During the

Russo-Georgian War The 2008 Russo-Georgian WarThe war is known by a variety of other names, including Five-Day War, August War and Russian invasion of Georgia. was a war between Georgia, on one side, and Russia and the Russian-backed self-proclaimed republics of So ...

a series of

cyberattack A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, or personal computer devices. An attacker is a person or process that attempts to access data, functions, or other restricted ...

s swamped and disabled websites of numerous

South Ossetia South Ossetia, ka, სამხრეთი ოსეთი, ( , ), officially the Republic of South Ossetia – the State of Alania, is a international recognition of Abkhazia and South Ossetia, partially recognised Landlocked country, ...

Georgia Georgia most commonly refers to: * Georgia (country), a country in the Caucasus region of Eurasia * Georgia (U.S. state), a state in the Southeast United States Georgia may also refer to: Places Historical states and entities * Related to the ...

Russia Russia (, , ), or the Russian Federation, is a transcontinental country spanning Eastern Europe and Northern Asia. It is the largest country in the world, with its internationally recognised territory covering , and encompassing one-eight ...

n and

Azerbaijan Azerbaijan (, ; az, Azərbaycan ), officially the Republic of Azerbaijan, , also sometimes officially called the Azerbaijan Republic is a transcontinental country located at the boundary of Eastern Europe and Western Asia. It is a part of t ...

i organisations. The attacks were initiated three weeks before the shooting war began.

Attacks

On 20 July 2008, weeks before the Russian invasion of Georgia, "zombie" computers were already on the attack against Georgia. The website of the Georgian president Mikheil Saakashvili was targeted, resulting in overloading the site. The traffic directed at the website included the phrase "win+love+in+Rusia". The site then was taken down for 24 hours. On 5 August 2008, the websites for OSInform News Agency and OSRadio were hacked. The OSinform website at osinform.ru kept its header and logo, but its content was replaced by the content of Alania TV website. Alania TV, a Georgian government supported television station aimed at audiences in South Ossetia, denied any involvement in the hacking of the rival news agency website.

Dmitry Medoyev Dmitry Nikolayevich Medoyev (russian: Дмитрий Николаевич Медоев), born 15 May 1960, is the former foreign minister of South Ossetia. Previously, he was the Ambassador of South Ossetia to the Russian Federation. Previous to ...

, the South Ossetian

envoy Envoy or Envoys may refer to: Diplomacy * Diplomacy, in general * Envoy (title) * Special envoy, a type of diplomatic rank Brands * Airspeed Envoy, a 1930s British light transport aircraft * Envoy (automobile), an automobile brand used to sell B ...

to Moscow, claimed that Georgia was attempting to cover up the deaths of 29 Georgian servicemen during the flare-up on August 1 and 2. On 5 August,

Baku–Tbilisi–Ceyhan pipeline The Baku–Tbilisi–Ceyhan (BTC) pipeline is a long crude oil pipeline from the Azeri–Chirag–Gunashli oil field in the Caspian Sea to the Mediterranean Sea. It connects Baku, the capital of Azerbaijan and Ceyhan, a port on the south-eas ...

was subject to a terrorist attack near

Refahiye Refahiye is a town and district of Erzincan Province in the Eastern Anatolia region of Turkey. It covers an area of 1,744 km², and the elevation is 1,589 m. The district has a total population of 10,569 where 3730 live in the town of Refah ...

in Turkey, responsibility for which was originally taken by

Kurdistan Workers' Party The Kurdistan Workers' Party or PKK is a Kurdish militant political organization and armed guerrilla movement, which historically operated throughout Kurdistan, but is now primarily based in the mountainous Kurdish-majority regions of south ...

(PKK) but there is

circumstantial evidence Circumstantial evidence is evidence that relies on an inference to connect it to a conclusion of fact—such as a fingerprint at the scene of a crime. By contrast, direct evidence supports the truth of an assertion directly—i.e., without need f ...

that it was instead a sophisticated computer attack on line's control and safety systems that led to increased pressure and explosion. According to Jart Armin, a researcher, many Georgian Internet servers were under external control since late 7 August 2008. On 8 August, the DDoS attacks peaked and the defacements began. However, within hours the traffic was again diverted to Moscow-based servers. On 10 August 2008,

RIA Novosti RIA Novosti (russian: РИА Новости), sometimes referred to as RIAN () or RIA (russian: РИА, label=none) is a Russian state-owned domestic news agency. On 9 December 2013 by a decree of Vladimir Putin it was liquidated and its asset ...

news agency's website was disabled for several hours by a series of Georgian counter-attacks. By 11 August 2008, the website of the Georgian president had been defaced and images comparing President Saakashvili to

Adolf Hitler Adolf Hitler (; 20 April 188930 April 1945) was an Austrian-born German politician who was dictator of Germany from 1933 until his death in 1945. He rose to power as the leader of the Nazi Party, becoming the chancellor in 1933 and then ...

