Attacks on Georgia Web Sites May Not Be ‘Cyberwar’
Security researchers are still trying to work out exactly who is responsible for the cyberwar tactics that have knocked many Georgian government Web sites offline. While Georgian officials blamed Russia, many security experts have pointed the finger at the Russian Business Network (RBN), a shadowy outfit — that may no longer even exist — which has previously provided network services for Russian criminal gangs.
But Gadi Evron, a prominent Internet security researcher and the founder of Israel’s Computer Emergency Response Team, posited that the attackers are more likely nationalistic “enthusiasts” than organized criminals or Russian government operatives.
Pointing out that in the current environment almost any distributed denial of service (DDoS) attack is likely to be deemed “cyberwar,” Evron wrote on his blog, “Not every fighting is warfare. While Georgia is obviously under a DDoS attack, and it is political in nature, it doesn’t so far seem different than any other online aftermath by fans. Political tensions are always followed by online attacks by sympathizers.”
Since Russia is already using real bombs in Georgia, it could have “eliminated the infrastructure kinetically,” if that were its aim, Evron said.
Is This Warfare?
“Coulda, shoulda. . . the nature of what’s going on isn’t clear, but until we are certain anything state-sponsored is happening on the Internet, it is my official opinion this is not warfare, but just some unaffiliated attacks by Russian hackers and/or some rioting by enthusiastic Russian supporters,” Evron concluded.
Regardless of who is responsible or even the nature of the attacks, “What matters is that the Internet is being used as a tool in warfare,” said Andrew Storms, director of security operations for nCircle Network Security.
DDoS attacks are serious business, Storms added. “Let’s not put a diminutive feel on these cyberattacks. A DDoS attack is still a serious event, and according to some of the statistics provided, very few Web sites would have been able to withstand these onslaughts.”
Some Signs Point to RBN
The fact that the attackers may well be unaffiliated enthusiasts serves only to underscore the power of cyberwar tactics. “These days, it doesn’t take a tank to participate in a war, but only home broadband and a computer. The Internet can bring a war right into your own home in more than one way,” Storms said.
Other researchers point a finger at the Russian Business Network. “The attackers are using the same tools and the same attack commands that have been used by the RBN, and in some cases, the attacks are being launched from computers they are known to control,” Don Jackson, director of threat intelligence for SecureWorks, told the New York Times.
At this point, there’s no firm evidence pointing decisively at any one group, though. “We are simply seeing the attacks coming from known hosting services,” said Paul Ferguson, an advanced threat researcher at Trend Micro.
The Russian government has come out in favor of the enthusiast theory. “I cannot exclude this possibility,” said Yevgeniy Khorishko, a spokesman for the Russian Embassy in Washington. “There are people who don’t agree with something, and they try to express themselves. You have people like this in your country.”