Even before Russian tanks rolled across the Georgian border, the country was already under assault in cyberspace. The attacks, which involved sabotaging specific Georgian websites, began days before Russian warplanes launched.
These kinds of online assaults are notoriously difficult to trace, remarkably easy to mount, and increasingly common, particularly during times of conflict. Indeed, military planners now assume that cyberattacks—perhaps targeting critical infrastructure like power plants or communications networks—will most likely be part of future wars.
While the attacks in Georgia are Internet-based, they are far from the cataclysmic damage that military planners fear could become a regular part of 21st-century warfare. NATO, which has been watching the war in Georgia with alarm, has been examining cyberwarfare since 2002 and, in January, issued its first official policy doctrine on the issue.
The Air Force, meanwhile, in October is expected to debut its own cybercommand, a unit that will be responsible for deterring and, according to news reports, launching attacks. And the Bush administration has allocated some $6 billion for strengthening government networks against attacks.
Perhaps more troubling, however, is that cyberattacks like the ones being seen in Georgia may not even be linked directly to the Russian government, computer security experts warn. Instead, they could be the work of citizen hackers who are eager to help Moscow's war effort against its Black Sea neighbor.
The computer attacks, which continue against various Georgian websites, are called "denial of service" strikes. By infecting hundreds of thousands of private PCs with malicious computer code, hackers can mobilize a virtual army of zombie machines that simultaneously visit a given website in a deluge of artificial traffic.
When properly coordinated, the simultaneous actions of these zombie machines, called botnets, will overload computer servers, taking Web pages offline. The attacks are so easy to mount that hacker networks, particularly Russian organized-crime syndicates, rent their botnet armies for a few hundred dollars an hour—about the cost of a single AK-47. And that's if those who attacked Georgian sites had to pay at all.
Around the world, there are thousands of these types of botnet armies, which are frequently used for mischief. "We see attacks of this type all the time," says Andre Di Mino, director of Shadowserver, a nonprofit Internet security watchdog organization. "This one is particularly high profile but not particularly sophisticated."
Denial of service attacks, while pesky, are rarely all that damaging compared with other potential computer-based attacks, which could, for example, target an air traffic control system, a national railway, or power grid. Rebooting the servers, the computers where the websites are based, usually corrects the problem once the deluge of zombie website visitors has ended.
In fact, many of the sites under attack in Georgia were able to shift servers in a matter of hours and get back online in various capacities. "If a bomb falls, it can take years to rebuild, or someone might get killed. Once these attacks are over, you might have to restart the server. That's about all the damage they cause," says Jose Nazario, a computer security expert who tracks worldwide threats for the network security company Arbor Networks.
The sites targeted appear to be news websites and pages for the national parliament, the Ministry of Foreign Affairs, and that of the country's president, Mikheil Saakashvili. As the attacks continued late last week, the sites under attack shifted to new hosts, including an emergency blog created at blogger.com. "A cyberwarfare campaign by Russia is seriously disrupting many Georgian websites, including that of the Ministry of Foreign Affairs," read a message from the Ministry of Foreign Affairs of Georgia. "If you cannot access official Georgian government websites, please go to the following sites for the latest official government of Georgia news." The ministry was also posting dispatches on the site of Poland's president.
The fact that these attacks are so cheap to mount and easy to conceal is one of the reasons they have become the rule, rather than the exception, during periods of international tension. While the incidents in Georgia have been widely publicized, this is not the first time such attacks have been mounted to coincide with military action. In previous conflicts in Kosovo, India, Pakistan, and Israel and Palestine, as well as during the 2001 spy plane incident between the China and the United States, hackers have directed their mischief against their country's foes. Nationalistic hackers in Russia are a likely source of the Georgian attacks, security experts say, though they point out that investigations—and the attacks—are still ongoing.
What does separate the cyberassault on Georgia from past efforts is the intensity. Following the controversial decision to remove a monument to Soviet heroism in the Second World War in the spring of 2007, hackers using a Russian organized crime-controlled botnet mounted a successful offensive against websites in Estonia, which is one of the most wired countries in the world.
The latest analysis from Shadowserver indicates that the Georgian attacks have similarities to the Estonian attacks in several respects. However, the latter were generally longer in duration but less intense than the Georgian attacks. The peak bandwidth—a measure of the number of zombie computers converging on a given target site and the speed of their connections—during the Estonian incident was 100 megabits per second, while the Georgian attacks peaked at some 800 megabits per second, says Nazario.
Cyberattacks are not well codified in international law, leaving open the question of whether or not a damaging cyberattack could be considered an act of war if it was conducted by a foreign state.
For now, U.S. officials are stressing the need to bolster the nation's cyberdefenses. Homeland Security chief Michael Chertoff has called for an American "Manhattan Project" to defend government computer networks.
Asked in a Senate hearing this year if the United States was prepared for a cyberattack, National Intelligence Director Mike McConnell pointed to threats from both China and Russia, offering bad news for legislators: "We're not prepared to deal with it."
Corrected on 8/14/08: An earlier version of this story should have stated that Georgia is Russia’s neighbor on the Black Sea.