Modern warfare: first DDOS, then tanks

From John Markoff in the New York Times Blog

The Georgian government is accusing Russia of disabling Georgian Web sites, including the site for the Ministry of Foreign Affairs.

Because of the disruption, the Georgian government began posting the Foreign Ministry’s press dispatches on a public blog-hosting site owned by Google ( and on the Web site of Poland’s president, Lech Kaczynski.

Separately, there were reports that Estonia, which was embroiled in an electronic battle with Russia in May of last year, was sending technical assistance to the Georgian government.

The attacks were continuing on Monday against Georgian news sites, according to Jose Nazario, a security researcher at Arbor Networks, based in Lexington, Mass.

“I’m watching attacks against and right now,” he said. The attacks are structured as massive requests for data from Georgian computers and appear to be controlled from a server based at a telecommunications firm, he said…

Meanwhile Google has been stung into denying that it had erased maps of Georgia. It never had them in the first place, it claimed.


Later: ArsTechnica has a thoughtful post saying that the evidence that the Russian military were behind the attacks is not convincing.

According to Gadi Evron, former Chief information security officer (CISO) for the Israeli government’s ISP, there’s compelling historical evidence to suggest that the Russian military is not involved. He confirms that Georgian websites are under botnet attack, and that yes, these attacks are affecting that country’s infrastructure, but then notes that every politically tense moment over the past ten years has been followed by a spate of online attacks. It was only after Estonia made its well-publicized (and ultimately inaccurate) accusations against Russia that such attacks began to be referred to as cyberwarfare instead of politically motivated hackers. Evron writes:

“Running security for the Israeli government Internet operation and later the Israeli government CERT such attacks were routine…While Georgia is obviously under a DDoS attacks and it is political in nature, it doesn’t so far seem different than any other online after-math by fans. Political tensions are always followed by online attacks by sympathizers. Could this somehow be indirect Russian action? Yes, but considering Russia is past playing nice and uses real bombs, they could have attacked more strategic targets or eliminated the infrastructure kinetically.”

Arbor Networks’ Jose Nazario offers additional proof of Evron’s statements, writing: “While some are speculating about cyber-warfare and state sponsorship, we have no data to indicate anything of the sort at this time. We are seeing some botnets, some well known and some not so well known, take aim at Georgia websites…These attacks were mostly TCP SYN floods with one TCP RST flood in the mix. No ICMP or UDP floods detected here. These attacks were all globally sourced, suggesting a botnet (or multiple botnets) were behind them.”

Still later: Tech Review is reporting that the USAF is considering mothballing its nascent Cyberspace Command. Another report here. Bad move, IMHO.