Russo-Georgian War |
---|
Main topics |
Related topics |
During the Russo-Georgian War, a series of cyberattacks swamped and disabled websites of numerous South Ossetian, Georgian, Russian and Azerbaijani organisations. The attacks were initiated three weeks before the shooting war began. [1]
Georgia was already being attacked over the internet by 20 July 2008. [2] [3] The website of the Georgian president Mikheil Saakashvili was targeted, resulting in overloading the site. The Web site was barraged with the message "win+love+in+Rusia". The site then was taken down for 24 hours. [4] [5]
On 5 August 2008, the websites for OSInform News Agency and OSRadio became victims of the hacking. The content of OSinform website at osinform.ru was replaced by the media of Alania TV website. Alania TV, a Georgian government backed television station, rejected responsibility for the hacking of the competing news agency website. Dmitry Medoyev, the South Ossetian envoy to Moscow, claimed that Georgia was attempting to suppress information on the casualties of the August 1-2 incident. [6]
On 5 August, Baku–Tbilisi–Ceyhan pipeline was subject to a terrorist attack near Refahiye in Turkey, responsibility for which was originally taken by Kurdistan Workers’ Party (PKK) but there is circumstantial evidence that it was instead a sophisticated computer attack on line's control and safety systems that led to increased pressure and explosion. [7]
According to researcher Jart Armin, many Georgian servers were controlled from outside since late 7 August 2008. [8] On 8 August, the DDoS attacks reached their climax. The defacements began. [9]
On 8 August 2008, South Ossetian websites were attacked. [10] [11]
On 9 August 2008, Russian and Turkish servers, allegedly controlled by the Russian hackers, were used to direct major Georgian Internet traffic. Although on the same day some Georgian Internet traffic was temporarily redirected to Germany, the Georgian traffic was soon again diverted to Moscow. [8] [12]
On 10 August 2008, attacks took down the site of RIA Novosti for several hours. [13] The next day, the sites of the Russian news agencies RIA Novosti, TASS, REGNUM News Agency, Lenta.ru, Izvestia and Echo of Moscow were being attacked. [14]
On 10 August, Jart Armin warned that Georgian official sites may be compromised. [8] [12]
By 11 August 2008, the website of the Georgian president had been defaced and images comparing President Saakashvili to Adolf Hitler were posted. This was an example of cyber warfare combined with PSYOPs. [9] Georgian Parliament's site was also targeted by the Denial-of-service attack. [9] [8] Attacks also targeted some Georgian commercial websites. [12] [8] [15] On 11 August, Foreign Ministry of Georgia said that Russia was conducting cyber battle against Georgian government sites simultaneously with a military operation, while a speaker for the Kremlin responded than it was Russian media and organisations that were being attacked. [16] The Ministry of Foreign Affairs started to use Google's Blogger service to spread news. [9] [15] US servers were allocated to host the website of the Georgian President. [15] Among the victims of defacement were the websites of the National Bank of Georgia and the Georgian Parliament. [2] [15]
Estonia provided hosting for Georgian governmental website and cyberdefense advisors. [17] [3] Development Centre of State Information Systems of Estonia said that help had not been asked for by Georgia. [12] Private United States companies also assisted the Georgian government to protect its non-war making information such as the government payroll during the conflict. [18] It was reported that the Georgian communications infrastructure was being attacked by the Russian warplanes. [17]
The servers of the Azerbaijani news agency, Day.Az, were also targeted by cyberattacks, orchestrated by Russian intelligence services due to news agency's coverage. [19] ANS.az, one of the news websites in Azerbaijan, was also targeted. [20] The Georgian news site Civil Georgia began using Blogspot to disseminate news. [17] Despite the cyber-attacks, Georgian journalists succeeded in reporting on the war by using blogs. [21] [22]
The U.S. presidential candidate Barack Obama called for ceasing the cyber attacks on the Georgia. [12] The President of Poland, Lech Kaczyński, criticized Russian obstruction of Georgian internet sites and proposed his website for spreading of the information. [15] Reporters Without Borders criticized the internet attacks, "The Internet has become a battleground in which information is the first victim." [20]
The attacks involved Denial-of-service attacks. [2] [15] [20] The New York Times reported on 12 August that some experts noted this as the first time in history that a notable cyber attack and an actual military engagement happened at the same time. The attacks, originating from Russian hosting offices, did not cease on 12 August and stopgeorgia.ru, a Russian anti-Georgian website, was still running. [2]
On 14 August 2008, The Washington Post reported that although a cease-fire was reached, communication infrastructure could not completely resume normal operation. [22]
The Russian authorities denied the allegations that they were responsible for the attacks, instead pointing the finger at ordinary citizens. [2] It was asserted that the Russian Business Network (RBN), the group from Saint Petersburg, organised these cyber attacks. [2] [8] [9] [12] [23] RBN was considered to be one of leading cyber crime networks in the world, whose founder allegedly is related to an influential person in Russian politics. [24]
Dancho Danchev, a Bulgarian Internet security analyst, claimed that the Russian attacks on Georgian websites used “all the success factors for total outsourcing of the bandwidth capacity and legal responsibility to the average Internet user.” [9]
