Russia and Georgia Engaged In a Cyberwar

doctorfaustus writes "I first picked this up in bits and pieces last week off Daily Rotation. A more in-depth story is available at ZDNet, which reports 'a week's worth of speculations around Russian Internet forums have finally materialized into a coordinated cyber attack against Georgia's Internet infrastructure. The attacks have already managed to compromise several government web sites, with continuing DDoS attacks against numerous other Georgian government sites, prompting the government to switch to hosting locations to the US, with Georgia's Ministry of Foreign Affairs undertaking a desperate step in order to disseminate real-time information by moving to a Blogspot account.' There is a question whether the computer work is being done by the Russian military or others. ZDNet's story offers further analysis of the attacks themselves and their origins. Some pretty good reporting." And reader redbu11 contributes the news that Georgia seems to be censoring access to all Russian websites, as confirmed by a Georgian looking glass/nslookup tool. The access is blocked on DNS level (Italy censored the Pirate Bay in the same way). Here are a couple of screenshots (in a language other than English) as of Aug 12th 5:40 pm: www.linux.ru nslookup — FAIL, www.cnn.com nslookup — OK.

ComputerWorld guy CWmike adds "In an intriguing cyberalliance, two Estonian computer experts are heading to Georgia to keep the country's networks running amid an intense military confrontation with Russia. Poland has lent space on its president's Web page for Georgia to post updates on its ongoing conflict with Russia. Estonia is also now hosting Georgia's Ministry of Foreign Affairs Web site."

Re:Propaganda?

[Darkness404]

So it is reasonable for the US to have blocked all Iraqi and Afghan sites during our invasion?

Re:How much more of this until browsers adapt?

[42forty-two42]

That's a terrible idea - the phishers would be all over that. Anyone who needs to override DNS should know how to do so themselves - and a IP-based address is useless for long-term use, so you wouldn't be able to use them in stable links either.

Re:Propaganda?

[gnick]

It seems to me that it depends on the situation. If the war's on our soil, blocking communication with the enemy seems fine. It also seems just fine to block our troops access to our enemies sites when they're on enemy soil. Also, if we're on their soil, blocking access to our sites seems fine. Basically, you want to interfere with orders being issued to a saboteur or similar and make sure that your citizens aren't subjected to foreign propaganda (only domestic propaganda).

Note that that's a very different thing than launching DDoS attacks on servers that blocks your enemies from accessing their own servers or communicating internally. That may be fine too depending on the situation. If you're disrupting military communications, that's probably OK. If you're blocking civilian access to sites advising them on emergency procedures or preventing them from accessing medical assistance, that's pretty shady.

Without country

[Statecraftsman]

Cyberwar is global. What's to stop widespread vigilante justice against either side? What's to stop US or Chinese hackers from joining in independently to fight on the side they choose? When does blogspot or the Estonian site become the target?

Uh? People?

[Opportunist]

Wasn't the internet invented with the idea in mind that you can't do exactly that, stop information from being exchanged? Wasn't that what the idea behind the whole resilence of the net and rerouting past clogged or destroyed nodes was, back when ARPA had its fingers on it?

Back to the drawing board, people, epic fail. Or rather, get back to the redundancy we stripped because we're cheap and want the net to be profitable.

Re:Propaganda?

[gnick]

Sorry for the self-reply, but TFS just got more interesting with the computerworld thing.

Assuming that Russia cyber-bombing Georgia's sites is a valid war-time maneuver, is it also OK for them to do the same thing to the servers in Poland and Estonia that are now hosting the offending sites? If those sites are dangerous enough to be considered targets, can hosting those sites be viewed in the same way as supplying weapons to Russia's enemies? Methinks that we'll see some ugly traffic between Russia and these Estonian and Polish servers (that Russia will of course disavow all knowledge of).

Of course, the US is hosting too. Surely none of our Communist comrades would ever be brazen enough to launch attacks on servers hosted here? ;o)

Censoring access? I think not.

[arcade]

I think the claim that Georgia is censoring traffic is probably misleading.

What's happening is that they've got incoming DoS-attacks, and have probably nullrouted quite a few russian IP-ranges. This probably includes quite a few DNS servers, making DNS lookups fail.

I haven't taken the time to _check_ any of this, but if you nullroute the DNS servers, of course DNS lookups will fail. If you're under a DoS, of course you nullroute quite a lot.

Re:Propaganda?

[corbettw]

The answer is in the "rules of war": if a Russian flagged vessel were to dock in a neutral country, like the Ukraine, George would be within its rights to attack that port and destroy it. That's why neutral countries usually bar belligerents from using their docks.

Same thing here. If Poland wants to allow Georgia to use their servers, they shouldn't be surprised if Russia "hacks" those servers with a 2,000 lb bomb.

