There’s no doubt that Georgia is being militarily attacked by Russia. Russia is dropping actual bombs deep inside the country, and it’s not clear, at the moment, how far the attack will go.
There are also reports that cyber-warfare attacks are under way, and here the picture is less clear. Jart Armin’s RBN Blog, which follows the infamous Russian Business Network, has been reporting that “RBN (Russian Business Network) now nationalized, invades Georgia Cyber Space.” Armin has been directly relaying reports from the Georgian government in that entry and others.
These reports show government sites and critical infrastructure blocked by DDOS attacks. RBN Blog calls it “a full cyber siege of Georgia’s cyber space” and an effective one: On Aug. 9, Armin wrote: “At this time all Georgia government web sites are unobtainable from US, UK, FR, and DE cyber space, as examples.”
But there are other reports challenging some of these claims, and they have some merit. The first issue I’ll point out has to do with the Georgian Ministry of Foreign Affairs, which has opened up a blog on Google’s Blogger after stating, through the RBN Blog, that their official site had been taken down. Yet on Aug. 11, I got to the official Ministry of Foreign Affairs of Georgia Web site with no problem. The RBN Blog specifically warns that some sites claiming to be an official Georgian source may be fraudulent, but the mfa.gov.ge site certainly seems to be holding the same positions as those coming through the RBN Blog.
Much of the analysis of the cyber aspects of the war focus on network maps and how Georgian Internet access connects to the rest of the world. The RBN Blog has some analysis of this, but its map is a bowl of spaghetti and impossible to follow. Much better is the analysis on the renesys blog, which also touches on the issue of oil pipelines, surprisingly relevant to the cyber-warfare issues.
The renesys analysis shows that there are certainly significant outages: “… up to 35% of the prefixes disappeared from the Internet, sometimes for long periods of time, and up to 60% of them were unstable.” Yet they also say that none of these outages seemed to be permanent, surprisingly so for a war zone.
Gadi Evron, who was deeply involved in the resolution of the Russian cyber-war against Estonia, also argues that current events in Georgia don’t seem to rise to the level of cyber-warfare: “While Georgia is obviously under a DDoS attack and it is political in nature, it doesn’t so far seem different than any other online after-math by fans. Political tensions are always followed by online attacks by sympathizers.”
What persuades Evron, and persuades me, is the knowledge that if Russia really wanted to take down Georgia’s electronic infrastructure, and really had command of the RBN to do it, they could do it much more convincingly than what seems to be case right now. Things would be firmly shut down. What we have now appears to be the efforts of relative amateurs.
I hope nobody mistakes my sympathies in this case. Even if Russia were conducting full-scale cyber-warfare against Georgia, it would be small potatoes compared with the crimes it is committing with conventional war, in which we have been treated to pictures of bombed apartment buildings and dead civilians on the side of the road. Even if, as the Washington Post reported Aug. 11, Russian President Dmitri Medvedev is saying that military operations in Georgia are almost complete, the infamy of their actions will last.
But if Russia could have launched a cyber-war and didn’t, why didn’t it? That’s the interesting question.
Security CenterEditor Larry Seltzer has worked in and written about the computer industry since 1983.
For insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer’s blog Cheap Hack.