CyberWar Part of Georgian and Russian Conflict

Last year Estonia suffered a series of severe Distributed Denial of Service attacks which crippled its Internet infrastructure and made many government and press websites unavailable.  Estonia initially claimed that Russia was behind these attacks and they were subsequently dubbed as “the first Cyberwar”.  Later these accusations were retracted as there was no real evidence to prove Russian government involvement in the attacks.

The recent conflict between Georgia and Russia has also seen a number of parallel online attacks.  Apparently any sites within the .ru domain space are unavailable from within Georgia as are a number of well known pro-Russian sites.  Access to Russian TV channels are also blocked.

For its part Georgia claims that Russia has attacked a number of its websites including those of Georgian news sites, the Georgian Ministry of Defence and the Ministry of Foreign Affairs as well as the The National Bank of Georgia.  The Georgian ambassador to the UK, Giorgi Badrize, has accused Russia of being behind these attacked.   US Presidential candidate, Senator Barack Obama,  has also called on Russiato end these cyberattacks.

However, similar to the attacks against Estonia last year, it will be difficult to get hard evidence to support this claim.  As the attacks on both sides may be from sympathisers to either side.

Wikipedia has a good overview of the conflict which includes coverage of the cyberattacks affecting both sides.

These attacks are interesting in that they not only demonstrate the power of botnets and the impact they can have, but if they are being used as part of an overall offensive then we are seeing a new frontier in international conflicts.

Given the nature of the Internet it is also possible that unknown to you machines on your network may be part of the botnets that are attacking these sites.   If the online conflict should spread to other sites there may be collateral damage to sites that share the same hosting and networking environments as your sites do.

So I suggest you make sure all your machines are patched with up to date software and anti-virus signatures, that you are monitoring for any unusual traffic from your network to unusual destinations and that you review your DR plan in the event that your site suffers from online collateral damage.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.