Russia-Georgia Cyber Conflict: Looking Back
Security experts review the cyber attacks before the recent Russia-Georgia military conflict for clues about the nature of cyberwar.
WASHINGTON -- With the benefit of hindsight, the Russian military campaign against Georgia last summer seems to offer conclusive proof that cyberwar has come into its own.
Speaking here at the FOSE convention, an annual trade show for government IT workers, Georgia's Secretary of National Security, flanked by a pair of U.S. security experts, recounted the experience of last July when the small nation in the Caucasus saw its digital infrastructure brought to its knees.
"It's distressful to think of the way in which the technology which is so helpful and beneficial for all of us to get all the nations together and then ... is used for the purposes [where] people suffer," said Eka Tkeshelashvili, who at the time of the Russian invasion was Georgia's foreign minister.
"Today, cyberspace has clearly emerged as a dimension to attack an enemy and break his will to resist," said Paul Joyal, managing director of public safety and homeland security for National Strategies Inc.
"We're seeing now this tectonic shift in military affairs, where [cyber] warfare will Change the laws of combat and the principles of military science," he said. "And what found is that it all came together in the Russian-Georgian war of August."
In July, a group of cyberwarriors, whose formal connection with the Russian government remains unclear, managed to enlist scores of mercenaries and volunteers to cripple Georgia's Internet infrastructure through an array of botnets, distributed denial-of-service attacks, logic bombs and other online offensives.
The attackers posted lists of targets online, including the official Web sites of the Georgian president, several government ministers and even the U.S. embassy. Legions of "hacktivists" answered the call and overwhelmed the sites, knocking dozens offline for days.
Georgia leaned on its allies, and managed to get the sites hosted in neighboring Turkey, but not before its communications system had been effectively shut down.
"Making strong alliances with the friends who can provide partners is absolutely key, especially for the small countries like Georgia," Tkeshelashvili said. For her, the events of July "demonstrate how vulnerable and unprepared we can be," and underscored the importance of maintaining a variety of communications channels.
One of the principal aims of cyberwarfare, which is seen increasingly as a prelude to overt military conflict, is to isolate and silence the enemy. Defacing government Web sites has proven an effective way to spread disinformation and propaganda. Last July, for instance, hackers infiltrated official Georgian government sites to make the president look like Hitler. But it's more than just an information war. The attackers struck hard at Georgia's banking system, overwhelming financial sites with so many fraudulent transaction attempts that it became impossible to tell the good from the bad.
Sensing that the system was under siege, international banks shut down service. As a result of the spillover effect, several days passed without a single transaction being processed inside Georgia, Tkeshelashvili said.
Georgia can thank the broad phenomenon of globalization and the distinctly supranational nature of the Internet for much of the commercial impact, said Stephen Spoonamore, a partner with Global Strategic Partners who advises large financial institutions on cybersecurity issues.
"What crippled Georgia was the commercial linkages that got shut off," Spoonamore said. "Banking, credit card functionalities -- once they're gone most of the cell phones associated with them are gone, too."
In the case of Georgia, cell phone service went down the day after the banking system crashed.
Spoonamore likened the response of the global commercial enterprises to the Georgian crisis to a herd of gazelles fleeing after a lion pounces on one of their ranks. Eager to mitigate the threat of the cyberattack, major banks shut down online connection with Georgia, a small country of relatively minor financial significance. Georgia was isolated, intentionally "cut off from the digital herd," Spoonamore said.
Spoonamore traces the origins of the cyberattack on Georgia to the Russian Business Network (RBN), a shadowy group of sophisticated cybercriminals that formed around St. Petersburg and rose to prominence with massive spamming and phishing attacks around 2004.
While the cyberattacks do not carry the official fingerprints of the Russian government, Spoonamore pointed out that the original leaders of RBN were politically connected, and many had worked alongside Vladimir Putin.
After an expose by the Washington Post, RBN as a corporation went dark, but has since reinvented itself as a decentralized franchise model.
"RBN now has morphed itself into a structure very similar to al Qaeda," Joyal said. "Now we're seeing this diffusion of responsibility, activities, etc., in a very decentralized way where everyone can pile on and get involved in a so-called cause."
The presenters said that that facility likely enabled the reconstituted RBN to quickly and effectively marshal a widely distributed group of "cybermilitants" against Georgia. Spoonamore said that the server responsible for one of the crippling attacks was geolocated to Turkey, evidencing the international character of cyberattacks. In response to the growing international threat from the Internet, NATO is developing a cybersecurity response center in Estonia.
It will have to be a unique operation that defies any traditional military response. After all, a military strike against the server farm in Turkey where the machine responsible for the attack on Georgia would have also taken out the computing infrastructure that controls the majority of the air-traffic control systems in the Middle East, Spoonamore said.
This article was first published on InternetNews.com.