Examine individual changes

'{{close paraphrasing|date=December 2014}} {{Russo-Georgian war}} During the '''[[Russo-Georgian War]]''' a series of '''[[cyberattack]]s''' swamped and disabled websites of numerous [[South Ossetia]]n, [[Georgia (country)|Georgia]]n, [[Russia]]n and [[Azerbaijan]]i organisations. == Attacks == On 20 July 2008, weeks before the Russian invasion of Georgia, the "zombie" computers were already on the attack against Georgia.<ref name="NYT"/><ref name="Newsweek">{{cite news | last=Wentworth | first=Travis | title=How Russia May Have Attacked Georgia's Internet | publisher=[[Newsweek]] | date=23 August 2008 | url=http://www.newsweek.com/how-russia-may-have-attacked-georgias-internet-88111}}</ref> The website of the Georgian president [[Mikheil Saakashvili]] was targeted, resulting in overloading the site. The traffic directed at the Web site included the phrase "win+love+in+Rusia". The site then was taken down for 24 hours.<ref>{{cite web |url=http://www.zdnet.com/article/georgia-presidents-web-site-under-ddos-attack-from-russian-hackers/ |title=Georgia President's web site under DDoS attack from Russian hackers |publisher=ZDNet |author=Dancho Danchev |date=22 July 2008}}</ref><ref>{{cite web |url=http://www.computerworld.com/article/2534930/networking/georgia-president-s-web-site-falls-under-ddos-attack.html |title=Georgia president's Web site falls under DDOS attack |publisher=Computerworld |date=21 July 2008}}</ref> On 5 August 2008, the websites for [[OSInform News Agency]] and OSRadio were hacked. The OSinform website at osinform.ru kept its header and logo, but its content was replaced by the content of Alania TV website. Alania TV, a Georgian government supported television station aimed at audiences in South Ossetia, denied any involvement in the hacking of the rival news agency website. [[Dmitry Medoyev]], the South Ossetian [[Envoy (title)|envoy]] to [[Moscow]], claimed that Georgia was attempting to cover up the deaths of 29 Georgian servicemen during the flare-up on August 1 and 2.<ref name="iht">{{cite news | title=S.Ossetian News Sites Hacked | publisher=[[Civil Georgia]] | date=5 August 2008 | url=http://www.civil.ge/eng/article.php?id=18896}}</ref> On 5 August, [[Baku–Tbilisi–Ceyhan pipeline]] was subject to a terrorist attack near [[Refahiye]] in [[Turkey]], responsibility for which was originally taken by [[Kurdistan Workers’ Party]] (PKK) but there is [[circumstantial evidence]] that it was instead a sophisticated computer attack on line's control and safety systems that led to increased pressure and explosion.<ref>{{cite web | url=http://www.bloomberg.com/news/2014-12-10/mysterious-08-turkey-pipeline-blast-opened-new-cyberwar.html | title=Mysterious ’08 Turkey Pipeline Blast Opened New Cyberwar Era | publisher=Bloomberg | date=10 December 2014 | author1=Jordan Robertson |author2=Michael Riley}}</ref> According to Jart Armin, a researcher, many Georgian Internet servers were under external control since late 7 August 2008.<ref name="keizer"/> On 8 August, the DDoS attacks peaked and the defacements began.<ref name="ZDNet"/> On 9 August 2008, key sections of Georgia's Internet traffic reportedly had been rerouted through servers based in Russia and Turkey, where the traffic was either blocked or diverted. The Russian and Turkish servers were allegedly controlled by the Russian hackers. Later on the same day, the network administrators in Germany were able to temporarily reroute some Georgian Internet traffic directly to servers run by Deutsche Telekom AG. However, within hours the traffic was again diverted to Moscow-based servers.<ref name="keizer">{{cite news | last=Keizer | first=Gregg | title=Cyberattacks knock out Georgia's Internet presence | publisher=Computerworld | date=11 August 2008 | url=http://www.computerworld.com/s/article/9112201/Cyberattacks_knock_out_Georgia_s_Internet_presence}}</ref><ref name="telegraph"/> On 10 August 2008, [[RIA Novosti]] news agency's website was disabled for several hours by a series of attacks. Maxim Kuznetsov, head of the agency's IT department said: "The DNS-servers and the site itself have been coming under severe attack."