were posted. This was an example of cyber warfare combined with PSYOPs. Georgian Parliament's site was also targeted. Some Georgian commercial websites were also attacked. The Ministry of Foreign Affairs set up a blog on Google's Blogger service as a temporary site. The Georgian President's site was moved to US servers. The National Bank of Georgia’s Web site had been defaced at one point and 20th-century dictators' images and an image of Georgian president Saakashvili were placed. The Georgian Parliament website was defaced by the "South Ossetia Hack Crew" and the content was replaced with images comparing President Saakashvili to Hitler. Estonia offered hosting for Georgian governmental website and cyberdefense advisors. It was reported that the Russians bombed Georgia’s telecommunications infrastructure, including cell towers. Private United States companies also assisted the Georgian government to protect its non-war making information such as the government payroll during the conflict. Russian hackers also attacked the servers of the Azerbaijani Day.Az news agency. The reason was Day.Az position in covering the Russian-Georgian conflict. ANS.az, one of the leading news websites in Azerbaijan, was also attacked. Russian intelligence services had also disabled the information websites of Georgia during the war. The Georgian news site

Civil Georgia ''Civil Georgia'' ( ka, სივილ ჯორჯია) is a Tbilisi-based free daily news website run by Georgian NGO UN Association of Georgia. It is supported by USAID, Friedrich Ebert Foundation and Swiss Agency for Development and Co ...

switched their operations to one of Google's Blogspot domains. Despite the cyber-attacks, Georgian journalists managed to report on the war. Many media professionals and citizen journalists set up blogs to report or comment on the war. Reporters Without Borders condemned the violations of online freedom of information since the outbreak of hostilities between Georgia and Russia. "The Internet has become a battleground in which information is the first victim," it said. The attacks involved

Denial-of-service attack In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connect ...

s. On 14 August 2008, it was reported that although a ceasefire reached, major Georgian servers were still down, hindering communication in Georgia.

Analysis

The Russian government denied the allegations that it was behind the attacks, stating that it was possible that "individuals in Russia or elsewhere had taken it upon themselves to start the attacks".

Dancho Danchev Dancho is both a surname and a given name. Notable people with the name include: *Raquel Dancho Raquel Dancho (born April 16, 1990) is a Canadian politician who serves as the member of Parliament (MP) for Kildonan—St. Paul, Manitoba. A mem ...

, a Bulgarian Internet security analyst claimed that the Russian attacks on Georgian websites used “all the success factors for total outsourcing of the bandwidth capacity and legal responsibility to the average Internet user.” Jose Nazario, security researcher for Arbor Networks, told

CNET ''CNET'' (short for "Computer Network") is an American media website that publishes reviews, news, articles, blogs, podcasts, and videos on technology and consumer electronics globally. ''CNET'' originally produced content for radio and telev ...

that he was seeing evidence that Georgia was responding to the cyber attacks, attacking at least one Moscow-based newspaper site. According to Don Jackson, director of threat intelligence at SecureWorks, this was lending credence to the idea that the Russian government was indeed behind the attack, rather than the RBN. Furthermore, Jackson found that not all the computers that were attacking Georgian websites were on RBN servers, but also on "Internet addresses belonging to state-owned telecommunications companies in Russia". Gadi Evron, the former chief of Israel's

Computer Emergency Response Team A computer emergency response team (CERT) is an expert group that handles computer security incidents. Alternative names for such groups include computer emergency readiness team and computer security incident response team (CSIRT). A more modern ...

, believed the attacks on Georgian internet infrastructure resembled a cyber-riot, rather than cyber-warfare. Evron admitted the attacks could be "indirect Russian (military) action," but pointed out the attackers "could have attacked more strategic targets or eliminated the (Georgian Internet) infrastructure kinetically." Shadowserver registered six different

botnet A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its conn ...

s involved in the attacks, each controlled by a different command server. In March 2009, Security researchers from Greylogic concluded that Russia's

GRU The Main Directorate of the General Staff of the Armed Forces of the Russian Federation, rus, Гла́вное управле́ние Генера́льного шта́ба Вооружённых сил Росси́йской Федера́ци ...

and the FSB were likely to have played a key role in co-coordinating and organizing the attacks. The Stopgeorgia.ru forum was a front for state-sponsored attacks. John Bumgarner, member of the United States Cyber Consequences Uni
(US-CCU)
did a research on the cyberattacks during the Russo-Georgian War. The report concluded that the cyber-attacks against Georgia launched by Russian hackers in 2008 demonstrated the need for international cooperation for security. The report stated that the organizers of the cyber-attacks were aware of Russia's military plans, but the attackers themselves were believed to have been civilians. Bumgarner’s research concluded that the first-wave of cyber-attacks launched against Georgian media sites were in line with tactics used in military operations. "Most of the cyber-attack tools used in the campaign appear to have been written or customized to some degree specifically for the campaign against Georgia," the research stated.

References

External links

Russian Cyberwar on GeorgiaThe Russo-Georgian War 2008: The Role of the cyber attacks in the conflictOffensive Information OperationsDEFINING AND DETERRING CYBER WAR
{{DEFAULTSORT:Cyberattacks during the Russia-Georgia war Russo-Georgian War Cyberattacks 2008 in Russia 2008 in Georgia (country) 2008 in Azerbaijan 2008 in South Ossetia Internet in Georgia (country) Internet in Azerbaijan Internet in Russia 2000s internet outages

Attacks

Analysis

See also

References

External links