Overview[]
In 2008, Russia invaded Georgia by land and air and blockaded the nation by sea. Simultaneously, pro-Russian hackers besieged Georgia's Internet, all but locking down communication for the duration of the armed conflict. Although Georgia was not a heavily wired society, the attacks were a significant event in the development of cyberwar because they synchronized patriotic hacking with government-sponsored military movements.
Georgia is a former Soviet state; it declared its independence in 1991. Tensions with Russia persisted and were not eased by Georgia's failed bid to join NATO in the spring of 2008. Over the course of that summer, well-armed Russian-backed separatists began consolidating control over two predominately Russian-speaking regions on the country's northern border, Abkhazia and South Ossetia. As tensions rose, separatists — some of whom were believed to be Russian special forces — clashed with Georgian police.
In mid-July, the cyberattacks started. The Georgian President's website was the first high-profile target. Although the DDoS attack vector passed through a U.S.-based, commercial IP address, experts identified the malware that hackers used to generate the attack as a "MachBot" DDoS controller.[1] Reportedly, pro-Russian hackers were discussing the attacks on websites and in chat rooms; in addition to the higher-profile attack, hackers also temporarily shut down Georgian servers. Three weeks later, on August 8, Russian tanks crossed the border into South Ossetia.
Accompanying the ground invasion was a second round of DDoS attacks. One of the first targets was an online forum popular with pro-Georgian hackers. This preemptive attack reduced, but did not entirely eliminate, the number of counterattacks against Russian targets. As the troops moved in, Georgians were unable to access 54 local websites with critical information related to communications, finance, and the government.
Georgian officials transferred critical Internet resources to U.S., Estonian, and Polish host servers. Refuge for some websites, including those of the President and Ministry of Defense, was granted by an American executive from the privately owned web-hosting company Tulip Systems, but without the knowledge or authority of the U.S. government. Tulip Systems reported experiencing attacks on its servers, a fact that raises troubling questions about sovereignty in the age of cyberwarfare.
The fighting lasted five days. During that time, Georgia's Internet connection was besieged by attacks and unable to communicate via the web with the media. Reportedly, cyberattacks followed the same target patterns as the land and air invasions, with DDoS attacks taking out the communications prior to bombing or ground troop movements. Perhaps most importantly, the cyberattacks and the air attack spared critical infrastructure associated with Georgia's energy sector.
Source[]
External resources[]
- NATO, Cooperative Cyber Defence Centre of Excellence, "Cyber Attacks Against Georgia: Legal Lessons Identified" (Nov. 2008) (full-text).
- "Overview by the US‐CCU of the Cyber Campaign Against Georgia in August 2008" (Aug. 2009) (full-text).
- ↑ Machbot is written in Russian and a known tool of Russian criminal groups.