Team Infidel
Forum Spin Doctor
Wall Street Journal
August 12, 2008
Pg. 9
By Siobhan Gorman
WASHINGTON -- Georgian officials and international security experts say the Georgian government was hit by repeated cyberattacks just as Russia launched military action against the country, a move that illustrates the potential of cyberwarfare to augment a military attack.
The leading suspect behind the attacks, which disabled key government Web sites, is a cybercriminal organization known as the Russian Business Network, according to one person briefed on the subject. That organization, however, is believed to act only as a carrier for criminal activities online. It may not be possible to determine who is ultimately responsible.
Lauri Almann, the deputy minister of defense of Estonia, which is helping Georgia formulate its response to the cyberattacks, said in an interview it appears likely that the Georgian government and local media outlets were hit by what's known as "denial of service" attacks, which shut down their Web sites.
The attacks on Georgia's public-information infrastructure have been particularly stinging in a conflict in which U.S. ally President Mikheil Saakashvili has tried to mount an aggressive media offensive on the airwaves. "Those attacks have to a certain extent hampered the government's ability to spread their message on the Internet," Mr. Almann said.
It isn't immediately clear how significant a problem the cyberattacks posed for the Georgian government, which has been very aggressive in documenting its grievances against Russia. It is also hard to trace such efforts, given how the Internet makes it easy for people to cover their tracks.
The attacks, which appear to have begun Thursday and have repeated over the past few days, targeted several government Web sites including the main one for the office of President Saakashvili, the Parliament, the Ministry of Defense and the Ministry of Foreign Affairs.
The automated cyberassault crippled the Web sites by bombarding them with data, said one person briefed on the matter. It isn't clear yet what other Internet functions -- email for example -- may have been disabled. On Monday, President Saakashvili's interview with CNN was interrupted. When the cable channel put the president back on air, he blamed a "cyberattack" on his Internet-based phone system.
Separately, Don Jackson, director of threat intelligence for SecureWorks, an Atlanta computer-security company, analyzed the Internet traffic during the attacks and found evidence of outsiders breaking into and erasing data from Georgian government servers. He traced the attacks from what he called a "cyberinfantry" to servers used both by the Russian Business Network and the Russian government.
Cybersecurity experts say this appears to represent the first time cyberattacks have been employed so publicly alongside a military assault. Presumptive Democratic presidential nominee Barack Obama demanded specifically that Russia "must end its cyberwar against Georgian government Web sites."
Georgian government officials attributed the attacks broadly to Russia. "A cyberwarfare campaign by Russia is seriously disrupting many Georgian Web sites, including that of the Ministry of Foreign Affairs," the Ministry of Foreign Affairs said in a statement on a make-shift Web site the department is using to communicate while the official version is under siege.
Russian embassy spokesman Yevgeniy Khorishko denied any Russian government involvement. "Russia is not responsible for that," he said. "How do the Georgians know that these are Russians? We have nothing to do with these attacks." He said Monday Georgia has blocked access to all Russian Web sites -- ones that end in the suffix ru.
The attacks don't appear to have targeted the country's physical infrastructure, such as computer systems controlling electrical grids. That could be because the country's infrastructure is older and more difficult to attack via the Internet than it would be in the U.S., cybersecurity experts said.
It is difficult to determine who is behind a cyberattack. Georgian government officials tapped into an international network of cybersleuths in countries such as Germany, Estonia and the U.S. They moved government information to servers in Germany and established backup systems in Estonia, which has become an international expert in cyber-response since its government Web sites came under attack last year, by what is believed to have been a Russian adversary.
Investigators assisting the Georgian government landed on the Russian Business Network as a potential suspect by tracing back the sources of the attack, which are computer servers that have been used by the organization, said the person briefed on the matter.
The St. Petersburg-based group is the cyberequivalent of a landlord that leases rooms to drug dealers, said Zulfikar Ramzan, a technical director for Symantec, a computer-security company. The group essentially rents servers to people who want to use them for illegal purposes, he said.
A recent Symantec report found that approximately half of the world's so-called phishing attacks -- attempts to steal consumers personal information -- were traced back to servers run by the Russian Business Network.
It is possible another organization could have "spoofed" the origin of the attacks to make it appear as if they were coming from these servers.
Asked about possible involvement by the cybercriminal organization, Mr. Khorishko said he could speak only for the Russian government.
Georgia's problems follow last year's 24-day attack on Estonia's cyberinfrastructure, which bombarded government Web sites and eventually forced banks to be taken offline. In Estonia, 94% of all banking, as well as some government service provided by banks, is done online.
"Cyberattacks are now a staple of conflict -- whether authorized or unauthorized," said Paul Kurtz, a former aide to the U.S. government's National Security Council. Such attacks are particularly unpredictable because they can be launched by groups outside of the government, which can escalate crises even as governments are seeking to diffuse them, he said.
Potentially, such attacks could take out key infrastructure such as electricity or water. That ability to target civilians could redefine the rules of war, said O. Sami Saydjari, president of the Cyber Defense Agency a nonprofit think tank.
