The First Real Cyber War
blurb:isstoday:200808cyber
20 August 2008: The First Real Cyber War
On 11 August 2008, Russian forces moved south from the Georgian breakaway provinces of Abkhazia and South Ossetia to attack other parts of Georgia. Announcements from Russia indicated that the aim was to create a buffer zone just outside the secessionist provinces to prevent Georgia from staging counter-attacks. In terms of personnel and hardware, the Russian forces outnumber and outgun the Georgians. The Russians appear to have committed two task groups of about 10 000 men each, whereas the total Georgian ground forces strength is just under 27 000.
The activity of the ground forces was manifest in Georgian sniper attacks against Russian positions, with Russian forces taking up strategic positions occupying main roads and junctions. Meanwhile the Russians announced that they had already achieved complete air superiority. Reports have noted that using Su-25 attack aircraft and Su-24 bombers, the Russians destroyed all of Georgia’s combat aviation at it base locations.
However, the Russian action against Georgia was not limited to conventional military warfare. ZDNet and other Internet security services have posted details of what the Georgian government is describing as a ‘coordinated cyber attack’ against Georgia’s Internet infrastructure, including the compromise of government websites and a continuing DDoS (distributed denial of service) attack. According to a Georgian government spokesperson, all Internet traffic to Georgia’s key servers is routed through Russian or Turkish servers. Some are describing the electronic action as a ‘full cyber siege’.
According to the intelligence newsletter Nightwatch the attacks by Russian hackers began several weeks before the military intervention and peaked on Friday 8 August, when the Russian intervention began. In one attack, a hacker posted on President Mikheil Saakashvili’s website a slide show of pictures of Saakashvili juxtaposed to pictures of Hitler. The Georgian government announced that several Georgian state computer servers have been under external control since shortly before Russia’s armed intervention began, leaving its online presence in disarray. While the official website of President Saakashvili has become available again – from Atlanta - the central government site as well as the homepages for the Ministry of Foreign Affairs and Ministry of Defense remain down. Some commercial websites have also been hijacked.
The questions that are being asked are whether this was a coordinated cyber attack and if so, do we have the first real example of cyber warfare combined with PSYOPS (psychological operations)? Even more interesting, was this a typical intelligence propaganda / PSYOPS operation manifest in cyberspace? Lastly, and most fundamentally, who are responsible?
The cyber attacks have been so sustained that even as Georgian websites were reporting on incidents of cyber attack, they were themselves attacked and shut down. A blogger on ZDNEt, Dancho Danchev, has traced the way in which this coordinated cyber attack was conducted. Apparently this is the second time the Russians have engaged in cyber warfare of this nature, the first being the Russia vs Estonia cyber ‘shock and awe’ attack. The only person arrested for participating in that cyber war was a young student who distributed a list of Estonian government websites.
In the ongoing Georgian conflict, there is an indication that lists of Georgian government departments and cyber targets were circulated on various Russian web forums. Danchev notes that once the targets to be attacked are publicly known, it is left up to the self-mobilisation of the Russian Internet users to take action. Who are these nameless, faceless beings that from behind their computers become active combatants in an international conflict? They are students, hackers, cyber-terrorists and ordinary people with a little bit of technological know-how and a lot of time on their hands. Average Internet users are mobilized to conduct state-of-the-art cyber warfare through the release of pretty much do-it-yourself tools, which show how to flood Georgian websites and shut them down. For those who are interested in and can decipher tech-speak, look up Danchev’s article on ZDNEt for a full explanation of how to go about it.
In the face of sustained cyber attacks, the Georgian government’s ability to communicate to the rest of the world is severely threatened. Georgian government spokespeople were at one stage utilising Google Blogs to send international press releases. This is perhaps the first time that cyber war has been used to deny the targeted country the ability to reach the world with real-time information on real-life war events.
This is truly groundbreaking modern warfare: cyber space is as much a battle target as any national strategic installation. It shows that the importance and reliance on Internet-based communications could be a massive weakness in national security structures. It is no surprise that around the world national intelligence services charged with counter-intelligence duties are spending more and more time and money on information security and particularly on the ability to secure your national cyber realm. This truly is a new world with new security threats and new platforms for war.
Lauren Hutton, Researcher, Security Sector Governance Programme, ISS Tshwane (Pretoria)
