marching off to cyberwar". The Economist. 2008-12-04. Archived from the original on 2009-05-06.
- Leyden, John (23 March 2009). "Russian spy agencies linked to Georgian cyber-attacks". The Register. Retrieved 24 March 2009.
- Brian Prince (18 August 2009). "Cyber-attacks on Georgia Show Need for International Cooperation, Report States". eWeek. Retrieved 1 November 2011.
- Mark Rutherford (18 August 2009). "Report: Russian mob aided cyberattacks on Georgia". CNET.