Researcher Says Russian Government Involved in Georgia Cyber Attacks

By John Wagley

There was an unprecedented level of coordination between the Russian military campaign and the cyber attacks against Georgia, said Don Jackson, director of threat intelligence at SecureWorks in Atlanta in an interview with Security Management.

Just hours before bombs started falling on certain towns earlier this month, local Web sites were hit with denial of service (DOS) attacks, in which site servers shut down after receiving a flood of requests. Many targeted sites had “high military value,” he says, including those run by law enforcement and by media outlets.

There is also “significant evidence” that numerous Georgian government servers were hacked on the first day of the conflict over the territory of South Ossetia, he says, adding that some intrusions copied data off government servers.  Most previous Internet campaigns against other nations have involved DOS attacks against sites with symbolic, rather than military, value, he says.

Jackson says he has spoken with and received computing logs from Georgian government network administrators, among other sources.  Some logs show that Web assaults were launched from the command and control servers of Russian state-owned Internet networks, he says.  He also points to a mob tie. Numerous gangs throughout the former Soviet Union control hundreds of thousands of bots, or programs that dwell in computers throughout the globe and can be used for attacks and fraud. Many of the bots used against Georgia resemble those used by the gangs, says Jackson.

The Russian government has denied any responsibility. Recently, The Shadow Server Foundation, which tracks global Internet crime, wrote that there was no clear tie to the Russian government and that many of the attacks appear to be a Russian “grassroots effort.” The organization has also posted a list of attacked Web domains.

Jackson said the U.S. is less vulnerable to such attacks because of the widespread use of content distribution technology that permits sites to be hosted in multiple locations simultaneously.


View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.