<ref>{{cite web |url=http://en.rian.ru/russia/20080810/115936419.html |title=RIA Novosti hit by cyber-attacks as conflict with Georgia rages |publisher=RIA Novosti |date=10 August 2008 |archiveurl=http://web.archive.org/web/20080812050039/http://www.en.rian.ru/russia/20080810/115936419.html| archivedate=12 August 2008 |deadurl=no}}</ref> On 10 August, Jart Armin warned that Georgian sites that were online might have been fake. "Use caution with any Web sites that appear of a Georgia official source but are without any recent news [such as those dated Saturday, Aug. 9, or Sunday, Aug. 10], as these may be fraudulent," he said.<ref name="keizer"/><ref name="telegraph"/> By 11 August 2008, the website of the Georgian president had been defaced and images comparing President Saakashvili to [[Adolf Hitler]] were posted. This was an example of cyber warfare combined with PSYOPs.<ref name="ZDNet"/> Georgian Parliament's site was also targeted.<ref name="ZDNet"/><ref name="keizer"/><ref name="lech"/> Some Georgian commercial websites were also attacked.<ref name="telegraph"/><ref name="keizer"/><ref name="lech"/> On 11 August, Georgia accused Russia of waging cyber warfare on Georgian government websites simultaneously with a military offensive. The Foreign Ministry of Georgia said in a statement, "A cyber warfare campaign by Russia is seriously disrupting many Georgian websites, including that of the Foreign Affairs Ministry." A Kremlin spokesman denied the accusation and said, "On the contrary, a number of internet sites belonging to the Russian media and official organizations have fallen victim to concerted hacker attacks."<ref>{{cite news |url=http://uk.reuters.com/article/2008/08/11/us-georgia-ossetia-hackers-idUKLB2050320080811 |title=Georgia says Russian hackers block govt websites |publisher=Reuters |date=11 August 2008}}</ref> The Ministry of Foreign Affairs set up a blog on Google's Blogger service as a temporary site. The Georgian President's site was moved to US servers.<ref name="ZDNet"/><ref name="lech">{{cite news |author=Asher Moses |title=Georgian websites forced offline in 'cyber war'| publisher=[[The Sydney Morning Herald]] |date=12 August 2008 |url=http://www.smh.com.au/news/technology/georgian-websites-forced-offline/2008/08/12/1218306848654.html |archiveurl=http://web.archive.org/web/20080914040639/http://www.smh.com.au/news/technology/georgian-websites-forced-offline/2008/08/12/1218306848654.html |archivedate=14 September 2008 |deadurl=no}}</ref> The National Bank of Georgia’s Web site had been defaced at one point and 20th-century dictators' images and an image of Georgian president Saakashvili were placed.<ref name="NYT"/> The Georgian Parliament website was defaced by the "South Ossetia Hack Crew" and the content was replaced with images comparing President Saakashvili to Hitler.<ref name="lech"/> [[Estonia]] offered hosting for Georgian governmental website and cyberdefense advisors.<ref name="wired"/><ref name="Newsweek"/> However a spokesman from Estonia's Development Centre of State Information Systems said Georgia didn't request help. "This will be decided by the government," he said.<ref name="telegraph"/> It was reported that the Russians bombed Georgia’s telecommunications infrastructure, including cell towers.<ref name="wired"/> Russian hackers also attacked the servers of the Azerbaijani Day.Az news agency. The reason was Day.Az position in covering the Russian-Georgian conflict.<ref name="Today.az">{{cite web |publisher=[[Today.az]] |date=11 August 2008 |url=http://www.today.az/news/politics/46885.html |title=Russian intelligence services undertook large scale attack against Day.Az server}}</ref> ANS.az, one of the leading news websites in Azerbaijan, was also attacked.<ref name="rsf"/> Russian intelligence services had also disabled the information websites of Georgia during the war.<ref name="Today.az"/> The Georgian news site [[Civil Georgia]] switched their operations to one of Google's Blogspot domains.