As the actual ground combat between Russia and the former Soviet Republic of Georgia grinds to a halt, security and Web experts have begun to focus on what might have been a secret third front in the conflict: the Internet. With numerous Georgian government Web sites defaced or shut down, the virtual attacks that preceded the actual invasion may go down in history as the first war in cyberspace.
The first barrages began in the end of July, and consisted of denial of service attacks on the Georgian President’s Web site. A denial of service attack (DoS) involves shutting down a server by routing more traffic to the site than the machines can handle. These attacks are committed by bot servers, which constantly bombard the target site with service requests.
Those July disturbances turned out to be reconnaissance for the large scale attack that coincided with the ground invasion on August 11th. DoS attacks disabled Georgian government Web sites; first publicized by the Ministry of Foreign Affairs of Georgia Web site, which was forced to move to Google Blogs after its Georgia-based site was disabled. Additionally, the Bank of Georgia’s Web site was defaced with pictures of Georgia’s President juxtaposed with pictures of Adolf Hitler.
Finding out who is behind the attacks is more complex than it first appears. None of the attacks could be traced back to the Russian government directly, with most security experts attributing the implementation of the attacks to the innocuously named Russian Business Network (RBN). RBN is actually an organized crime front that has been linked to spreading malware, spamming, phishing, identity theft and even child pornography.
However, some experts disagree, with CNET.com reporting that the attacks might be the work of nationalistic private hackers, in effect, the Internet version of the Russia-backed militias that have been fighting alongside the Russian army in the ground war. DoS attacks against popular Georgian hacker forums and the publication of Georgian politician’s emails address for spamming seems to support this theory. For its part, Georgia has not been passive, with Georgian hackers launching their own DoS attacks against Russian news outlets.
Whether or not these attacks represent the Russian military acting against the Georgian government by proxy or ambitious nationalist hackers seizing an opportunity, these attacks clearly indicate that the Internet has become a battlefield.