Find a Security Clearance Job!

Military

[ rfe/rl banner ]

Georgian Government Accuses Russia Of Waging 'Cyberwarfare'

August 12, 2008
By Ron Synovitz

The Georgian Foreign Ministry says Russia has been using computer hackers to block or shut down Georgian government websites since Russia launched a military offensive last week against Georgian forces in South Ossetia.

In a statement, the Foreign Ministry said that a "cyberwarfare" campaign by Russia is seriously disrupting many Georgian websites, including the ministry's own website.

Ministry spokeswoman Nato Chikovani said several other Georgian government websites also have gone down since the hacker attacks began on August 8.

Attempts to access government websites have resulted in error messages. But some ministry statements have been available through alternative pages set up outside of the Georgian government's web domain.

In Moscow, a Kremlin spokesman denied charges that the Russian government has any involvement in the downing of the websites and added that Russian media and official organizations also have fallen victim to "concerted hacker attacks." He did not give any examples of unavailable websites.

Independent Internet security researchers say it appears that hackers -- perhaps affiliated with a Russian criminal network -- have attacked and hijacked government and commercial websites in Georgia.

Jart Armin, an Internet security researcher, has documented complete blockages in the past week of Georgia's Foreign Ministry website, as well as websites of the presidential office and the Defense Ministry. He says traffic to and from the web servers of those sites has been redirected to servers in Russia and Turkey.

Meanwhile, Internet users in the United States reportedly have been unable to access some Georgian government websites since August 8, when a large Russian armored column moved into Georgia's separatist region of South Ossetia.

Key sections of general Internet traffic in Georgia has also reportedly been rerouted through servers in Turkey and Russia, where it is either being blocked or diverted.

"Computerworld" magazine reported on its website that on August 9, network administrators in Germany were able to temporarily reroute some Georgian Internet traffic directly to servers run by Deutsche Telekom.

But the magazine says traffic was being diverted away from Georgia again within hours, this time to servers in Moscow.

Some Estonian Similarities

Other Internet security researchers confirm there have been cyberattacks against the government in Tbilisi, saying hackers were focusing on the top-level domain for Georgian government websites, including the president's office and the parliament.

Some attacks are reminiscent of a coordinated campaign against Estonian government websites in April-May 2007.

Those cyberattacks -- the first known cases of such an assault on a state -- caused alarm in Western Europe and led NATO to urgently examine the implications of such an attack.

Joel Eriksson, an Internet security researcher from the Swedish firm Bitsec, tells RFE/RL that he is not surprised by reports of cyberwarfare against Georgia.

Eriksson explains that there are similarities between last year's cyberattacks against Estonia and some of those now being reported against Georgia.

"Using a botnet, which is a network of hacked computers -- very many computers -- with such a network you can shut down websites just by making all of the nodes in the botnet send a lot of data to the sites to be shut down," Eriksson says. "That's pretty common. It is used [by criminal organizations] for blackmailing companies as well as for revenge [attacks], etc."

But Eriksson also says that attacks that redirect traffic to other servers, like what happened in Georgia's case, are different than those that disrupted Estonia last year.

"If they are saying that traffic is being redirected, well, it may be using the DNS [domain name system] attack, or it might be that they have actually hacked into those computers in order to route and control the traffic," he says.

Eriksson says all computer software has vulnerabilities that make it possible for hackers to break into a computer over the Internet. He says there is little that can be done to stop hackers who discover previously unknown vulnerabilities in new systems.

But he says administrators of websites sometimes fail to update computer systems, leaving themselves open to hackers who exploit "old vulnerabilities."

Copyright (c) 2008. RFE/RL, Inc. Reprinted with the permission of Radio Free Europe/Radio Liberty, 1201 Connecticut Ave., N.W. Washington DC 20036. www.rferl.org



NEWSLETTER
Join the GlobalSecurity.org mailing list