<ref name="wired">{{cite web |url=http://www.wired.com/2008/08/civilge-the-geo/ |title=Estonia, Google Help 'Cyberlocked' Georgia (Updated) |date=11 August 2008}}</ref> Despite the cyber-attacks, Georgian journalists managed to report on the war. Many media professionals and citizen journalists set up blogs to report or comment on the war.<ref name="globvoice">{{cite web |url=http://globalvoicesonline.org/2008/08/24/georgia-regional-reporters/ |title=Georgia: Regional Reporters |date=24 August 2008|publisher=Global Voices}}</ref><ref name="livejournal">{{cite web |url=http://www.washingtonpost.com/wp-dyn/content/article/2008/08/13/AR2008081303623.html |title=Longtime Battle Lines Are Recast In Russia and Georgia's Cyberwar |publisher=The Washington Post |date=14 August 2008}}</ref> [[Barack Obama]], the U.S. presidential candidate demanded Russia halt the internet attacks as well as complying with a ceasefire on the ground.<ref name="telegraph">{{cite web |url=http://www.telegraph.co.uk/news/worldnews/europe/georgia/2539157/Georgia-Russia-conducting-cyber-war.html |title=Georgia: Russia 'conducting cyber war' |publisher=The Telegraph |date=11 August 2008}}</ref> The President of Poland, [[Lech Kaczyński]], said that Russia was blocking Georgian "internet portals" to supplement its military aggression. He offered his own website to Georgia to aid in the "dissemination of information".<ref name="lech"/> [[Reporters Without Borders]] condemned the violations of online freedom of information since the outbreak of hostilities between Georgia and Russia. "The Internet has become a battleground in which information is the first victim," it said.<ref name="rsf">{{cite web | url=https://en.rsf.org/georgia-russian-and-georgian-websites-fall-13-08-2008,28167.html | title=Russian and Georgian websites fall victim to a war being fought online as well as in the field | publisher=[[Reporters Without Borders]]| date=13 August 2008}}</ref> The attacks involved [[Denial-of-service attack]]s.<ref name="NYT"/><ref name="lech"/><ref name="rsf"/> [[The New York Times]] reported on 12 August that according to some experts, it was the first time in history a known cyberattack had coincided with a shooting war. On 12 August, the attacks continued, controlled by programs that were located in hosting centers controlled by a Russian telecommunications companies. A Russian-language site, stopgeorgia.ru, continued to operate and offer software for Denial-of-service attacks.<ref name="NYT">{{cite news | url=http://www.nytimes.com/2008/08/13/technology/13cyber.html | title=Before the Gunfire, Cyberattacks | publisher=The New York Times | first=John | last=Markoff | date=12 August 2008}}</ref> [[RT (TV network)|RT]] reported on 12 August that during the previous 24 hours its website had been attacked. The security specialists said that the initial attacker was an IP-address registered in the Georgian capital Tbilisi.<ref>{{cite web |url=http://www.russiatoday.com/news/news/28835 |title=RT attacked |publisher=RT |date=12 August 2008 |archiveurl=http://web.archive.org/web/20080812235354/http://www.russiatoday.com/news/news/28835 |archivedate=12 August 2008}}{{dead link|date=September 2014}}</ref> On 14 August 2008, it was reported that although a ceasefire reached, major Georgian servers were still down, hindering communication in Georgia.<ref name="livejournal"/> == Analysis == The [[Russian government]] denied the allegations that it was behind the attacks, stating that it was possible that "individuals in Russia or elsewhere had taken it upon themselves to start the attacks".<ref name="NYT"/> It was asserted that the [[Saint Petersburg]]-based criminal gang known as the [[Russian Business Network]] (RBN) was behind many of these cyber attacks.<ref name="keizer"/><ref name="ZDNet"/><ref name="telegraph"/><ref name="NYT"/><ref name="WSJ">{{cite web |url=http://online.wsj.com/article/SB121850756472932159.html |title=Georgia States Computers Hit By Cyberattack |date=12 August 2008 |publisher=The Wall Street Journal}}</ref> RBN was considered to be among the world's worst spammer, child-pornography, malware, phishing and cybercrime hosting networks. It is thought that the RBN's leader and creator, known as Flyman, is the nephew of a powerful and well-connected Russian politician.