News

Estonia, Poland Help Georgia Fight Cyber Attacks

By Jeremy Kirk, IDG News Service (London Bureau)

August 12, 2008 — CSO — In an intriguing cyber alliance, two Estonian computer experts are scheduled to arrive in Georgia by evening to keep the country's networks running amid an intense military confrontation with Russia.

And Poland has lent space on its president's Web page for Georgia to post updates on its ongoing conflict with Russia, which launched a military campaign on Friday to eject Georgian troops from South Ossetia and Abkhazia, two renegade areas with strong ties to Russia.

The cooperation between the former Iron Curtain allies is aimed at blunting pro-Russian computer hackers, who have been blamed over the last few years for cyber attacks against Estonia, Lithuania and Georgia in incidents linked to political friction between those nations and Russia.

Two of the four experts that staff Estonia's Computer Emergency Response Team (CERT) were waiting Tuesday morning in Yerevan, the capital of Armenia, seeking permission to drive into Georgia, said Katrin Pargmae, communication manager for the Estonian Informatics Center. The two officials are also bringing humanitarian aid, she said.

Estonia is also now hosting Georgia's Ministry of Foreign Affairs Web site, which has been under sustained attack over the last few days.

"Let's just say we moved it," Pargmae said. "I know that there are interested parties who read media so it's not good to say exactly where the hosting is."

The Web site for Georgia's president, Mikheil Saakashvili, remained up on Tuesday morning. That site was knocked offline around mid-July after a DDOS attack from a botnet, network experts said.

The botnet was based on the "MachBot" code, which communicates to other compromised PCs over the HTTP (Hypertext Transfer Protocol), the same protocol used for transmitting Web pages. MachBot code has been known to be used by Russian bot herders, according to the Shadowserver Foundation, which tracks malicious Internet activity.

Shadowserver said Monday that hackers had at one point defaced the Web site for Georgia's parliament. "The attackers have inserted a large image made up of several smaller side-by-side images of pictures of both the Georgian President and Adolf Hitler," the group wrote.

Georgia is now also hosting some sites in the U.S., a logical move to better defend the sites against attacks, Pargmae said. Shadowserver wrote that the presidential site appeared to have been moved to an IP (Internet protocol) address belonging to Tulip Systems, an ISP in Atlanta, Georgia.

The country is also looking to other ways to keep information flowing. A Georgian news site was also up, but the site warned it was under "permanent DDOS attack" That Web site has set up a group in Google's Groups service, where subscribers can get the news stories it regularly posts.