Security researcher for Arbor Networks Jose Nazario told CNET that Georgian assault on the website of Russian newspaper served as a proof of actual Georgian response to the cyber attacks. [25]
Don Jackson, an employee of Secureworks, observed that botnets were prepared to attack Georgia in advance before the war. These botnets became operational just before Russian bombing of Georgia commenced on 9 August. [2] Don Jackson lent credence to the idea that the Russian government was behind the attack, rather than the RBN. Furthermore, Jackson found that not all the computers that were assaulting Georgian websites were controlled by RBN servers, but also were using "Internet addresses belonging to state-owned telecommunications companies in Russia". [26]
The CNN reported that according to specialists, the cyberwar against Georgia "signals a new kind of cyberwar, one for which the United States is not fully prepared." [27]
The ex-chief of Computer Emergency Response Team of Israel, Gadi Evron, believed the attacks on Georgian internet infrastructure resembled a cyber-rampage, rather than cyber-warfare. Evron admitted that although the attacks could be "indirect Russian (military) action," the attackers "could have attacked more strategic targets or eliminated the (Georgian Internet) infrastructure kinetically." Six distinct botnets, managed by distinct servers, were accounted for by Shadowserver Foundation. [28]
Jonathan Zittrain, one of the founders of Harvard's Berkman Klein Center for Internet & Society, said that the Russian army was capable of targeting Georgia's Internet infrastructure, while Bill Woodcock, the research director at Packet Clearing House, suggested the attacks were professionally "coordinated". The Russian newspaper, pro-Georgian Skandaly.ru, was also targeted by attacks, upon which Woodcock commented "This was the first time that they ever attacked an internal and an external target as part of the same attack." The attack script against Georgia was discovered on almost every Russian news site by Gary Warner, an expert at the University of Alabama at Birmingham. [3] Bill Woodcock also said cyber attacks would stay around as a part of military campaigns in the future due to their low-cost. [2]
The Economist described in detail in December 2008 how detailed manuals how to carry out DDoS attack against Georgian sites was available for any volunteer on Russian sites, such as StopGeorgia. Even the US and UK embassies Tbilisi were designated targets. The paper could not definitely link the attacks to the Russian authorities. [29]
In March 2009, Greylogic researchers assumed that the attacks were possibly conducted by Russian GRU and the FSB, who used the Stopgeorgia.ru forum as a facade to cover up the state responsibility. [30]
John Bumgarner, member of the United States Cyber Consequences Unit (US-CCU) did a research on the cyberattacks during the Russo-Georgian War. The report, published in August 2009, concluded that the 2008 Russian cyber warfare against Georgia stressed the importance of worldwide partnership to ensure cyber safety. The report stated that the Russian military planning was known to the cyber attackers, who were supposedly civilians. Bumgarner’s research concluded that "The first wave of cyber-attacks launched against Georgian media sites were in line with tactics used in military operations." [31] "Most of the cyber-attack tools used in the campaign appear to have been written or customized to some degree specifically for the campaign against Georgia," the research stated. The attackers possibly knew that the invasion of Georgia would begin before it even started. [32]
Michael Chertoff wrote in 2011 that the 2008 war demonstrated that the cyber war was the war of the future. The US Department of Defense published the first cyber strategy. [33]
Tskhinvali or Tskhinval is the capital of the disputed de facto independent Republic of South Ossetia, internationally considered part of Shida Kartli, Georgia. Tskhinvali Region, known historically as Samachablo, was always part of the Georgian state as a single military and administrative entity. It is located on the Great Liakhvi River approximately 100 kilometres (62 mi) northwest of the Georgian capital Tbilisi.
Cyberterrorism is the use of the Internet to conduct violent acts that result in, or threaten, the loss of life or significant bodily harm, in order to achieve political or ideological gains through threat or intimidation. Acts of deliberate, large-scale disruption of computer networks, especially of personal computers attached to the Internet by means of tools such as computer viruses, computer worms, phishing, malicious software, hardware methods, and programming scripts can all be forms of internet terrorism. Cyberterrorism is a controversial term. Some authors opt for a very narrow definition, relating to deployment by known terrorist organizations of disruption attacks against information systems for the primary purpose of creating alarm, panic, or physical disruption. Other authors prefer a broader definition, which includes cybercrime. Participating in a cyberattack affects the terror threat perception, even if it isn't done with a violent approach. By some definitions, it might be difficult to distinguish which instances of online activities are cyberterrorism or cybercrime.
Cyberwarfare is the use of cyber attacks against an enemy state, causing comparable harm to actual warfare and/or disrupting vital computer systems. Some intended outcomes could be espionage, sabotage, propaganda, manipulation or economic warfare.
The Internet has a long history of turbulent relations, major maliciously designed disruptions, and other conflicts. This is a list of known and documented Internet, Usenet, virtual community and World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.