<ref name="theage">{{cite web |url=http://www.theage.com.au/news/security/the-hunt-for-russias-web-crims/2007/12/12/1197135470386.html |title=The hunt for Russia's web crims |date=13 December 2007 |publisher=The Age}}</ref> [[Dancho Danchev]], a Bulgarian Internet security analyst claimed that the Russian attacks on Georgian websites used “all the success factors for total outsourcing of the bandwidth capacity and legal responsibility to the average Internet user.”<ref name="ZDNet">{{cite news | last=Danchev | first=Dancho | title=Coordinated Russia vs Georgia cyber attack in progress | publisher=[[ZDNet]] | date=11 August 2008 | url=http://www.zdnet.com/blog/security/coordinated-russia-vs-georgia-cyber-attack-in-progress/1670}}</ref> Jose Nazario, security researcher for Arbor Networks, told [[CNET]] that he was seeing evidence that Georgia was responding to the cyber attacks, attacking at least one Moscow-based newspaper site.<ref>{{cite web |url=http://www.cnet.com/news/russia-and-georgia-continue-attacks-online/ |title=Russia and Georgia continue attacks--online |publisher=CNET |date=12 August 2008}}</ref> Don Jackson, director of threat intelligence for SecureWorks, a computer security firm based in Atlanta, noted that in the run-up to the war over the weekend, computer researchers had observed as botnets were "staged" in preparation for the attack, and then activated shortly before Russian air strikes began on 9 August.<ref name="NYT"/> Gadi Evron, the former chief of Israel's [[Computer Emergency Response Team]], believed the attacks on Georgian internet infrastructure resembled a cyber-riot, rather than cyber-warfare. Evron admitted the attacks could be "indirect Russian (military) action," but pointed out the attackers "could have attacked more strategic targets or eliminated the (Georgian Internet) infrastructure kinetically." Shadowserver registered six different [[botnet]]s involved in the attacks, each controlled by a different command server.<ref>{{cite web|url=http://www.metimes.com/Security/2008/08/18/analysis_russia-georgia_cyberwar_doubted/1a29/|title=Analysis: Russia-Georgia cyberwar doubted|last=Waterman|first=Shaun|date=18 August 2008|publisher=[[Middle East Times]] |archiveurl=http://web.archive.org/web/20081205043716/http://www.metimes.com/Security/2008/08/18/analysis_russia-georgia_cyberwar_doubted/1a29/ |archivedate=5 December 2008}} {{Dead link|date=October 2010|bot=H3llBot}}</ref> Jonathan Zittrain, cofounder of Harvard's Berkman Center for Internet and Society, said that the Russian military definitely had the means to attack Georgia's Internet infrastructure. Bill Woodcock, the research director at Packet Clearing House, a California-based nonprofit group that tracked Internet security trends, said the attacks bore the markings of a "trained and centrally coordinated cadre of professionals." Russian hackers also brought down the Russian newspaper Skandaly.ru allegedly for expressing some pro-Georgian sentiment. "This was the first time that they ever attacked an internal and an external target as part of the same attack," Woodcock said. Gary Warner, a cybercrime expert at the University of Alabama at Birmingham, said that he found "copies of the attack script" (used against Georgia), complete with instructions for use, posted in the reader comments section at the bottom of virtually every story in the Russian media.<ref name="Newsweek"/> Bill Woodcock also said cyberattacks are so cheap and easy to stage, with few fingerprints, they would almost definitely stay around as a feature of modern warfare.