Teh Googles

[JCSoRocks]

Speaking of cyberwar... So, I google mapped Georgia (I'm reasonably good about knowing geography... but come on, Georgia? Sorry Georgians...) Anyway... I was rather disappointed to find that... there's nothing there [google.com]. Really odd. Roads end, obvious cities aren't even labeled as cities. It's not like Google did a cursory mapping of it and skipped parts... it's just that aside from the border and the country name it doesn't exist. Also... good luck finding it by typing "Georgia" in google maps. The country isn't even an option. I had to wander through eastern Europe until I got over by Turkey before I saw it.

Re:Well, that's a relief

[Hubbell]

Exactly.
Georgia was stupid enough to think it could invade Russian territory and not get the shit raped out of their little country.

Isn't this an act of war against the U.S?

[bigattichouse]

A foreign power is using illegally obtained U.S. resources (compromised PCs) to attack another power. I believe that is a serious breach of international law. It would be no different t

Re:How much more of this until browsers adapt?

[Ghubi]

I'm not sure I understand what you're getting at here. If you know the IP address you're trying to reach, you can just type the IP into the address bar.

Re:Propaganda?

[Anonymous Coward]

Well, it could be that they were blocking all IP traffic with addresses from blocks known to be assigned to .ru network providers. Obviously that wouldn't help with distributed botnets or attacks through zombie blinds, but it would prevent direct attacks. It would have the side effect of knocking out all name resolution for .ru domains hosted within one of those IP address blocks. In fact, you would hope that if there's one thing any national cyberdefense should have prepared and available, it's a list of IP blocks assigned to network providers and companies of any nation that you might come into conflict with, in a format that can be easily imported to any of the main IP exchanges for traffic crossing you national borders. One of the greatest advantages that ICANN gives the USA in any cyberwar is that control over them makes it easier to compile such lists.

Re:let it loose!

[DesScorp]

Define "legally" in a war...

Seriously, black hat, white hat, grey hat or technicolor hat, it kinda loses meaning when legality itself isn't really applicable anymore.

When I was a kid, my best friend's dad was a WW II Navy vet, one that saw a lot. He scoffed at the very notion of "rules of war".

As he put it, "If I have an 'illegal' weapon, and an enemy is trying to kill me... guess what... I'm using the illegal weapon".

Re:let it loose!

[Opportunist]

To quote my army trainer, rules of engagement exist for Generals and other cushion-poopers who don't have to worry about bigger problems. Like, for example, bullets.

Re:over the top?

[MightyYar]

The US has been "advising" the Georgians until a few weeks ago, last month they had a thousand guys there "training".

You know what the US was advising Georgia? Not to pick a fight that they can't win with Russia.

just shelling the city hard, but they couldn't take it

They actually did take it, which is why the Russians rolled in.

So what is over the top about fighting back if you get attacked,

Russia was not directly attacked. Some of their "peacekeepers" who were occupying part of Georgia were killed during the blitz. Now here's where the finger-pointing starts.

How about if it was your relatives that got wasted by the Georgians being "advised" by the US?

That depends... am I pro-Georgian or pro-Russian? I could probably find a way to blame this on the separatists or the Georgians depending on my stance.

There is no such thing as a "fair fight" in war, you fight to win, period.

I'm all for that, but... why are the Russians in this fight? It's not their fight - they have actually worked very hard to keep international peacekeepers out. I say it is ulterior motives.

The US not only invaded a nation and took it over that had a peripheral involvement in the 9-11 attacks that killed 3,000 people, they went ahead and attacked and took over another nation that had absolutely nothing to do with it and have killed who knows how many people, many thousands, figures vary wildly, based on lying about the involvement.

Two points. One, the actions of the US have no bearing on whether what Russia did is right or not. Second, Russia has managed to de-facto annex part of Georgia, even giving Georgians Russian citizenship. Iraqis and Afghans do not get US passports, and the US has no intention of running either country.

, the US and the Georgians screwed up bad

The US advised Georgia NOT to provoke the Russians. But I agree that Georgia screwed up. That said, while the Russian response was to be expected, it was still way over-blown.

Of course they are desperately trying some fast quick lies in the press like they always do

Both sides are guilty of this. Russia was claiming that "their citizens" had been killed, which is garbage - and there was no end to Georgia's exaggerations either.

absolute dullest of the stupid and the fanatical flag wavers

Both countries have no shortage of those people.

Re:let it loose!

[Atario]

Define "legally" in a war...

http://en.wikipedia.org/wiki/War_crime [wikipedia.org]

Clearly, the US ignoring this concept has been going on long enough that people are returning to the Bad Old Days when "there's a war on" meant "we can commit any atrocity we want, fuck you".