Beginning on 27 April 2007, a series of cyberattacks targeted websites of Estonian organizations, including Estonian parliament, banks, ministries, newspapers and broadcasters, amid the country's disagreement with Russia about the relocation of the Bronze Soldier of Tallinn, an elaborate Soviet-era grave marker, as well as war graves in Tallinn. Most of the attacks that had any influence on the general public were distributed denial of service type attacks ranging from single individuals using various methods like ping floods to expensive rentals of botnets usually used for spam distribution. Spamming of bigger news portals commentaries and defacements including that of the Estonian Reform Party website also occurred. Research has also shown that large conflicts took place to edit the English-language version of the Bronze Soldier's Wikipedia page.
The Russian Business Network is a multi-faceted cybercrime organization, specializing in and in some cases monopolizing personal identity theft for resale. It is the originator of the PHP-based malware kit MPack and an alleged operator of the now defunct Storm botnet.
Anonymous is a decentralized international activist and hacktivist collective and movement primarily known for its various cyberattacks against several governments, government institutions and government agencies, corporations and the Church of Scientology.
Cyberwarfare by Russia includes denial of service attacks, hacker attacks, dissemination of disinformation and propaganda, participation of state-sponsored teams in political blogs, internet surveillance using SORM technology, persecution of cyber-dissidents and other active measures. According to investigative journalist Andrei Soldatov, some of these activities were coordinated by the Russian signals intelligence, which was part of the FSB and formerly a part of the 16th KGB department. An analysis by the Defense Intelligence Agency in 2017 outlines Russia's view of "Information Countermeasures" or IPb as "strategically decisive and critically important to control its domestic populace and influence adversary states", dividing 'Information Countermeasures' into two categories of "Informational-Technical" and "Informational-Psychological" groups. The former encompasses network operations relating to defense, attack, and exploitation and the latter to "attempts to change people's behavior or beliefs in favor of Russian governmental objectives."
Cyxymu is a screen name of a Georgian blogger who was targeted in a co-ordinated series of attacks on social networking sites Facebook, Google Blogger, LiveJournal and Twitter, taking the latter offline for two hours on August 7, 2009. The name mimics a Cyrillic spelling of Sukhumi (Сухуми), capital town in the Georgian breakaway region of Abkhazia. The blogger, who extensively covers the suffering of Georgian civilians during and after the War in Abkhazia, accuses Russia of trying to silence him using cyberattacks. Facebook came out in defense of Cyxymu, with chief security officer Max Kelly stating that "It was a simultaneous attack across a number of properties targeting him to keep his voice from being heard."
Jart Armin is an investigator, analyst and writer on cybercrime and computer security, and researcher of cybercrime mechanisms and assessment.
Anonymous is a decentralized virtual community. They are commonly referred to as an internet-based collective of hacktivists whose goals, like its organization, are decentralized. Anonymous seeks mass awareness and revolution against what the organization perceives as corrupt entities, while attempting to maintain anonymity. Anonymous has had a hacktivist impact. This is a timeline of activities reported to be carried out by the group.
In 2013, there were two major sets of cyberattacks on South Korean targets attributed to elements within North Korea.
Cyberwarfare is a component of the confrontation between Russia and Ukraine since the Revolution of Dignity in 2013-2014. While the first attacks on information systems of private enterprises and state institutions of Ukraine were recorded during mass protests in 2013, Russian cyberweapon Uroburos had been around since 2005. Russian cyberwarfare continued with the 2015 Ukraine power grid hack at Christmas 2015 and again in 2016, paralysis of the State Treasury of Ukraine in December 2016, a Mass hacker supply-chain attack in June 2017 and attacks on Ukrainian government websites in January 2022.
Sandworm is an advanced persistent threat operated by Military Unit 74455, a cyberwarfare unit of the GRU, Russia's military intelligence service. Other names for the group, given by cybersecurity researchers, include Telebots, Voodoo Bear, IRIDIUM, Seashell Blizzard, and Iron Viking.
During the prelude to the Russian invasion of Ukraine and the Russian invasion of Ukraine, multiple cyberattacks against Ukraine were recorded, as well as some attacks on Russia. The first major cyberattack took place on 14 January 2022, and took down more than a dozen of Ukraine's government websites. According to Ukrainian officials, around 70 government websites, including the Ministry of Foreign Affairs, the Cabinet of Ministers, and the National and Defense Council (NSDC), were attacked. Most of the sites were restored within hours of the attack. On 15 February, another cyberattack took down multiple government and bank services.
Anonymous, a decentralized international activist and hacktivist collective, has conducted numerous cyber-operations against Russia since February 2022 when the Russian invasion of Ukraine began.
Killnet is a pro-Russia hacker group known for its DoS and DDoS attacks towards government institutions and private companies in several countries during the 2022 Russian invasion of Ukraine. The group is thought to have been formed sometime around March 2022.
NoName057(16) is a pro-Russian hacker group that first declared itself in March 2022 and claimed responsibility for cyber-attacks on Ukrainian, American and European government agencies, media, and private companies. It is regarded as an unorganized and free pro-Russian activist group seeking to attract attention in Western countries.
Anonymous Sudan is a hacker group that has been active since mid-January 2023 and believed to have originated from Russia with no links to Sudan or Anonymous. They have launched a variety of distributed denial-of-service (DDoS) attacks against targets.