As widely reported (ZDNet’s Zero Day blog summarizes the events as well as anyone), Georgia government websites (site down) were attacked in just about the time frame as Russia’s Prague 1968-style attack of the country. The question is, who’s responsible? The Russian government appears to have managed to keep its fingerprints off the attacks, although it seems unlikely the cyberwar is totally unrelated to the real war.
The Wall Street Journal points at the Russian Business Network, noting that “organization, however, is believed to act only as a carrier for criminal activities online. It may not be possible to determine who is ultimately responsible.”
Zero Day’s Dancho Danchev is having none of it.
Who’s behind this campaign at the bottom line? As we’ve already established a connection with well known provider of botnet services in the previous attack against Georgia President’s web site, a connection made possible to establish due to a minor mistake on behalf of the people behind the attack, there’s no connection with the current attacks and the Russian Business Network, unless of course you define the Russian Business Network as the script kiddies and the dozen of botnet masters paricipating who have somehow managed to build their botnets using RBN services in the past, and are now using them against Georgia’s Internet infrastructure.
If not, who then? A number of security experts say it’s some flavor of Russian criminal elements attacking the sites, while the Russian government enjoys plausible deniability. From TechNewsWorld:
“They’ve done that before,” James Lewis, senior fellow for technology policy at the Center for Strategic and International Studies, told TechNewsWorld. “It’s a nice trade for everybody. The criminals get a little protection, the Russian government gets to have something happen without having their fingerprints on it. That’s the assumption. Like Estonia, we don’t have links to the Russian government, but it’s not a fluke where we magically have this happen when a shooting war starts.”
Criminal groups are likely involved in the cyber blitz, agreed Paul Ferguson, advanced threat researcher for Trend Micro (Nasdaq: TMIC) Latest News about Trend Micro. “This looks to me like more than just some grassroots, hacktivist-inspired attacks,” he told TechNewsWorld. “But at the same time there’s no way to link it to a state-sponsored type of attack. It’s somewhere in the middle … it certainly has criminal elements.”
Meanwhile two Georgian sites — the president’s site and a popular television station’s site — have been transferred to Atlanta-based Tulip Systems, AP reports. It seems Tulip owner Nino Doijashvili, a native Georgian was vacationing in her home country when fighting broke out and she volunteered her small company’s services.
Nice gesture, but it seems to only have brought the attackers’ fire to Tulip. At this writing, both president.gov.ge and rustavi2.com are unavailable.
Georgia is gaining some allies on the cyber front even if the rest of the world isn’t rushing into right those Russian tanks (further echoes of Prague). VNUnet says two members of Estonia’s Computer Emergency Response Team are off to Georgia to fight off the DDOS and other attacks.
“We are witnessing in this crisis the birth of true, operational cyber warfare,” said Eli Jellenc, manager of All-Source Intelligence at iDefense. “The use of cyber attack assets in conjunction with kinetic military operations in the current crisis now stands among the most significant developments ever seen in the field of information security or cyber conflict studies.”
