Cyberwarfare and the Georgian Crisis

The Bare Knuckled Pundit · 08-15-08, 11:29 AM

Weeks before Russian tanks and armored personnel carriers began pouring into Georgia, the assault on the small Caucasian country had already begun; in cyberspace.

As early as mid-July, initial attacks on Georgian websites were detected which escalated into a massive coordinated denial of service attack last Thursday; a day before Russian forces roared into the separatist region of South Ossetia. While cyber experts and defense analysts view this as the first overt use of cyberwarfare conducted in tandem with a real world military offensive, some believe that an infamous Russian cybercrimes syndicate - the Russian Business Network – may be serving as a proxy for the Russian government.

Still others point to the timing of Thursday’s attacks as a sign of Russian government complicity in the cyber-assault.

Although the networks used in the cyber-offensive were set up well beforehand, the most serious attacks began just as Russian tanks and troops jumped off from their intial staging points. Furthermore, the choice of targets is especially telling. Official sites in Gori, along with local news sites, were shut down by denial-of-service attacks before Russian planes reached the strategic eastern Georgian city.

"How did they know that they were going to drop bombs on Gori and not the capital?" cyber expert Don Jackson of SecureWorks asked. "I would say that from what I've seen firsthand, there was at some level actual coordination and/or direction [by the Russian government], especially in regard to the timing and the targets of some of the attacks."

Regardless of the source of the attacks, the end result has been the seizure of control of many Georgian governmental websites as well as the defacement and blocking of other non-governmental Georgian sites. In response to the attacks, many Georgian sites have moved to hosts in the United States; including the official website of Georgian President Mikhail Saakashvili.

In what appears to be a cyber-counterstrike, Russian media accused Georgia of targeting the state-sponsored news organization RIA Novosti and other popular websites with denial of service attacks that left them down for hours.

In the days following Russia’s multipronged assault on its neighbor, Internet political forums have been abuzz with debate over who initiated or provoked the crisis. Over the past 48 to 72 hours, there have been an increasing number of posters attacking the Georgians for provoking the crisis as well as those defending them that appear to be :

A) Patriotic Russian nationals mounting a grassroots defense of the Rodina

B) Russian state actors incorporating disinformation, propaganda and cyberbullying into their tactical arsenal and promoting their message in the blogosphere/forumworld under the cover of (A)

C) Russian state proxies such as the Russian Business Network acting on behalf of Moscow in order to provide it with plausible deniability

While some of these possibilities may sound like the plot of a Tom Clancy thriller, there is the growing realization among defense experts and theorists that cyberspace is now an environment that must be included in strategic defensive and security planning. Adding a new dimension to the battlefield, cyberspace provides access to the heart of an adversary’s vital communications networks, governmental agencies and critical infrastructure; such as electrical grids and water systems.

Additionally, the growing dependence of defense and intelligence agencies on computer networks and satellite communications that are tied to the Internet demand a comprehensive cyberdefense strategy. Recognizing this need, the Pentagon has designated the 8th Air Force at Barksdale, Louisiana as the Air Force Cyber Command
(AFCYBER).

With Russian attacks on Estonia in the spring of 2007; Chinese probes of American defense networks and attacks on Indian and Japanese sites as well as the ongoing cybercombat between Russia and Georgia, it is clear the traditional battlefield has been radically expanded and redefined.

Si vis pacem para bellum, faithful readers. If you want peace, prepare for war. Your weapon and weakness lies before you. Stay tuned for further updates as events warrant and the circuits sizzle with the latest assault.

Infinite Chaos · 08-15-08, 11:39 AM

This isn't the first and it won't be the last "virtual war', the rebel Chechen movement has already moved its websites over to Western Europe following similar hacking attacks (in both directions) over the last few years.

I did laugh at the pictures shown on the BBC yesterday of Saakashvili's defaced image screen comparing him to Hitler.

The Bare Knuckled Pundit · 08-15-08, 04:45 PM

Quote:

Originally Posted by Infinite Chaos

This isn't the first and it won't be the last "virtual war', the rebel Chechen movement has already moved its websites over to Western Europe following similar hacking attacks (in both directions) over the last few years.

I did laugh at the pictures shown on the BBC yesterday of Saakashvili's defaced image screen comparing him to Hitler.

Actually, I stated it was the first use of cyberwarfare conducted in tandem with a real world military offensive.

This adds a new dimension to the battlefield and complicates efforts to achieve Full Spectrum Dominance.