August 12, 2008
Pg. 9
By Siobhan Gorman
WASHINGTON -- Georgian officials and international security experts say the Georgian government was hit by repeated cyberattacks just as Russia launched military action against the country, a move that illustrates the potential of cyberwarfare to augment a military attack.
The leading suspect behind the attacks, which disabled key government Web sites, is a cybercriminal organization known as the Russian Business Network, according to one person briefed on the subject. That organization, however, is believed to act only as a carrier for criminal activities online. It may not be possible to determine who is ultimately responsible.
Lauri Almann, the deputy minister of defense of Estonia, which is helping Georgia formulate its response to the cyberattacks, said in an interview it appears likely that the Georgian government and local media outlets were hit by what's known as "denial of service" attacks, which shut down their Web sites.
The attacks on Georgia's public-information infrastructure have been particularly stinging in a conflict in which U.S. ally President Mikheil Saakashvili has tried to mount an aggressive media offensive on the airwaves. "Those attacks have to a certain extent hampered the government's ability to spread their message on the Internet," Mr. Almann said.
It isn't immediately clear how significant a problem the cyberattacks posed for the Georgian government, which has been very aggressive in documenting its grievances against Russia. It is also hard to trace such efforts, given how the Internet makes it easy for people to cover their tracks.
The attacks, which appear to have begun Thursday and have repeated over the past few days, targeted several government Web sites including the main one for the office of President Saakashvili, the Parliament, the Ministry of Defense and the Ministry of Foreign Affairs.
The automated cyberassault crippled the Web sites by bombarding them with data, said one person briefed on the matter. It isn't clear yet what other Internet functions -- email for example -- may have been disabled. On Monday, President Saakashvili's interview with CNN was interrupted. When the cable channel put the president back on air, he blamed a "cyberattack" on his Internet-based phone system.
Separately, Don Jackson, director of threat intelligence for SecureWorks, an Atlanta computer-security company, analyzed the Internet traffic during the attacks and found evidence of outsiders breaking into and erasing data from Georgian government servers. He traced the attacks from what he called a "cyberinfantry" to servers used both by the Russian Business Network and the Russian government.
Cybersecurity experts say this appears to represent the first time cyberattacks have been employed so publicly alongside a military assault. Presumptive Democratic presidential nominee Barack Obama demanded specifically that Russia "must end its cyberwar against Georgian government Web sites."
Georgian government officials attributed the attacks broadly to Russia. "A cyberwarfare campaign by Russia is seriously disrupting many Georgian Web sites, including that of the Ministry of Foreign Affairs," the Ministry of Foreign Affairs said in a statement on a make-shift Web site the department is using to communicate while the official version is under siege.
Russian embassy spokesman Yevgeniy Khorishko denied any Russian government involvement. "Russia is not responsible for that," he said. "How do the Georgians know that these are Russians? We have nothing to do with these attacks." He said Monday Georgia has blocked access to all Russian Web sites -- ones that end in the suffix ru.
The attacks don't appear to have targeted the country's physical infrastructure, such as computer systems controlling electrical grids. That could be because the country's infrastructure is older and more difficult to attack via the Internet than it would be in the U.S., cybersecurity experts said.
It is difficult to determine who is behind a cyberattack. Georgian government officials tapped into an international network of cybersleuths in countries such as Germany, Estonia and the U.S. They moved government information to servers in Germany and established backup systems in Estonia, which has become an international expert in cyber-response since its government Web sites came under attack last year, by what is believed to have been a Russian adversary.
Investigators assisting the Georgian government landed on the Russian Business Network as a potential suspect by tracing back the sources of the attack, which are computer servers that have been used by the organization, said the person briefed on the matter.
The St. Petersburg-based group is the cyberequivalent of a landlord that leases rooms to drug dealers, said Zulfikar Ramzan, a technical director for Symantec, a computer-security company. The group essentially rents servers to people who want to use them for illegal purposes, he said.
A recent Symantec report found that approximately half of the world's so-called phishing attacks -- attempts to steal consumers personal information -- were traced back to servers run by the Russian Business Network.
It is possible another organization could have "spoofed" the origin of the attacks to make it appear as if they were coming from these servers.
Asked about possible involvement by the cybercriminal organization, Mr. Khorishko said he could speak only for the Russian government.
Georgia's problems follow last year's 24-day attack on Estonia's cyberinfrastructure, which bombarded government Web sites and eventually forced banks to be taken offline. In Estonia, 94% of all banking, as well as some government service provided by banks, is done online.
"Cyberattacks are now a staple of conflict -- whether authorized or unauthorized," said Paul Kurtz, a former aide to the U.S. government's National Security Council. Such attacks are particularly unpredictable because they can be launched by groups outside of the government, which can escalate crises even as governments are seeking to diffuse them, he said.
Potentially, such attacks could take out key infrastructure such as electricity or water. That ability to target civilians could redefine the rules of war, said O. Sami Saydjari, president of the Cyber Defense Agency a nonprofit think tank.