The cyber-attacks against Georgia launched by Russian hackers in 2008 demonstrate the need for international cooperation for security, according to a report by the U.S. Cyber Consequences Unit. The nonprofit research institute US-CCU links the attacks to hackers whose organizers were tipped off to Russia's military plans.
When resentment against a pro-Georgian
boiled over into a distributed denial-of-service attack against
social networking sites Aug. 6, it seemed to echo the cyber-attacks that
occurred when Russia
in August 2008. Experts say this type of hacktivism will likely continue to
increase, leaving countries with the question of what to do in response to
similar incidents happening in conjunction with military action.
A new report from the U.S. Cyber Consequences Unit, of which a summary was released
Aug. 17, focuses on the cyber-attacks that accompanied Russia's military
assault and calls for the creation of an international
organization to provide risk advisories
when political, economic or
military circumstances make a cyber-attack likely or when warning signs of such
an attack are detected.
The report stated that, as many people have suspected, the organizers of the
cyber-attacks were aware of Russia's
military plans. However, the attackers themselves are believed to have been
civilians. Their targets included media, government and financial sites,
according to the report.
"The first wave of cyber-attacks launched against Georgian media sites
were in line with tactics used in military operations," John Bumgarner, US-CCU's
research director for security technology, told eWEEK.
"There were several key command and control (C&C) servers used to
coordinate the global botnet(s) used in the DDoS attacks," Bumgarner
continued. "The exact number of computers compromised globally is
unknown, but probably numbered in the tens of thousands."
initial technical response to the attack was to install filters to block
Russian IP addresses and protocols used by the attackers, the report stated.
Hacktivists circumvented this by using foreign servers to mask their IP
addresses, and changing the protocols they used. They utilized software to
spoof IP addresses as well.
second response-to shift the hosting of its Websites to other countries where
attack traffic could more easily be filtered out-was more effective, according
to the report.
In such a situation, the existence of an international cyber-response force
could have prevented some of the disruption, the report contended.
had been able to call on this sort of apparatus, the interruptions in its
online activities would probably have lasted only a few hours or even a few
minutes, rather than several days," the report stated. "In addition,
a well-prepared international team could have collected forensic evidence,
making it possible to answer the questions about the cyber-campaign that still
remain open. One of these important unanswered questions is what spyware and
other malicious code the attackers may have left behind."
For all the confusion the attacks caused, there is actually a silver lining,
according to Bumgarner.
"In traditional warfare these attack techniques would have been 1)
aerial bombardments, which would have inflicted physical damage to the target
or 2) electronic jamming, which would have disrupted the communication of these
targets," he said. "The [disruptive] cyber-techniques used in
2008 spared the Georgian targets from long-term physical damage."