Kernel Sanders · 08-15-08, 05:48 PM

Tech site Ars Technica ran an article on the matter a few days ago. They are of the opinion that Russia was not behind the cyber-attack

Source [ Ars Technica | Russians may not be responsible for cyberattacks on Georgia]

Quote:

Earlier this week, we covered a report from the Georgian Foreign Ministry, claiming that the Russian Business Network (RBN) was actively engaged in cyberwarfare against Georgia—with the blessing and backing of the Russian government. There have been no new reports from that source, but several security experts have spoken up, and raised the question of whether or not the Russian government is actually involved.

According to Gadi Evron, former Chief information security officer (CISO) for the Israeli government's ISP, there's compelling historical evidence to suggest that the Russian military is not involved. He confirms that Georgian websites are under botnet attack, and that yes, these attacks are affecting that country's infrastructure, but then notes that every politically tense moment over the past ten years has been followed by a spate of online attacks. It was only after Estonia made its well-publicized (and ultimately inaccurate) accusations against Russia that such attacks began to be referred to as cyberwarfare instead of politically motivated hackers. Evron writes:

Running security for the Israeli government Internet operation and later the Israeli government CERT such attacks were routine...While Georgia is obviously under a DDoS attacks and it is political in nature, it doesn't so far seem different than any other online after-math by fans. Political tensions are always followed by online attacks by sympathizers. Could this somehow be indirect Russian action? Yes, but considering Russia is past playing nice and uses real bombs, they could have attacked more strategic targets or eliminated the infrastructure kinetically.

Arbor Networks' Jose Nazario offers additional proof of Evron's statements, writing: "While some are speculating about cyber-warfare and state sponsorship, we have no data to indicate anything of the sort at this time. We are seeing some botnets, some well known and some not so well known, take aim at Georgia websites...These attacks were mostly TCP SYN floods with one TCP RST flood in the mix. No ICMP or UDP floods detected here. These attacks were all globally sourced, suggesting a botnet (or multiple botnets) were behind them."

Ars is a very reputable site for tech news and analysis. I trust them more than any other blog I visit, and have yet to see them wrong or posting unsubstantiated/suspect rumors. They don't unequivicolly state that it was not Russia, but I give their opinon a lot of weight

The Bare Knuckled Pundit · 08-15-08, 10:32 PM

Quote:

Originally Posted by Kernel Sanders

Tech site Ars Technica ran an article on the matter a few days ago. They are of the opinion that Russia was not behind the cyber-attack

Source [ Ars Technica | Russians may not be responsible for cyberattacks on Georgia]

Ars is a very reputable site for tech news and analysis. I trust them more than any other blog I visit, and have yet to see them wrong or posting unsubstantiated/suspect rumors. They don't unequivicolly state that it was not Russia, but I give their opinon a lot of weight

This highlights some of the appeal of cyberwarfare; the inability to readily confirm the source of the attacks.

Independent actors; patriotic citizens; agent provocateurs; criminal syndicates; malcontent hormone-fueled teens and state institutions all have the ability to anonymously initiate such attacks while disguising their origins.

Clearly this is a dimension of national security that will require additional attention and resources as societies become increasingly technology-dependent and 'Net integrated.

Kernel Sanders · 08-15-08, 10:53 PM

Quote:

Originally Posted by The Bare Knuckled Pundit

This highlights some of the appeal of cyberwarfare; the inability to readily confirm the source of the attacks.

Independent actors; patriotic citizens; agent provocateurs; criminal syndicates; malcontent hormone-fueled teens and state institutions all have the ability to anonymously initiate such attacks while disguising their origins.

Clearly this is a dimension of national security that will require additional attention and resources as societies become increasingly technology-dependent and 'Net integrated.

Definitely true. Unfortunately the USAF put the breaks on a provisional Cyber Command unit as recently as yesterday

Source [ Ars Technica | US Air Force puts Cyber Command into hibernate mode]

Quote:

The Air Force Cyber Command (AFCYBER) is a provisional unit that was being developed to take on the challenge of finding ways to use and safeguard Internet infrastructure during military conflicts. AFCYBER was announced in 2006 and the unit, after some delays, was expected to stand up in October of this year. That launch has now been put on hold while the Air Force's new leadership reviews the plans. Some analysts speculate that the program may be embroiled in a dispute over which branch of the military should have authority over cyberspace. [...]

There is also evidence that major world powers, particularly China and Russia, have already experimented with techniques for using hacking and denial of service attacks as offensive weapons. China was accused of orchestrating a chain of five separate attacks last year and hackers in Russia have been accused of using technology against Estonia and Georgia. It remains unclear whether these attacks were conducted with government backing.

There is a clear need to build an understanding of the technical capabilities possessed by foreign powers and rogue groups. AFCYBER was gearing up to investigate a wide range of technologies, including potential tactical uses of botnets. The command was operating under provisional status through the Air Force Network Operations Center, pending its full launch and a final decision about where it will be based. Suspension of the program raises serious questions about whether the military plans to move forward with the launch.

