Cyberattacks during the Russo-Georgian War
||This article or section contains close paraphrasing of one or more non-free copyrighted sources. Ideas in this article should be expressed in an original manner. (December 2014)|
On 20 July 2008, weeks before the Russian invasion of Georgia, the "zombie" computers were already on the attack against Georgia.
On 5 August 2008, the websites for OSInform News Agency and OSRadio were hacked. The OSinform website at osinform.ru kept its header and logo, but its content was replaced by the content of Alania TV website. Alania TV, a Georgian government supported television station aimed at audiences in South Ossetia, denied any involvement in the hacking of the rival news agency website. Dmitry Medoyev, the South Ossetian envoy to Moscow, claimed that Georgia was attempting to cover up the deaths of 29 Georgian servicemen during the flare-up on August 1 and 2.
On 5 August, Baku–Tbilisi–Ceyhan pipeline was subject to a terrorist attack near Refahiye in Turkey, responsibility for which was originally taken by Kurdistan Workers’ Party (PKK) but there is circumstantial evidence that it was instead a sophisticated computer attack on line's control and safety systems that led to increased pressure and explosion.
Jart Armin, a researcher, said that many Georgian Internet servers were under external control since late 7 August 2008.
On 9 August 2008, key sections of Georgia's Internet traffic reportedly had been rerouted through servers based in Russia and Turkey, where the traffic was either blocked or diverted. The Russian and Turkish servers were allegedly controlled by the Russian hackers. Later on the same day, the network administrators in Germany were able to temporarily reroute some Georgian Internet traffic directly to servers run by Deutsche Telekom AG. However, within hours the traffic was again diverted to Moscow-based servers.
On 10 August 2008, RIA Novosti news agency's website was disabled for several hours by a series of attacks. Maxim Kuznetsov, head of the agency's IT department said: "The DNS-servers and the site itself have been coming under severe attack."
On 11 August 2008, Georgia accused Russia of waging cyber warfare on Georgian government websites simultaneously with a military offensive. The Foreign Ministry of Georgia said in a statement, "A cyber warfare campaign by Russia is seriously disrupting many Georgian websites, including that of the Foreign Affairs Ministry." A Kremlin spokesman denied the accusation and said, "On the contrary, a number of internet sites belonging to the Russian media and official organizations have fallen victim to concerted hacker attacks."
Russians directed the infected computers around the world to barrage Georgian Web sites, including the pages of the president, the parliament, the foreign ministry, news agencies and banks. The website of the Parliament of Georgia was replaced by images comparing Georgian president Mikheil Saakashvili to Adolf Hitler. The attacks involved Denial-of-service attacks. According to some experts, it was the first time in history a known cyberattack had coincided with a shooting war. Estonia offered technical assistance and mirrored web pages for Georgian websites to use during the attacks. The Ministry of Foreign Affairs set up a blog on Google's Blogger service as a temporary site. The Georgian President's site was moved to US servers.
Despite the cyber-attacks, Georgian journalists managed to report on the war. Many media professionals and citizen journalists set up blogs to report or comment on the war. The Georgian news site Civil Georgia switched their operations to one of Google's Blogspot domains.
Russian hackers also attacked the servers of the Azerbaijani Day.Az news agency. The reason was Day.Az position in covering the Russian-Georgian conflict. Russian intelligence services had also disabled the information websites of Georgia during the war.
Barack Obama, the U.S. presidential candidate demanded Russia halt the internet attacks as well as complying with a ceasefire on the ground. The President of Poland, Lech Kaczyński, said that Russia was blocking Georgian "internet portals" to supplement its "military aggression". He offered his own website to Georgia to aid in the "dissemination of information". Reporters Without Borders condemned the violations of online freedom of information since the outbreak of hostilities between Georgia and Russia. "The Internet has become a battleground in which information is the first victim," it said.
It was reported that the Russians bombed Georgia’s telecommunications infrastructure, including cell towers.
On 12 August 2008, RT reported that during the previous 24 hours its website had been attacked. The security specialists said that the initial attacker was an IP-address registered in the Georgian capital Tbilisi.
On 14 August 2008, it was reported that although a ceasefire reached, major Georgian servers were still down, hindering communication in Georgia.
The Russian government denied the allegations that it was behind the attacks, stating that it was possible that "individuals in Russia or elsewhere had taken it upon themselves to start the attacks". It was asserted that the Saint Petersburg-based criminal gang known as the Russian Business Network (RBN) was behind many of these cyber attacks. RBN was considered to be among the world's worst spammer, child-pornography, malware, phishing and cybercrime hosting networks. It is thought that the RBN's leader and creator, known as Flyman, is the nephew of a powerful and well-connected Russian politician.
