Cyberattacks on Georgia's sites continue

As a shaky truce that halted the military conflict between Russia and Georgia took hold today, Georgia’s Internet infrastructure continued to be plagued by cyberattacks, according to observers who have been monitoring the attacks.

Today, more than 20 Georgian government Web sites, three commercial financial institutions and two media outlets remain off-line, said John Bumgarner, the research director for Security Technology at the U.S. Cyber Consequences Unit. He has been monitoring the situation from the United States. The US-CCU is an independent, nonprofit research institute, originally established at the request of senior U.S. government officials.

The rash of virtual attacks that overwhelmed Georgia's Web sites in recent days coincided with the outbreak of the military clash between Georgia and Russia. The targets of the attacks have included Georgia’s National Guard Ministry of the Defense, the nation's presidential site, and Georgia’s parliament’s site, Bumgarner said.

Bumgarner explained that the number of Web sites off-line can fluctuate dramatically, depending on which offensive and defensive measures being employed.  Bumgarner said his calculations were based only on certain sites of interest, and thus the total number of sites off-line could be higher.

Yevgeniy Khorishko, a spokesman for the Russian Embassy in Washington, said Russian officials had nothing to do with the cyberattacks. He said Georgia was blocking Russian Web sites to prevent Russia' s point of view from being available in Georgia.

Given the nature of the distributed denial-of-service cyberattacks on Georgia's Internet infrastructure, experts say it remained impossible to determine who is behind the attacks.

“That’s the problem with distributed denial-of-service [attacks] — it’s really hard to identify the actor,” Bumgarner said. 

The attacks are similar to the ones that brought Estonia’s Internet infrastructure to a standstill in April 2007, as political tensions rose between Russia and Estonia. The tactics include botnet attacks, in which computers, hijacked and controlled remotely, are used to overload the country’s information technology infrastructure.

Lauri Almann, Estonia’s permanent undersecretary of defence, confirmed today that Estonia had responded to Georgia's request for assistance in dealing with the cyberattacks by sending two civilian Estonian computer experts to that nation. Estonia has also been hosting Georgian Web sites to help.

The experts “have experience from the recent attacks of last year that took place against Estonia,” he said. “The attacks are quite similar in nature there for we have been successful in using some of the lessons learned from April 2007.”

However, authorities have still been unable to confirm exactly who was responsible for the 2007 cyberattacks on Web sites in Estonia.

“As we all know the attribution is what is so unpleasant and dangerous with cyberattacks,” he said. “When you take a look at conventional warfare, there are no questions or very [few] questions about attribution…but when we look at cyberwarfare, attribution is complicated.”

Almann said the primary goal of the attacks appeared to be disruption of the Georgian government’s ability to disseminate information.

Bumgarner said the initial attacks used standard Internet Control Message Protocol packets to overwhelm the sites, but after these "ping" packets were blocked, the attackers quickly shifted to using the Hypertext Transfer Protocol—the protocol that most Web traffic uses to communicate.

About the Author

Ben Bain is a reporter for Federal Computer Week.


  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.