Cyberattacks on Georgia's sites continue
As a shaky truce that halted the military conflict between Russia and Georgia took hold today, Georgia’s Internet infrastructure continued to be plagued by cyberattacks, according to observers who have been monitoring the attacks.
Today, more than 20 Georgian government Web sites, three commercial financial institutions and two media outlets remain off-line, said John Bumgarner, the research director for Security Technology at the U.S. Cyber Consequences Unit. He has been monitoring the situation from the United States. The US-CCU is an independent, nonprofit research institute, originally established at the request of senior U.S. government officials.
The rash of virtual attacks that overwhelmed Georgia's Web sites in recent days coincided with the outbreak of the military clash between Georgia and Russia. The targets of the attacks have included Georgia’s National Guard Ministry of the Defense, the nation's presidential site, and Georgia’s parliament’s site, Bumgarner said.
Bumgarner explained that the number of Web sites off-line can fluctuate dramatically, depending on which offensive and defensive measures being employed. Bumgarner said his calculations were based only on certain sites of interest, and thus the total number of sites off-line could be higher.
Yevgeniy Khorishko, a spokesman for the Russian Embassy in Washington, said Russian officials had nothing to do with the cyberattacks. He said Georgia was blocking Russian Web sites to prevent Russia' s point of view from being available in Georgia.
Given the nature of the distributed denial-of-service cyberattacks on Georgia's Internet infrastructure, experts say it remained impossible to determine who is behind the attacks.
“That’s the problem with distributed denial-of-service [attacks] — it’s really hard to identify the actor,” Bumgarner said.
The attacks are similar to the ones that brought Estonia’s Internet infrastructure to a standstill in April 2007, as political tensions rose between Russia and Estonia. The tactics include botnet attacks, in which computers, hijacked and controlled remotely, are used to overload the country’s information technology infrastructure.
Lauri Almann, Estonia’s permanent undersecretary of defence, confirmed today that Estonia had responded to Georgia's request for assistance in dealing with the cyberattacks by sending two civilian Estonian computer experts to that nation. Estonia has also been hosting Georgian Web sites to help.
The experts “have experience from the recent attacks of last year that took place against Estonia,” he said. “The attacks are quite similar in nature there for we have been successful in using some of the lessons learned from April 2007.”
However, authorities have still been unable to confirm exactly who was responsible for the 2007 cyberattacks on Web sites in Estonia.
“As we all know the attribution is what is so unpleasant and dangerous with cyberattacks,” he said. “When you take a look at conventional warfare, there are no questions or very [few] questions about attribution…but when we look at cyberwarfare, attribution is complicated.”
Almann said the primary goal of the attacks appeared to be disruption of the Georgian government’s ability to disseminate information.
Bumgarner said the initial attacks used standard Internet Control Message Protocol packets to overwhelm the sites, but after these "ping" packets were blocked, the attackers quickly shifted to using the Hypertext Transfer Protocol—the protocol that most Web traffic uses to communicate.
Ben Bain is a reporter for Federal Computer Week.