Dancho Danchev, a Bulgarian Internet security analyst claimed that the Russian attacks on Georgian websites used “all the success factors for total outsourcing of the bandwidth capacity and legal responsibility to the average Internet user.”
The Economist wrote that anyone who wished to take part in the cyberattack on Georgia could do so from anywhere with an internet connection, by visiting one of pro-Russia websites and downloading the software and instructions needed to perform a distributed denial-of-service attack (DDoS) attack. One website, called StopGeorgia, provided a utility called DoSHTTP, plus a list of targets, including Georgian government agencies and the British and American embassies in Tbilisi. Launching an attack simply required entering the address and clicking a button labelled "Start Flood". The StopGeorgia website also indicated which target sites were still active and which had collapsed. Other websites explained how to write simple programs for sending a flood of requests, or offered specially formatted webpages that could be set to reload themselves repeatedly, barraging particular Georgian websites with traffic.
John Bumgarner, member of the United States Cyber Consequences Unit (US-CCU) did a research on the cyberattacks during the Russo-Georgian War. The report concluded that the cyber-attacks against Georgia launched by Russian hackers in 2008 demonstrated the need for international cooperation for security. The report stated that the organizers of the cyber-attacks were aware of Russia's military plans, but the attackers themselves were believed to have been civilians. Bumgarner’s research concluded that the first-wave of cyber-attacks launched against Georgian media sites were in line with tactics used in military operations. "Most of the cyber-attack tools used in the campaign appear to have been written or customized to some degree specifically for the campaign against Georgia," the research stated. While the cyberattackers appeared to have had advance notice of the invasion and the benefit of some close cooperation from the state institutions, there were no fingerprints directly linking the attacks to the Russian government or military.
- Wentworth, Travis (23 August 2008). "How Russia May Have Attacked Georgia's Internet". Newsweek.
- "S.Ossetian News Sites Hacked". Civil Georgia. 5 August 2008.
- Jordan Robertson; Michael Riley (2014-12-10). "Mysterious ’08 Turkey Pipeline Blast Opened New Cyberwar Era". Bloomberg.
- Keizer, Gregg (11 August 2008). "Cyberattacks knock out Georgia's Internet presence". Computerworld.
- "RIA Novosti hit by cyber-attacks as conflict with Georgia rages". RIA Novosti. 2008-08-10. Archived from the original on 2008-08-12.
- "Georgia says Russian hackers block govt websites". Reuters. 2008-08-11.
- Asher Moses (2008-08-12). "Georgian websites forced offline in 'cyber war'". The Sydney Morning Herald. Archived from the original on 2008-09-14.
- Markoff, John (12 August 2008). "Before the Gunfire, Cyberattacks". The New York Times.
- "Estonia, Google Help 'Cyberlocked' Georgia (Updated)". 2008-08-11.
- "Georgia: Regional Reporters". Global Voices. 2008-08-24.
- "Russian intelligence services undertook large scale attack against Day.Az server". Today.az. 11 August 2008.
- "Georgia: Russia 'conducting cyber war'". The Telegraph. 2008-08-11.
- "Russian and Georgian websites fall victim to a war being fought online as well as in the field". Reporters Without Borders. 2008-08-13.
- "RT attacked". RT. 12 August 2008. Archived from the original on 12 August 2008.[dead link]
- "Longtime Battle Lines Are Recast In Russia and Georgia's Cyberwar". The Washington Post. 2008-08-14.
- "Georgia States Computers Hit By Cyberattack". The Wall Street Journal. 2008-08-12.
- "The hunt for Russia's web crims". The Age. 2007-12-13.
- Danchev, Dancho (11 August 2008). "Coordinated Russia vs Georgia cyber attack in progress". ZDNet.
- "Russia and Georgia continue attacks--online". CNET. 12 August 2008.
- Waterman, Shaun (18 August 2008). "Analysis: Russia-Georgia cyberwar doubted". Middle East Times. Archived from the original on 2008-12-05.[dead link]
- "Marching off to cyberwar". The Economist. 2008-12-04. Archived from the original on 2009-05-06.
- Leyden, John (23 March 2009). "Russian spy agencies linked to Georgian cyber-attacks". The Register.
- Brian Prince (18 August 2009). "Cyber-attacks on Georgia Show Need for International Cooperation, Report States". eWeek.
- Mark Rutherford (18 August 2009). "Report: Russian mob aided cyberattacks on Georgia". CNET.