<ref name="NYT"/> ''[[The Economist]]'' wrote that anyone who wished to take part in the cyberattack on Georgia could do so from anywhere with an internet connection, by visiting one of pro-Russia websites and downloading the software and instructions needed to perform a distributed [[denial-of-service attack]] (DDoS) attack. One website, called StopGeorgia, provided a utility called DoSHTTP, plus a list of targets, including Georgian government agencies and the British and American embassies in Tbilisi. Launching an attack simply required entering the address and clicking a button labelled "Start Flood". The StopGeorgia website also indicated which target sites were still active and which had collapsed. Other websites explained how to write simple programs for sending a flood of requests, or offered specially formatted webpages that could be set to reload themselves repeatedly, barraging particular Georgian websites with traffic. There was no conclusive evidence that the attacks was executed or sanctioned by the Russian government and also there was no evidence that it tried to stop them.<ref>{{cite news |url=http://www.economist.com/science/tq/displaystory.cfm?story_id=12673385&CFID=34793589&CFTOKEN=83946352 |title=Marching off to cyberwar |publisher=The Economist |date=4 December 2008 |archiveurl=http://web.archive.org/web/20090506224852/http://www.economist.com/science/tq/displaystory.cfm?story_id=12673385&CFID=34793589&CFTOKEN=83946352| archivedate=6 May 2009 | deadurl=no}}</ref> In March 2009, Security researchers from Greylogic concluded that Russia's [[GRU]] and the [[Federal Security Service (Russia)|FSB]] were likely to have played a key role in co-coordinating and organizing the attacks. The Stopgeorgia.ru forum was a front for state-sponsored attacks.<ref name="register">{{cite news | last=Leyden | first=John | title=Russian spy agencies linked to Georgian cyber-attacks | publisher=[[The Register]] | date=23 March 2009 | url=http://www.theregister.co.uk/2009/03/23/georgia_russia_cyberwar_analysis/}}</ref> John Bumgarner, member of the United States Cyber Consequences Unit [http://www.usccu.us/ (US-CCU)] did a research on the cyberattacks during the Russo-Georgian War. The report concluded that the cyber-attacks against Georgia launched by Russian hackers in 2008 demonstrated the need for international cooperation for security. The report stated that the organizers of the cyber-attacks were aware of Russia's military plans, but the attackers themselves were believed to have been civilians. Bumgarner’s research concluded that the first-wave of cyber-attacks launched against Georgian media sites were in line with tactics used in military operations.<ref>{{cite web | url=http://www.eweek.com/c/a/Security/Cyber-Attacks-on-Georgia-Show-Need-for-International-Cooperation-Report-States-294120/ | title=Cyber-attacks on Georgia Show Need for International Cooperation, Report States | date=18 August 2009 | author=Brian Prince | publisher=eWeek}}</ref> "Most of the cyber-attack tools used in the campaign appear to have been written or customized to some degree specifically for the campaign against Georgia," the research stated. While the cyberattackers appeared to have had advance notice of the invasion and the benefit of some close cooperation from the state institutions, there were no fingerprints directly linking the attacks to the Russian government or military.<ref>{{cite web | url=http://news.cnet.com/8301-13639_3-10312708-42.html | title=Report: Russian mob aided cyberattacks on Georgia | date=18 August 2009 | author=Mark Rutherford | publisher=CNET}}</ref> ==See also== *[[2007 cyberattacks on Estonia]] *[[Cyxymu]] * [[Cyberwarfare in Russia]] ==References== {{reflist|2}} == External links == *[http://www.mfa.gov.ge/files/556_10535_798405_Annex87_CyberAttacks.pdf Russian Cyberwar on Georgia] *[http://www.afcea.org/committees/cyber/documents/TheRusso-GeorgianWar2008.pdf The Russo-Georgian War 2008: The Role of the cyber attacks in the conflict] *[http://www.army.gov.au/Our-future/Publications/Australian-Army-Journal/Past-editions/~/media/Files/Our%20future/LWSC%20Publications/AAJ/2010Summer/14-OffensiveInformationOpe.pdf Offensive Information Operations] *[https://www.hsdl.org/?view&did=28659 DEFINING AND DETERRING CYBER WAR] {{DEFAULTSORT:Cyberattacks during the Russia-Georgia war}} [[Category:Russo-Georgian War]] [[Category:Cyberattacks]] [[Category:2008 in Azerbaijan]]'