Security Experts: No Smoking Gun in Georgian Cyber Attacks

The timing is suspicious: Just as Russian tanks began their physical assaults on Georgia's armies, that country's civilian communications infrastructure started coming under attack in cyberspace.

Yet there is no direct evidence that ties this Internet warfare to the Russian government, and it may stay that way even as Georgia's president shifts his Web site to a hosting company in another Georgia -- the one with the U.S. city of Atlanta as its capital.

The Atlanta-based hosting company is just one entity that has rushed to the aide of Georgian president Mikheil Saakashvili's country, which drew the wrath of Russia over the weekend after it tried to crack down on separatists in South Ossetia. Google's (Nasdaq: GOOG) blogging service is now publishing statements from the country's Ministry of Foreign Affairs after its Web site and others experienced cyberattacks ranging from denial of service blockages to front-page defacements.

Estonia, which had its own cyber battle with suspected Russian operatives last year, and Poland are also assisting Georgia.

No Smoking Gun from Moscow

The problem for Georgia and outside observers is that the recent cyber attacks follow a pattern established by suspected Russian criminals who specialize in organized online crime.

"They've done that before," James Lewis, senior fellow for technology policy at the Center for Strategic and International Studies, told TechNewsWorld. "It's a nice trade for everybody. The criminals get a little protection, the Russian government gets to have something happen without having their fingerprints on it. That's the assumption. Like Estonia, we don't have links to the Russian government, but it's not a fluke where we magically have this happen when a shooting war starts."

Criminal groups are likely involved in the cyber blitz, agreed Paul Ferguson, advanced threat researcher for Trend Micro (Nasdaq: TMIC). "This looks to me like more than just some grassroots, hacktivist-inspired attacks," he told TechNewsWorld. "But at the same time there's no way to link it to a state-sponsored type of attack. It's somewhere in the middle ... it certainly has criminal elements."

Motive for the Attacks

When one thinks of a nation-state engaging in cyber warfare, the image that may arise is one of coordinated chaos at a country's command-and-control infrastructure. Georgia's experiences are more focused on propaganda and infowar, Sean Barnum, principal consultant for Cigital Security, told TechNewsWorld.

"This was really targeted at preventing Georgia from presenting its message to the world through its communications platform and the Web," Barnum said. "Obviously [the Georgians] can talk to reporters, but as more and more communications move to the Internet, with distributed blogs and all that, all the attacks that have happened were targeted at preventing Georgia from quickly and easily presenting the facts or their spin on what's going on."

The Cyberwar Agenda

The picture painted by security experts investigating attacks on a nation's Web infrastructure is one colored by criminals, working in compartmentalized groups a la al-Qaida, using botnets -- networks of compromised computers -- normally employed for stealing financial information. Those botnets then become weapons in nation-on-nation propaganda and disruption activities.

"Anywhere you have organized crime, they leap in to take advantage of the news of the day," David Perry, global education director for Trend Micro, told TechNewsWorld. "If there's an armed conflict between two nations and there are criminals in both nations, they would leap to take advantage of that, don't you think?"

Georgia is especially susceptible because of its proximity to potential adversaries; its main Web communications lines go through Russia and Turkey. "This underscores the whole issue for evolving nations in the sense of how they're projecting their presence on the Internet," Ferguson said, "and who they have to rely on for connectivity. If your service is going next door to a country that might not be a friendly nation, they may want to rethink their plans on connectivity."