Georgia Cyber Attacks By Russian Gov't? Not So Fast

Georgia Cyber Attacks By Russian Gov't? Not So Fast

Let's try to understand what is really happening online between Georgia and Russia, and what it means.

Food for thought

Considering Russia was past playing nice and used real bombs, they could have attacked more strategic targets or eliminated the infrastructure kinetically. At this point, Internet operations will no longer allow them any plausible deniability.

The nature of what's going on is just starting to clear up, but until we are certain anything state-sponsored is happening on the Internet it is my official opinion this is not warfare, but just some unaffiliated attacks by Russian hackers and/or some rioting by enthusiastic Russian supporters.

To be honest here, no one truly knows what's going on in Georgia's Internet except for what can be glimpsed from the outside, and what has been written by the Georgians on their blog (they opened a blog on Google's blogger service soon after their websites were taken offline). They were probably a bit busy avoiding getting killed by Russian bombs, though.

Renesys has been following the Georgian Internet links, which seem to be there, but occasionally drop due to power failures. Unlike what was previously reported, most of Georgia's outgoing routes are connected through Turkey rather than Russia, so Russian Internet service providers had little effect on stopping or hijacking connectivity to or from Georgia, if they indeed attempted it. This, however, raises an interesting question regarding what connectivity smaller countries have to the world, and where the bottlenecks are.

There have also been claims that Russian Business Network (RBN) - a criminal bullet-proof, law-proof, hosting organization - was behind the attacks. There is little evidence to support that at this time, although it has been clearly shown botnets using RBN's services to stay beyond the reach of the law were part of the attacking force. RBN's involvement and the possibility that Russian Internet service providers hijacked routes to Georgia is possible, but not enough information has been collected yet for us to be sure.

So it is clear their websites are under attack, and that Internet visibility-wise, the impact is real for the Georgians. And yet, it is simply too early and there is not enough information to call this an Internet war. It is too early to establish motive or who the perpetrator is, however much we may want to point fingers.

Following any political or ethnic tension, an online aftermath comes in the form of attacks, defacements, and enthusiast hackers swearing at the other side (which soon does the same, back). From a comic of the Prophet Muhammad to the war in Iraq, the Internet has given people a voice, even if sometimes expressed in irrational ways.

While Georgia's suffering is real, such attacks are nothing but routine here in Israel. When I ran the defense for the Israeli government Internet operation and then the Israeli government CERT, such attacks would occur daily if not by the minute. Hackers on the other side would band together, talk, coordinate a date, exchange tools, and attack.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments