Largest cyber-attack in Georgia's history linked to hacked web hosting provider

A hacker has defaced over 15,000 websites hosted on the infrastructure of Pro-Service, a Georgian web hosting provider, including government sites, local newspapers, and TV stations.

pro-service-statement.png

Special feature

Special report: A winning strategy for cybersecurity (free PDF)

This ebook, based on the latest ZDNet/TechRepublic special feature, offers a detailed look at how to build risk management policies to protect your critical digital assets.

Read More

The country of Georgia suffered a massive cyber-attack today during which over 15,000 websites were defaced and later taken offline.

The attack, considered by local press the biggest in the country's history, impacted the sites for various government agencies, banks, courts, local newspapers, and TV stations.

Pro-Service, a local web hosting provider, has stepped forward to take the blame for the issue, admitting that a hacker breached its network and took down customer websites, effectively causing today's outage.

The web host said the attack took place early in the morning, and that by 8 pm, local time, staff had recovered more than half of the impacted sites.

Panic in Georgia

Today's cyber-attack caused quite a panic in the small Caucasian country, although the attack wasn't particularly sophisticated.

In cyber-security terms, this is a classic "website defacement," a type of hack where attackers replace the website's original content with their own content, usually for a particular cause.

In today's hacks, the attackers posted an image of former Georgian President Mikheil Saakashvili, with the text "I'll be back" overlaid on top (see image above).

Saakashvili, known for his fierce pro-Western agenda, is now a Ukrainian citizen, after leaving Georgia in 2013, citing a political witch-hunt on corruption charges. During his two consecutive terms as president, he was viewed as a reformer and anti-corruption fighter and still has a positive image inside Georgia.

georgia-hack.jpg

While we don't have exact technical details on how hackers breached Pro-Service and defaced all sites, some sites were hit harder than others.

For example, at least two television stations (TV Imedi and TV Maestro) went off-the-air following the attacks, according to a Facebook post from Irakli Chikhladze, TV Imedi head of news.

TV channel Pirveli was also affected but did not go off-the-air. Some newspaper sites are still offline at the time of writing, according to some cursory checks by ZDNet.

A Pro-Service spokesperson could not be reached by phone for additional details about the attack, although the company has been updating its website periodically with new information.

The culprit behind the attacks has not yet been identified; however, authorities said they started an investigation.

Similarities to 2008 Russian cyber-attacks

But today's attack is not unique. During the five-day Russo-Georgian War of 2008, Georgia saw a series of similar attacks.

For example, Russian hackers used BGP hijacking to reroute Georgian internet traffic through servers in Russia, defaced government websites, and hacked TV and radio stations.

Many Georgians were quick to link or liken today's mass-defacement to the 2008 hacks, although there is no evidence to support such theories -- for the time being.