Russian Cyber Attacks Shut Down Georgian Websites


Following just six days after the initiation of the Georgia-Russian conflict, the Georgian Internet became the target of a coordinated cyber attack, which compromised several government Websites with defacement and Denial of Service attacks, crippling the nation's ability to disseminate information.

Georgian President Mikheil Saakashvili's site was defaced, integrating his image with those of Hitler. The sabotage was followed by a DDoS attack that left the presidential site inaccessible.

Denial of service attacks are conducted when a coordinated network of computers sends multiple requests to a given server or computer at exactly the same time, which subsequently shuts down the targeted computer under the barrage of incoming requests.

Meanwhile, Georgian news sites and other popular information forums were also blocked during the attack.

"As more government services move toward the Internet, you end up with more exposure to these types of attack, whether it was an organization and executed by government or criminal elements acting at somebody's direction," said Kevin Newmeyer, worldwide principal for strategic security and counter terrorism for security company Unisys. "It's hard to prove it was a government-directed operation."

The attacks ultimately prompted the Georgian governmental sites to switch to U.S. based hosts, while Georgia's Ministry of Foreign Affairs moved to a blogspot account.

The exact sources of the attacks are yet unknown. Experts say that some ISPs appear to be sourced in Russia, and some speculate that the Russian government had used its resources to fund the attack, which was launched the day before Russia drove tanks into South Ossetia.

Other unconfirmed reports suggest that members of the cybercrime organization Russian Business Network are responsible for the coordinated sabotage of the Georgian Websites.

"It looks like it was coming from Russia, or is it a co-opted server that wasn't properly patched, with people taking over the computer and doing things with it?" said Newmeyer. "With the Russian Business Network, you can rent out a server or a botnet for a number of hours. You pay your cyber gold and these transactions happen offshore. That's one of the challenges that governments face."

Other experts, such as Paul Ferguson, advanced threats researchers for Trend Micro, maintained that the actual RBN ISP has long been shut down, disbanding into less obvious activity spread all over the globe.

The first of the coordinated cyber attacks against Georgia was detected in July, weeks before Russia launched its military intervention. Experts say that attacks launched in tandem with military conflict will likely increase as more global infrastructure is controlled by the Internet.

While experts hesitate to call the Georgia attack an act of cyber terrorism, most agree that it was part of a strategic campaign to eliminate Georgia's ability to disseminate information.

"It's a brute force attack, one that goes all the way back to the Mafiaboy attacks of 2000," said David Perry, global director of education for Trend Micro. "This is not a verifiable cyber war, but it is clearly a step in that direction."

The attacks recall a similar cyber attack in Estonia in April of 2007, when government, parliament, and newspaper sites, as well as numerous online banking operations were shut down after a conflict that resulted in the removal of several Russian World War II monuments. However, experts contend that the recent information attack on Georgian Websites was more coordinated, professional and sophisticated in nature than last year's attack on Estonia infrastructure.

"The Estonia incident was more what I would call hactivism, more of an attack by impassioned amateurs," said Ferguson. "This is a professional attack, and it is vastly more serious."