I couldn't disagree with this decision more. I'm a Ron Paul supporter, and therefore have a good deal of mistrust for the government, especially of late, but the US cannot afford to fall behind in any area of warfare. The internet has more or less left out of conflicts, but this is not a position that can last forever. Given the degree to which modern infrastructure, military command, and the economy rely on the internet, when a full out cyber attack comes it could easily cause more damage than a few planes running into a couple of buildings. This is the one time that I hope the US has a secret, very strong, very well funded unit up its sleeve that could smash any opposition, domestic or otherwise.

donsutherland1 · 08-16-08, 09:11 AM

Quote:

Originally Posted by The Bare Knuckled Pundit

...there is the growing realization among defense experts and theorists that cyberspace is now an environment that must be included in strategic defensive and security planning. Adding a new dimension to the battlefield, cyberspace provides access to the heart of an adversary’s vital communications networks, governmental agencies and critical infrastructure; such as electrical grids and water systems.

Excellent commentary, BKP.

I believe this example of the first major cyberattack that was coordinated with Russia's military operations highlights the ongoing evolution of warfare in which the battlefield is being transformed into "multi-plane chess" so to speak--multiple chessboards at different levels in which participants can move across one board or shift the fight above or below them onto other boards. War is becoming far more complex.

That war is becoming far more complicated a natural consequence of technological change. One has seen how technology has pushed the limits of innovation in all fields and created a previously unparalleled ability to leverage information for political, military, and economic advantage. Today's hedging strategies are vastly more complex than the simple interest rate swaps that marked the beginning of the derivatives era. Why not warfare, as well? Information is power. Enjoying a qualitative edge via the information one possesses or access/use of information one can deny one's enemy can give one a decided advantage on the battlefield.

Now that the situation in Georgia appears to be quieting down, military strategists will need to assess the lessons of the coordinated battlefield-cyberspace activities. That coordination has exposed serious vulnerabilities and expand well beyond the Internet.

Those vulnerabilities touch upon the most fundamental issue of what constitutes a military target. Under Article 52 of Protocol I to the Geneva Conventions, "military objectives are limited to those objects which by their nature, location, purpose or use make an effective contribution to military action and whose total or partial destruction, capture or neutralization, in the circumstances ruling at the time, offers a definite military of advantage." Military strategists will need to consider that anything that fits that definition will likely be defined as targets by at least some states. Government websites, because they allow a nation to broadcast its narrative to its own people, its military forces, and the world at large, would logically be seen as a military objective in 21st century warfare.

But cyberspace is just one example. Satellites that provide information for satellite-guided weaponry, on-the-ground reconnaissance, or instantaneous communication across long distances, will likely be treated as military targets, especially if warring Great Powers seek to avoid a recourse to nuclear weapons should such a conflict ever erupt among them. China's shooting down an aging weather satellite in January 2007 highlights the march of technology that is slowly expanding the capacity to take down satellites to countries beyond the U.S. and Russia. Technological improvement has likely improved the capacity to conduct such operations.

This growing capability exposes a large vulnerability in U.S. military capabilities. The U.S. has invested substantially into building a large reliance on satellite technology for guiding missiles, transmitting information, monitoring the battlefield, etc. In effect, unwittingly, there is danger that the U.S. has been pursuing an "all eggs in one basket" approach.

At this time, the questions U.S. military strategists need to ask are:

1) How would the U.S. be impacted if it lost access to its satellites?
2) What redundancies can the U.S. develop for that contingency?
3) What measures can the U.S. take to safeguard its satellites?
4) What new approaches can be developed to overcome such vulnerability?

Although treaties such as "The Outer Space Treaty" bar the placement of weapons in space, they do not prohibit nations from developing systems or technologies that could allow them to knock out satellites from the air, ground, submarines, or ships. If satellites are making a military contribution, nations can and will define those satellites as military objectives.

Future treaties that seek to exempt satellites from being targeted likely would not be respected by all nations, even if they were ratified by a sufficient number of states to become operative. Past experience has demonstrated that application of power in the pursuit of national interest can trump treaty constraints in times of warfare.

Therefore, it would be prudent for the U.S. military to possess a coherent strategy for dealing with vulnerabilities exposed in the recent Russia-Georgia combat in which cyberspace was transformed into part of a larger battlefield, as well as additional vulnerabilities from a thorough examination of all the tools that make a military contribution. Otherwise, the nation that gains the ability to dominate those emerging battlefield dimensions of the 21st century and beyond will likely develop an important military advantage. In turn, that advantage, especially if it is a large one, could have broad balance of power implications.