Home » Data Protection » Malware/Cybercrime

Industry View

Georgia Cyber Attacks From Russian Government? Not So Fast

It is natural for people to link cyber attacks against Georgia to the Russian government's military actions. But industry expert Gadi Evron says the evidence so far indicates otherwise

By Gadi Evron

Page 2

To be honest here, no one truly knows what's going on in Georgia's Internet except for what can be glimpsed from the outside, and what has been written by the Georgians on their blog (they opened a blog on Google's blogger service soon after their websites were taken offline). They were probably a bit busy avoiding getting killed by Russian bombs, though.

Renesys has been following the Georgian Internet links, which seem to be there, but occasionally drop due to power failures. Unlike what was previously reported, most of Georgia's outgoing routes are connected through Turkey rather than Russia, so Russian Internet service providers had little effect on stopping or hijacking connectivity to or from Georgia, if they indeed attempted it. This, however, raises an interesting question regarding what connectivity smaller countries have to the world, and where the bottlenecks are.

There have also been claims that Russian Business Network (RBN) - a criminal bullet-proof, law-proof, hosting organization - was behind the attacks. There is little evidence to support that at this time, although it has been clearly shown botnets using RBN's services to stay beyond the reach of the law were part of the attacking force. RBN's involvement and the possibility that Russian Internet service providers hijacked routes to Georgia is possible, but not enough information has been collected yet for us to be sure.

So it is clear their websites are under attack, and that Internet visibility-wise, the impact is real for the Georgians. And yet, it is simply too early and there is not enough information to call this an Internet war. It is too early to establish motive or who the perpetrator is, however much we may want to point fingers.

Following any political or ethnic tension, an online aftermath comes in the form of attacks, defacements, and enthusiast hackers swearing at the other side (which soon does the same, back). From a comic of the Prophet Muhammad to the war in Iraq, the Internet has given people a voice, even if sometimes expressed in irrational ways.

While Georgia's suffering is real, such attacks are nothing but routine here in Israel. When I ran the defense for the Israeli government Internet operation and then the Israeli government CERT, such attacks would occur daily if not by the minute. Hackers on the other side would band together, talk, coordinate a date, exchange tools, and attack.

In fact, I unintentionally started bigger so-called "wars" on my own when talking to the Israeli press. One such example was three years ago when 180 Israeli websites were defaced by unaffiliated Turkish hackers. Enthusiasts responded to the news story in comments and then attacked the "other side." I learned to avoid the press on such matters.