Russian Cyberwar Against Georgia Raises Internet Security Concerns for United States

Published October 10, 2008

When the Georgian-Russian war broke out on August 8, reports of attacks on official Georgian Web sites gave the impression of a coordinated cyberattack from Russia.

The source of the attacks is still a subject of debate among cyberwar experts because of the difficulties involved in tracing a distributed attack back to a government agency or sponsor. That gives potential state sponsors of cyberattacks the advantage of plausible deniability, analysts note.

The U.S. government is apparently concerned about the possibility of such attacks on the United States. The U.S. Air Force is contemplating establishing a cybercommand center.

Shadowy Business

The shadowy nature of cyberwar is one reason Georgian and Russian claims in the current conflict must be taken with “a grain of salt,” says James Carafano of The Heritage Foundation. With potential assaults coming from self-mobilizing bloggers, criminal elements, “patriotically minded” businesses, and official state sources, “it’s become a part of war” in Carafano’s view.

Kevin Coleman, DefenseTech’s cyberwar blogger and a strategic management consultant with Technolytics, said, “An unprotected computer is a weapon waiting to be used.”

According to Coleman, the cybercrime organization, Internet host, and collection of hackers called the “Russian Business Network” (RBN) can marshal “cybersoldiers of fortune” capable of deploying millions of compromised computers to a variety of ends, including taking down the Web site of Georgian President Mikheil Saakashvili.

Uncertain Sources

André M. DiMino, co-founder and director of Shadowserver, a volunteer network that gathers, analyzes, and shares data on cyberattacks, questions whether RBN is involved at all and whether state action could ever be proved in a case like this.

The pattern of attacks in Georgia, which Shadowserver first noted and reported on July 20, weeks before the outbreak of military hostilities, points to “grassroots hacktivists,” DiMino says. He believes what Georgia has experienced is “not a sophisticated attack at all” but instead the work of a “run-of-the-mill botnet.”

DiMino says the particular botnet prominent in the Georgia attacks was a preexisting one able to be deployed for mercenary, political, or merely prankish ends.

Psychological Warfare

Even taking a minimalist view of today’s cyberattack capabilities, bringing down an opposition government’s Web site could be an effective tactic for psychological warfare, analysts say. Thus Georgian hackers had no qualms about hitting back at Russian Web sites.

It will be months, maybe years, before the tech community gets a good grasp of the scope, significance, and source of these cyberwar exchanges between Russia and Georgia, analysts note.

Coleman, for one, believes there can be enough “digital DNA” linked to specific code designers and particular rogue nations to make it possible to trace coordinated attacks such as these back to the point of origin.

U.S. Vulnerabilities

Analysts say an effective defense against cyberwar depends on a robust, vigorous, entrepreneurial tech sector. With tactics, techniques, and software capabilities changing every day, the nation with the best and brightest in technology will be best able to withstand cyberattacks.

That’s one reason Carafano says if the United States were hit with Georgia-style attacks, the nation “could shake it off in a New York minute.” But while that may be true today, Shadowserver’s DiMino stresses the need for comprehensive, fully open communication among Internet service providers and analysts to respond to any attack.

George A. Pieler ([email protected]) is a senior fellow with the Institute for Policy Innovation. Jens F. Laurson ([email protected]) is editor-in-chief of the International Affairs Forum.