Forgot your password?
typodupeerror
Security Government The Internet The Military News

Russia and Georgia Engaged In a Cyberwar 276

Posted by kdawson
from the who-shot-first dept.
doctorfaustus writes "I first picked this up in bits and pieces last week off Daily Rotation. A more in-depth story is available at ZDNet, which reports 'a week's worth of speculations around Russian Internet forums have finally materialized into a coordinated cyber attack against Georgia's Internet infrastructure. The attacks have already managed to compromise several government web sites, with continuing DDoS attacks against numerous other Georgian government sites, prompting the government to switch to hosting locations to the US, with Georgia's Ministry of Foreign Affairs undertaking a desperate step in order to disseminate real-time information by moving to a Blogspot account.' There is a question whether the computer work is being done by the Russian military or others. ZDNet's story offers further analysis of the attacks themselves and their origins. Some pretty good reporting." And reader redbu11 contributes the news that Georgia seems to be censoring access to all Russian websites, as confirmed by a Georgian looking glass/nslookup tool. The access is blocked on DNS level (Italy censored the Pirate Bay in the same way). Here are a couple of screenshots (in a language other than English) as of Aug 12th 5:40 pm: www.linux.ru nslookup — FAIL, www.cnn.com nslookup — OK.

ComputerWorld guy CWmike adds "In an intriguing cyberalliance, two Estonian computer experts are heading to Georgia to keep the country's networks running amid an intense military confrontation with Russia. Poland has lent space on its president's Web page for Georgia to post updates on its ongoing conflict with Russia. Estonia is also now hosting Georgia's Ministry of Foreign Affairs Web site."
This discussion has been archived. No new comments can be posted.

Russia and Georgia Engaged In a Cyberwar

Comments Filter:
  • by polyomninym (648843) on Tuesday August 12, 2008 @03:15PM (#24573189)
    It was just too dang hot for them to see it coming.
    • Georgia: c2c?
      Russia: Yes, I would love to cyber
      Georgia: 2 late lol..just got 3 msgs
      Russia: Die
      Georgia: ?
      Russia: I winnuke you
      Georgia: OH *@#@)(! I am still running win95!
    • Despite the tone of the preceding comments, the conflict between Georgia and Russia is deadly serious. Please read "Vladimir Bonaparte [wsj.com]" by the full editorial board of the "Wall Street Journal" (WSJ).

      The WSJ editorial board wrote, "No matter who fired the first shot last week in the breakaway Georgian region of South Ossetia, Moscow is using the separatist issue as an excuse to demolish Georgia's military and, if possible, depose its democratically elected government. Russian forces moved ever deeper into

  • Propaganda? (Score:4, Insightful)

    by PacketShaper (917017) on Tuesday August 12, 2008 @03:15PM (#24573199)
    I am all for freedom of the press... but these two countries are more or less at war right now (whether they should be or not is topic for another discussion).

    It seems perfectly reasonable to me for one country at war with another to stop information flowing in from the enemy to the local populace.
    • Re: (Score:3, Interesting)

      by Darkness404 (1287218)
      So it is reasonable for the US to have blocked all Iraqi and Afghan sites during our invasion?
      • Re:Propaganda? (Score:5, Insightful)

        by PacketShaper (917017) on Tuesday August 12, 2008 @03:27PM (#24573409)
        I don't see why not (if there was actually a declaration of war, which we will not get into).

        But since we invaded them, I would say it is absolutely reasonable for them to block our sites from their citizens.
        • Re:Propaganda? (Score:5, Interesting)

          by gnick (1211984) on Tuesday August 12, 2008 @03:31PM (#24573487) Homepage

          It seems to me that it depends on the situation. If the war's on our soil, blocking communication with the enemy seems fine. It also seems just fine to block our troops access to our enemies sites when they're on enemy soil. Also, if we're on their soil, blocking access to our sites seems fine. Basically, you want to interfere with orders being issued to a saboteur or similar and make sure that your citizens aren't subjected to foreign propaganda (only domestic propaganda).

          Note that that's a very different thing than launching DDoS attacks on servers that blocks your enemies from accessing their own servers or communicating internally. That may be fine too depending on the situation. If you're disrupting military communications, that's probably OK. If you're blocking civilian access to sites advising them on emergency procedures or preventing them from accessing medical assistance, that's pretty shady.

