Russia vs. Georgia: The War We Didn’t See — Part 1
By now, everyone knows that while the most powerful Presidents and Prime Ministers in the world sat back and enjoyed the beginning of the Olympics, Russia snuck through the back door and invaded Georgia. This conflict/war was over the area of South Ossetia, which has been a place of interest since the collapse of the Soviet Union. But while we saw the tanks and Russian troops invading the region, what we didn’t see was the war between bytes and bits raging over the networks of Western Asia. In fact, if you didn’t know where to look, you most likely missed it. In this post, I will give you some articles I found talking about the Cyber-War, and then I will discuss them.
Kevin Coleman, a highly respected writer who focuses on cyber-security talks on his Defense Tech blog in a post entitled: Cyber-War 2.0 – Russia vs. Georgia.
“The second real cyber war has broken out. On August 8th, Russian troops crossed into South Ossetia vowing to defend what they called “Russian compatriots”. As this was taking place, a multi-faceted cyber attack began against the Georgian infrastructure and key government web sites. The attack modalities included: Defacing of Web Sites (Hacktivism), Web-based Psychological Operations (Psyc-Ops), a fierce propaganda campaign (PC) and of course a Distributed Denial of Service Attacks (DDoS).
Shortly after noon east coast time in the United States, CNN’s Wolf Blitzer attempted to interview Georgian President Mikhail Saakashvili by phone on his live news program. The first attempt was unsuccessful and the second attempt took place about ten minutes later was able to successfully connect to President Saakashvili. President Saakashvili immediately apologized for the missed connection earlier blaming the problem on a “cyber attack” against the Georgian VoIP phone system. Another causality of the cyber attack was the Georgian Ministry of Foreign Affairs (MFA) website. At one point in time the MFA’s web site had an image of Adolf Hitler beside the image of President Saakashvili.
At one point(used in the sentence above), multiple government websites were down or inaccessible for hours. This led them to make perhaps the most strategic move to date in cyber warfare. This impressive move came when the Georgian Government decided to relocate President Mikhail Saakashvili’s web site to a web site hosting service in Atlanta, Georgia in the United States. The strategic thinking surrounding this move was twofold. First, the Russian cyber attackers would surely think twice about attacking a web site hosted on servers located in the United States. Secondly, if the Russian cyber attackers were to go after the President’s web site hosted on U.S. soil, that action might bring the United States into the conflict.
I was told by a Georgian insider that “We were not prepared for the use of computer weapons against our communications infrastructure.” Other sources in the Estonian military also told me that they had offered their assistance to the Georgian Government early on in the cyber attack. She said that they (Estonia) had gained valuable knowledge from the forensic analysis of the cyber artifacts left behind after they were attacked in April/May of 2007.
I used SBIA and TIE techniques to analyze the cyber attack against Georgia. Based on all open source intelligence, the cyber attack on Georgia analysis resulted in the following information [on a scale of 1-5 with 5 being high].
Scale of the attack = 3.3
Complexity of the attack = 3.1
Impact of the attack = 3.5No longer can we ignore cyber weapons. This is the second minor cyber war that has broken out in the last two years. “Security experts and military leaders have been warning of the potential use of cyber weapons against government and civilian targets both as a stand-alone threat and coordinated military tactical modality,” said Brian from Spy-Ops. Cyber attacks and warfare have entered into the arsenal of modern warfare. Where and when the next attack will be launched is anyone’s question. The only thing for sure is there will be more.”
Gregg Keizer, a well published writer for Computerworld, talked on August 12th about hackers in Russia uniting to face Georgia.
“Security researchers today disputed claims that a well-known Russian hacker-hosting network is responsible for cyberattacks against sites belonging to Georgia, the former Soviet republic that has been battling Russian military forces since Friday.
Rather than blame the notorious Russian Business Network — as researcher Jart Armin did over the weekend — other researchers said today that it appears that the attacks originated from a “hacker militia” of Russian botnet herders and volunteers.”
Jeremy Kirk, another Computerworld writer followed suit by shedding some light on the Georgia side of things in an article entitled: Estonia, Poland help Georgia fight cyberattacks.
“In an intriguing cyberalliance, two Estonian computer experts are scheduled to arrive in Georgia by evening to keep the country’s networks running amid an intense military confrontation with Russia.
And Poland has lent space on its president’s Web page for Georgia to post updates on its ongoing conflict with Russia, which launched a military campaign on Friday to eject Georgian troops from South Ossetia and Abkhazia, two renegade areas with strong ties to Russia.
The cooperation between the former Iron Curtain allies is aimed at blunting pro-Russian computer hackers, who have been blamed over the last few years for cyberattacks against Estonia, Lithuania and Georgia in incidents linked to political friction between those nations and Russia.
Two of the four experts that staff Estonia’s Computer Emergency Response Team (CERT) were waiting Tuesday morning in Yerevan, the capital of Armenia, seeking permission to drive into Georgia, said Katrin Pärgmäe, communication manager for the Estonian Informatics Center. The two officials are also bringing humanitarian aid, she said.
