Russia Might Not Have Attacked Georgian Websites, Researchers Say7:36 PM EST Wed. Aug. 13, 2008
Security researchers say that the recent cyber attack on Georgian Websites might have been initiated by random hackers, not from the Russian government, as previously thought.
In the wake of the Russian military attacks perpetrated against Georgia last week, Georgian government Websites, including the official site of President Mikheil Saakashvili, as well as other news sites were pummeled with defacement and denial of service attacks that effectively halted the nation's ability to disseminate information about the crisis.
Following last week's bombings, the Georgian Foreign Ministry issued a report accusing the Russian government of waging a cyber war and redirected viewers to a new domain.
"A cyber warfare campaign by Russia is seriously disrupting many Georgian websites, including that of the Ministry of Foreign Affairs," the Georgian Foreign Ministry said in a blog post.
Some security researchers corroborated that the cyber attack initially appeared to originate in Russia. Other security researchers suspected the notorious criminal underground organization Russian Business Network of initiating the cyber attacks.
RBNexploits, a blog site which tracks RBN activity, claimed that Georgian servers had been taken under Russian control as of Thursday and warns viewers that the information may be fraudulent.
"Conventionally they are normally adept at trying to hide their true origins. For such a siege on the scale of this one they are openly showing more of their routing than they would like to, which will assist us now and in the future. In this case it helped pin point some obviously forged web sites, which are now offline, and assist in rerouting. Good lessons for future cyber wars," it said.
Yet despite what Georgian officials proclaim as an outright information war on its cyber infrastructure, other security researchers contend that there so far is not enough solid evidence to confirm where the attacks were sourced and by whom.
"Many outlets are claiming that the Russian government is behind the attacks, but no one seems to have any proof," said Mike Johnson, blogger for cyber watchdog group ShadowServer Foundation, in a blog post. "Unfortunately, we have no proof either. And we have no proof to the contrary. What I can say, without a doubt, is that only the perpetrators know for sure who is behind it."
Additionally, Johnson suggests that the site that the attackers targeted, which included adult video and prostitution Websites, would generally not be viewed as sites that the Russian government would go after.
"We have seen many different DDoS attacks from these particular C&C servers, but there doesn't seem to be any rhyme or reason to it," Johnson said.
Likewise, security researcher Gadi Evron maintains in blog post on the CircleID Website that there is so far nothing to distinguish these attacks from being a vicious prank by an overly zealous Russian nationalist. In his blog, Evron notes that the Georgian Internet infrastructure was not directly attacked, making it less likely the attack a coordinated effort of the Russian government.
"Not every fighting is warfare. While Georgia is obviously under a DDoS attacks and it is political in nature, it doesn't so far seem different than any other online after math by fans. Political tensions are always followed by online attacks by sympathizer," said Evron in a blog.
"Could this somehow be indirect Russian action? Yes, but considering Russia is past playing nice and uses real bombs, they could have attacked more strategic targets or eliminated the infrastructure kinetically."