          • Re:Propaganda? (Score:5, Interesting)

            by gnick (1211984) on Tuesday August 12, 2008 @04:00PM (#24574007) Homepage

            Sorry for the self-reply, but TFS just got more interesting with the computerworld thing.

            Assuming that Russia cyber-bombing Georgia's sites is a valid war-time maneuver, is it also OK for them to do the same thing to the servers in Poland and Estonia that are now hosting the offending sites? If those sites are dangerous enough to be considered targets, can hosting those sites be viewed in the same way as supplying weapons to Russia's enemies? Methinks that we'll see some ugly traffic between Russia and these Estonian and Polish servers (that Russia will of course disavow all knowledge of).

            Of course, the US is hosting too. Surely none of our Communist comrades would ever be brazen enough to launch attacks on servers hosted here? ;o)

            • Re: (Score:2, Interesting)

              by corbettw (214229)

              The answer is in the "rules of war": if a Russian flagged vessel were to dock in a neutral country, like the Ukraine, George would be within its rights to attack that port and destroy it. That's why neutral countries usually bar belligerents from using their docks.

              Same thing here. If Poland wants to allow Georgia to use their servers, they shouldn't be surprised if Russia "hacks" those servers with a 2,000 lb bomb.

              • Re: (Score:3, Insightful)

                by dwye (1127395)

                if a Russian flagged vessel were to dock in a neutral country, like the Ukraine, George would be within its rights to attack that port and destroy it.

                Probably false, and certainly stupid.

                Real Life Examples:

                When a German vessel docked in a neutral port, Buenos Aires, the British could/did demand that Argentina either (1) expel the Graf Spee within 24 hours after immediate danger (from damage received) to the crew had passed, or (2) intern the ship and its crew for the duration. They did NOT attack Argent

          • If you're blocking civilian access to sites advising them on emergency procedures or preventing them from accessing medical assistance, that's pretty shady.

            But it's not like humans didn't survive emergencies before the internet. The British survived relentless aerial bombardment with little to no warning back when telephones weren't even direct-dial, instead manually connected by human switchboard operators.

            The only authority that could effectively interfere with an official operation to sabotage a civilian network would be the UN International Criminal Court. Considering the scope of this incident compared to even recent conflicts resulting in civilian casu

    • Re: (Score:3, Insightful)

      by loteck (533317)
      Not sure how this is propaganda? The summary and articles are reporting facts, and it's interesting to consider, since this is some of the first reporting ever done on the subject of an active "cyberfront" of a currently waging (albeit de-escalating) real war.
    • Re:Propaganda? (Score:5, Insightful)

      by TubeSteak (669689) on Tuesday August 12, 2008 @03:41PM (#24573637) Journal

      It seems perfectly reasonable to me for one country at war with another to stop information flowing in from the enemy to the local populace.

      If one country (Georgia) moves their websites to some other country (the USA) and the aggressor (Russia) continues the cyber attack, is the aggressor committing an act of war against the "other country"?

      If it isn't an act of war, what should the "other country" do about the attack on their infrastructure/website.

      • If one country (Georgia) moves [some of] their [government/military property/infrastructure] to some other country (the USA) and the aggressor (Russia) continues the [attack on said property/infrastructure], is the aggressor committing an act of war against the "other country"?

        Yes. But this also means that the government/entity who knowingly received the property/infrastructure is taking sides.

        Although it is similar to Russia hitting the embassy/military base in Georgia of that of a foreign country, this is a bit different as the property/infrastructure is being moved.

    • I don't really get what all the fuss is about.

      This is just one of the ways wars will be fought from now on.

      Stopping and disrupting your the flow of information from and to your enemy is a age old tactic. Now it's taken to a virtual level but the tactic is the same. Chaos, disorder, misinformation, non information. Key elements in a war.

      In the old days when a country went to war young kids would run up to the draft office in a heroic mood so they could defend their country with a gun.
      Now they meet
    • Re: (Score:3, Insightful)

      by penguin_dance (536599)

      Yes, that's a nice, logical, disinterested way to look at it. However it IS pertinent in that someday this is going to happen to us. Someone is going to attack on a large, coordinated scale and we had better be more prepared than what we've seen in the recent past. We do have a larger structure. Unless of course they are taking the electrical grids down (a likely target) which would cut off all mass communication in the area along with taking down our economy.