Estonia is also now hosting Georgia’s Ministry of Foreign Affairs Web site, which has been under sustained attack over the last few days.”
This much coverage has never been done on a war fought online. I hope that as time progresses, more information will be released about what happened, but for now I’m satisfied. I don’t think we’ve seen the end of Russia’s cyber capabilities. With the US and Poland making this defense deal, a faceoff between the US and Russia cyber-forces may not be too far off. Who knows what the future holds.
Russia’s Cyber Capabilities
Throughout this post, I’ve been talking about Russia’s cyber-capabilities. On May 27th, Kevin Coleman outlined what exactly Russia can do in this regard.
“Russia is well known for its military mentality. Remember the cold war? It has taken nearly a decade for the world to realize the true threat of cyber war. Today, the world is dependent on computers and networks much more than we were eight years ago when we experienced the NATO-Serbia cyber war. Russia opened the eyes of the world to the looming threat of cyber warfare after the Estonia incident. Just last week Russia’s State Sponsored cyber forces opened up a new front in cyber war.
Reports indicate that Russian Cyber Forces unleashed a large scale cyber attack on Radio Free Europe. In addition, there is some evidence of the use of BotNets in politically motivated distributed denial-of-service (DDoS) attacks. With all this demonstrated ability, should we be concerned? What are Russia’s true cyber warfare ambitions? Russia’s Cyber Warfare Doctrine is designed to be a force multiplier along with more traditionary military actions including WMD attacks. A “force multiplier” is a military term that describes a weapon or tactic that, when added to and employed along with other combat forces, significantly increases the combat potential of that force.
Like all offensive cyber strategies it includes the capability to disruption the information infrastructure of their enemies. This doctrine includes strategies that would disrupt financial markets, military and civilian communications capabilities as well as other parts of the enemy’s critical infrastructure prior to the initiation of traditional military operations. They also address weaken the economy of their adversary to further decrease their ability to respond to the combined threat. Offensive cyber weapons receive great attention in the Russian Cyber Warfare Doctrine. This coupled with advanced R&D puts them on the leader board in cyber warfare.
Cyber attacks and cyber weapons are strategic arms and in effect are real offensive weapons. Cyber-attacks can harm or even paralyze a country and therefore have equivalent implications as that of physical military attacks. Most cyber attacks leave behind forensic evidence that can be used to assess the capabilities of the attacker. With all the attacks attributed to Russia, there has to be significant intelligence out there about techniques, cyber weapons, and strategies that have been used in these cyber assaults. An interesting point is that NATO’s Defensive Treaty drawn up in 1949 does not deal with cyber weapons as the Internet did not yet exist and there were very few computers at the time.
…
The following is an estimate of Russia’s cyber capabilities.
Russia’s 5th-Dimension Cyber Army:
Military Budget: $40 Billion USD
Global Rating in Cyber Capabilities: Tied at Number 4
Cyber Warfare Budget: $127 Million USD Offensive Cyber Capabilities: 4.1 (1 = Low, 3 = Moderate and 5 = Significant)
Cyber Weapons Arsenal in Order of Threat:· Large, advanced BotNet for DDoS and espionage
· Electromagnetic pulse weapons (non-nuclear)
· Compromised counterfeit computer software
· Advanced dynamic exploitation capabilities
· Wireless data communications jammers
· Cyber Logic Bombs Computer viruses and worms
· Cyber data collection exploits Computer and networks reconnaissance tools
· Embedded Trojan time bombs (suspected)
Cyber Weapons Capabilities Rating: Advanced
Cyber force Size: 7,300 +
Reserves and Militia: None
Broadband Connections: 23.8 Million +Close ties with Russian Business Network (RBN), who is thought to own and operate the second largest BotNet in the world. Intelligence suggests there are organized groups of hackers tied to the Federal Security Bureau (FSB).
The FSB is the internal counter intelligence agency of the Russian Federation and successor to the Soviet KGB. Russia is often overlooked as a significant player in the global software industry. Russia produces 200,000 scientific and technology graduates each year. This is as many as India, which has five times the population. This is hard to believe since their software industry can be traced back to the 1950s.
A study by the World Bank stated that more than one million people are involved in software research and development. Russia has the potential to become one of the largest IT markets in Europe. The Russian hacker attack on Estonia in 2007 rang the alarm bell. Nations around the world can no longer ignore the advanced threat that Russia’s cyber warfare capabilities have today and the ones they aspire to have in the near future.
From this information, one can only conclude that Russia has advanced capabilities and the intent and technological capabilities necessary to carry out a cyber attack anywhere in the world at any time.”
Overall, Russia is no joke when it comes to Cyber-Warfare. This high tech attack is a definite view into what we will see in the future. I bet you have already heard about China’s cyber-capabilities, and now Russia is a major player. I predict that Cyber-War 3.0 is not far off, and a Cyber-War including the US might also be in the not so distant future. Let the Cyber-Arms race continue; let’s hope the US can handle it.
More to come in Part 2…
