The ongoing conflict between Russia and Georgia is currently
developing in two main directions: one is the obvious physical one, driven by political
ambitions and crying for independence, while the other is a virtual one, with
Russian hackers pressuring Georgia on a technological level.
Internet experts revealed several attacks against Georgian
Internet websites as early as July 20, before the recent violent conflict had
even started. It appears that among the targeted websites was also the site of
the Georgian president, Mikheil Saakashvili, which has been under distributed
denial of service (DDoS) attacks for a whole day.
The question that everyone is asking right now is: are these
attacks related in any way with the real conflict between the two countries? Furthermore,
we can’t help but wonder if the Russian government is involved, although there
have been no proofs of that so far.
According to the reports released by the Shadowserver Foundation,
which keeps track of Internet attacks, there have been at least six different
command and control (C&C) servers used in the most recent round of attacks.
Some of these servers have been under observation for over a year now, but no
one has ever managed to shut them down it appears.
It appears that the C&C servers have intensified their
actions ever since the August 8 events between Georgia and Russia, targeting
Georgian websites, as well as websites belonging to countries sympathetic to
Georgia.
Shadowserver Foundation reported that among the first
targets were websites belonging to the Georgian government, including those of
the Georgian president and Georgian Parliament. In addition to that, even the
site of Garry Kasparov came under attack, which makes all these events even
harder to attribute to one mastermind.
What makes it even stranger is that the hackers apparently
targeted no only politically-related websites, but also adult video websites,
online gambling websites, Russian news websites, virtual currency websites and
many other apparently randomly chosen websites.
In addition to the DDoS attacks, a group claiming to be from
the disputed South Ossetia inserted a series of pictures of the Georgian president
and Adolf Hitler on the Georgian Parliament website. Following the attacks, the Georgian leader’s official website is now
being housed by an American hosting company, Tulip Systems.
According to Mike Johnson from the Shadowserver Foundation, it’s
very hard to link these events to the Russian government: “I just do not see
why a government entity would attack those types of websites.” However, he
continues, some of these attacks do seem to be “DDoS for hire” or “DDoS for
extortion” services.
Another speculation was that the attacks are related to the
RBN, although no such proof is available at the moment. Johnson said he is
among those who believe that RBN (Russian Business Network) acted as a hosting
provider, not as a direct attacker.
All these facts make the enigma even harder to solve. If it
wasn’t the Russian government, and it wasn’t RBN, who was it? Are we looking at
some modern “Robin Hoods,” trying to make “justice” on their own?