      It should be somewhat alarming to those of us in

  • by eln (21727) on Tuesday August 12, 2008 @03:16PM (#24573211) Homepage

    I heard all this talk about a war between Russia and Georgia and got kind of anxious, but itturns out it's just a cyberwar. The media really should stop sensationalizing these things like that.

  • Just like we can specify a URL like "http://username:password@www.somewhere.com/" can we come up with a way to specify a given virtualhostname at an IP address (say... "http://www.somesite.com>192.168.1.5/")?

    Aside from evading such DNS censorship, it'd make debugging DNS and vhost configuration errors much, much easier.

  • by deft (253558) on Tuesday August 12, 2008 @03:24PM (#24573351) Homepage

    It seems that Georgian military units are pinging off the map, while russian units are enjoying first shot capability.

    This has allowed the Russians to clear each map easily, with little resistance.

  • Dupe? (Score:2, Informative)

    by VGPowerlord (621254)

    I first heard about this by reading an article titled "Evidence of Russian Cyberwarfare Against Georgia [slashdot.org]". It was posted on this site you might have heard about called /. (or Slashdot).

  • The official response to DOS is to Distribute content as widely as possible. They can't really censor things if others want the info spread. There are way too many tools available now to keep something censored.

    We'll call this the Russian Correlation to The Streisand Effect from now on.

  • by seyyah (986027) on Tuesday August 12, 2008 @03:40PM (#24573613)
    That's crack reporting there:

    Here are a couple of screenshots (in a language other than English)

    It's Georgian. In language and alphabet.

  • I'm pretty sure the Georgians tried this once already, in Splinter Cell...

  • Without country (Score:5, Interesting)

    by Statecraftsman (718862) * on Tuesday August 12, 2008 @03:40PM (#24573627) Homepage
    Cyberwar is global. What's to stop widespread vigilante justice against either side? What's to stop US or Chinese hackers from joining in independently to fight on the side they choose? When does blogspot or the Estonian site become the target?
    • Re: (Score:3, Funny)

      by Ukab the Great (87152)

      What's to stop widespread vigilante justice against either side?

      Hot double agents who promise to aid the hackers in their jihad against perpetual virginity in return for non-interferenece.

  • Looks like the Defcon network guys could have a nice little contracting business...

  • by davidsyes (765062) on Tuesday August 12, 2008 @03:41PM (#24573645) Homepage Journal

    I've listened to NPR yesterday about this, and the best experts have been able to say so far is that it is cyber VANDALISM. No major infrastructure has been crashed. Hospitals and such have not been imploded.

    There is even speculation that Georgians themselves crashed/trashed their OWN systems to exploit the current bad image Putin (yes, PUTIN is calling the shots, not Medvedev. Moreover, and ironically, a US-based outfit in, guess where... GEORGIA (yes, the state) offered and took on the hosting for the Georgian President's web site. Guess what? It wasn't working out. It was still being crashed/taken down. So, another party (seems to be Estonia) is helping out.

    I really fracking wish some of these sensationalistic headers on Slash would get slashed.

    http://www.npr.org/blogs/talk/2008/08/august_12th_show.html [npr.org]

    Now, given that Putin/Medvedev claim Russian advances are immediately ceasing (purportedly) there really isn't "cyber warfare" going on, isn't there? If things continue, or escalate, THEN it might truly eclipse the bounds into "warfare".

  • I'm sure that they were largely on top of it, right up until their back-ups got linked on slashdot.

    That's more force than any government could muster.

  • This is a perfect situation for the REST of the world to voice its opinion.....by its own action.

    C'mon, you guys. You know damn well that if enough /.ers got it together, the response to all this doesn't have to come from Georgia. The only requirement to respond is a conscience.

    A background in IT is most certainly useful, though.

    The problem is finding out who is in the wrong, and who is in the right.

  • Uh? People? (Score:2, Interesting)

    by Opportunist (166417)

    Wasn't the internet invented with the idea in mind that you can't do exactly that, stop information from being exchanged? Wasn't that what the idea behind the whole resilence of the net and rerouting past clogged or destroyed nodes was, back when ARPA had its fingers on it?

    Back to the drawing board, people, epic fail. Or rather, get back to the redundancy we stripped because we're cheap and want the net to be profitable.

