Anatomy of a cyberwar in Georgia

August 13, 2008

Just who is behind the cyberattacks on Georgia – a sideshow to the real on-the-ground war between Russia and much smaller neighbor – continues to be murky.

While the Russian government or military may yet be found to be playing a part, criminal gangs or savvy computer hackers in Russia (“hackivists”) may be acting on their own.

The online attacks forced the website of the president of Georgia, Mikhail Saakashvili, to relocate to the United States at Tulip Systems Inc., an Atlanta-based Web-hosting company. Even there it was under continued attack, although it was reachable from a Boston-based computer as of Wednesday afternoon. The attacks were so-called “distributed denial of service” blitzes in which floods of meaningless data are sent in an effort to overwhelm a website.

The Associated Press explained why the website was moved from the Georgia in Eastern Europe to the one that’s a southern US state:

Georgian-born Nino Doijashvili, Tulip's chief executive and founder, happened to be in the country on vacation when fighting broke out Thursday. Doijashvili offered help to the government when it became apparent that Russian hackers were getting the upper hand, shutting down several government and news sites.

Both The New York Times and The Christian Science Monitor produced analytical pieces that laid out some of the larger implications of cyberwarfare. The Monitor quoted an expert on the geopolitical ramifications:

"The lesson here for Washington is that any modern conflict will include a cyberwarfare component, simply because it's too inexpensive to be passed up," says Bill Woodcock, research director at Packet Clearing House, a nonprofit Internet research institute in San Francisco. "The best [defensive] strategy is always preparedness. We've spent eight years completely ignoring that, while the Chinese and Indian governments have been paying really close attention and investing many tens of billions of dollars."

The Times said “Internet technical experts” were calling this “the first time a known cyberattack had coincided with a shooting war.” It also said that future Internet-based assaults could play a more devastating role against a more technologically sophisticated opponent.

Cyberattacks have far less impact on such a country than they might on a more Internet-dependent nation, like Israel, Estonia or the United States, where vital services like transportation, power and banking are tied to the Internet.

Gadi Evron, former chief information security officer for the Israeli government and a go-to guy for quotes about the cyberattack, says history suggests that the Russian military is not involved. He adds:

While Georgia is obviously under a DDoS attacks and it is political in nature, it doesn't so far seem different than any other online aftermath by fans. Political tensions are always followed by online attacks by sympathizers. Could this somehow be indirect Russian action? Yes, but considering Russia is past playing nice and uses real bombs, they could have attacked more strategic targets or eliminated the infrastructure kinetically.

An analysis at arstechnica.com raises another future threat as a result of a country being cut off from Internet access.

As the Internet continues to gain strength as a global communication network, the psychological and practical impact of losing access to it becomes greater. Such loss, combined with a standard physical attack on television and radio stations, could lead a defending nation to respond with a significantly higher use of force that it might have otherwise employed.

Whether the attack was launched by political activists or a government, the piece says, "becomes rather academic."