A glimpse of future wars

Computer attacks preceded the Russia-Georgia conflict

August 13, 2008|By New York Times News Service

Weeks before Russian bombs started falling on Georgia, a security researcher in Massachusetts was watching an attack against the country in cyberspace.

Jose Nazario of Arbor Networks in Lexington noticed a stream of data directed at Georgian government sites containing the message: win+love+in+Russia.

Other Internet experts in the United States said the attacks against Georgia's Internet infrastructure began as early as July 20, with coordinated barrages of millions of requests - known as distributed denial of service, or DDOS, attacks - that overloaded certain Georgian servers.

The Georgian government has blamed Russia for the cyberattacks, but experts say that is not clear.

"Could this somehow be indirect Russian action? Yes, but considering Russia is past playing nice and uses real bombs, they could have attacked more strategic targets or eliminated the infrastructure kinetically," said Gadi Evron, an Israeli network security expert who assisted in pushing back a cyberattack on Estonia's Internet infrastructure in May. "The nature of what's going on isn't clear."

Researchers at Shadowserver, a volunteer group that tracks malicious network activity, reported that the Web site of the Georgian president, Mikhail Saakashvili, had been rendered inoperable for 24 hours by DDOS attacks. The researchers said the command-and-control server that directed the attack, which was based in the United States, had come online several weeks before it began the assault.

As it turns out, the July attack might have been a dress rehearsal for an all-out cyberwar once the shooting started between Georgia and Russia.

According to Internet technical experts, it was the first time a cyberattack had coincided with a shooting war. But it probably will not be the last, said Bill Woodcock, research director of the Packet Clearing House, a nonprofit that tracks Internet traffic. He said cyberattacks are so inexpensive and easy to mount, with few fingerprints, that they will almost certainly remain a feature of modern warfare.

"It costs about 4 cents per machine," Woodcock said. "You could fund an entire cyberwarfare campaign for the cost of replacing a tank tread, so you would be foolish not to."

Shadowserver saw the attack against Georgia spread to computers throughout the government after Russian troops invaded the Georgian province of South Ossetia on Sunday.

Nazario said the attacks appeared to be politically motivated. They were continuing on Monday against Georgian news sites, according to Nazario. "I'm watching attacks against apsny.ge and news.ge right now," he said.

The attacks were controlled from a server based at a telecommunications firm in Moscow, he said. In contrast, the attacks last month came from a control computer that was based in the United States. That system was later disabled.

Denial of service attacks, aimed at making a Web site unreachable, began in 2001 and have been refined in terms of power and sophistication. They are usually performed by hundreds or thousands of commandeered personal computers, making it difficult or impossible to determine who is behind an attack.

The Web site of the president of Georgia was moved to an Internet operation in the United States run by a Georgian native over the weekend. The company, Tulip Systems Inc., based in Atlanta, is run by Nino Doijashvili, who was in Georgia at the time of the attack. Two Web sites, president.gov.ge and rustavi2.com, the Web site of a prominent Georgian TV station, were moved to Atlanta. Computer security executives said the new sites had also come under attack.

Baltimore Sun Articles
|
|
|
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.