    • Re:Uh? People? (Score:4, Insightful)

      by Bryansix (761547) on Tuesday August 12, 2008 @04:11PM (#24574165) Homepage
      Wow, people just don't understand. The Internet is not down there. The packets get routed. It's the web servers that are being vandalized. The actual servers that host the actual content the Internet delivers. Hence, Garbage in, Garbage out.
      • by tha_mink (518151)

        Wow, people just don't understand. The Internet is not down there. The packets get routed. It's the web servers that are being vandalized. The actual servers that host the actual content the Internet delivers. Hence, Garbage in, Garbage out.

        Um, no. It seems you don't understand. Access is being blocked at the DNS level no just web servers. So like...go back in your know-it-all hole.

    • Wasn't that what the idea behind the whole resilence of the net and rerouting past clogged or destroyed nodes was, back when ARPA had its fingers on it?

      And that is exactly what it is doing now. Routing around "damage". Georgia, for whatever reason(DDOS, actual destruction, hacking), is "damaged". The rest of the internet is just fine.
    • Yes and no. The Internet was designed to withstand the destruction of large amounts of hardware. Things like DDOS attacks are another matter altogether and were not really anticipated.
  • "There is a question whether the computer work is being done by the Russian military or others."

    Plausible deniability.

  • by Cro Magnon (467622) on Tuesday August 12, 2008 @04:02PM (#24574033) Homepage Journal

    Oh wait, you meant the other Georgia.

  • by scubamage (727538) on Tuesday August 12, 2008 @04:06PM (#24574083)
    ...service denies you!
  • by arcade (16638) on Tuesday August 12, 2008 @04:08PM (#24574115) Homepage

    I think the claim that Georgia is censoring traffic is probably misleading.

    What's happening is that they've got incoming DoS-attacks, and have probably nullrouted quite a few russian IP-ranges. This probably includes quite a few DNS servers, making DNS lookups fail.

    I haven't taken the time to _check_ any of this, but if you nullroute the DNS servers, of course DNS lookups will fail. If you're under a DoS, of course you nullroute quite a lot.

  • Teh Googles (Score:3, Interesting)

    by JCSoRocks (1142053) on Tuesday August 12, 2008 @04:24PM (#24574403)
    Speaking of cyberwar... So, I google mapped Georgia (I'm reasonably good about knowing geography... but come on, Georgia? Sorry Georgians...) Anyway... I was rather disappointed to find that... there's nothing there [google.com]. Really odd. Roads end, obvious cities aren't even labeled as cities. It's not like Google did a cursory mapping of it and skipped parts... it's just that aside from the border and the country name it doesn't exist. Also... good luck finding it by typing "Georgia" in google maps. The country isn't even an option. I had to wander through eastern Europe until I got over by Turkey before I saw it.
  • by unity100 (970058) on Tuesday August 12, 2008 @04:24PM (#24574405) Homepage Journal
    here : http://www.webhostingtalk.com/showthread.php?t=714632 [webhostingtalk.com] these are the people working at that atlanta web host, hosting georgian president's site from russian bastardiness. they havent had enough sleep in the few days but they made a fight of principle out of it.
    • Re: (Score:3, Insightful)

      by Kesha (5861)

      Why are you calling Russians bastards?

      On the night of August 7th/8th, Saakashvili launched an operation to "restore constitutional order" in South Ossetia. He started by bombing the crap out of Tskhinvali using Grad rocket launchers, resulting in hundreds of dead Ossetian civilians (1500 according to Ossetian and Russian numbers). Why wasn't there an outcry over their deaths in the western media? Whenever the Ossetian death toll was called it was qualified as unconfirmed. However, when a Russian plane misse

  • by bigattichouse (527527) on Tuesday August 12, 2008 @05:11PM (#24575099) Homepage
    A foreign power is using illegally obtained U.S. resources (compromised PCs) to attack another power. I believe that is a serious breach of international law. It would be no different t
  • by rafaelolg (1248814) on Tuesday August 12, 2008 @05:19PM (#24575187)
    Why don't russian just link some Georgia's site in slashdot? The chances of service survival after a slashdot rampage are minimal.
  • Slashdotted (Score:3, Funny)

    by isorox (205688) on Wednesday August 13, 2008 @03:54AM (#24579697) Homepage Journal

    Hmm, the preseident's site seems to be down now, I guess they could handle the attacks, but not slashdot. I wonder if Slashdot should be considered a WMD?

The first version always gets thrown away.

Working...