Georgia accuses Russia of coordinated cyberattack

The Georgian embassy in the U.K. has accused forces within Russia of launching a coordinated cyberattack against Georgian Web sites, to coincide with military operations in the breakaway region of South Ossetia.

Speaking to ZDNet UK on Monday, a Georgian embassy spokesperson said that Web sites had been unavailable over the weekend, claiming this was due to Russian denial-of-service attacks.

"All Georgian Web sites have been blocked," said the spokesperson. "Georgia is working on redirecting Web traffic."

At the time of writing, the Web site for the Ministry of Defense of Georgia was unavailable for viewing from the U.K. The Web sites for both the Georgian presidential office and the Ministry of Foreign Affairs of Georgia were available, but the spokesperson said this was due to Georgian redirection work.

"They are new (Web sites)," said the spokesperson. "It was impossible two days ago (to access them)."

However, the spokesperson acknowledged that, as yet, Georgia could not confirm that Russia had been responsible, as the causes were still "under investigation." But the spokesperson asked: "Who else might it be, though?"

In 2007, disruptions of Internet service in Estonia--like Georgia, formerly a political division of the Russia-dominated Soviet Union--prompted talk of those events as possibly the first-ever cyberwar. The exact nature of the disruptions, and who might be to blame, proved hard to pin down.

The Russian embassy in London said it had no information regarding cyberattacks against Georgia, but insisted there had been no military attack against Georgia. "I'd like to draw attention to a misunderstanding," said a Russian embassy spokesperson. "There is no Russian (military) attack. There is peace enforcement in South Ossetia."

According to a post on the Web site of the president of Poland, Lech Kaczynski, the Russian government blocked Georgian Web sites to coincide with "military aggression."

"Along with military aggression, the Russian Federation is blocking Georgian internet portals," read a statement on the Polish presidential Web site. "On request of the president of Georgia, the president of the Republic of Poland has provided the Web site of the president of Poland for dissemination of information."

One of the statements made by the Georgian government on the Polish presidential Web site accused the Russians of bombing the port of Poti on the Black Sea, "far from South Ossetia," and of sending warships into the area.

"(Poti) serves as a vital energy-transit route to Europe," read the statement. "Over the past 48 hours, Russian forces have killed over 100 Georgian civilians and soldiers, after targeting residential complexes in Georgia, as well as airports, bases, and other vital infrastructure."

A "full cybersiege"?
The RBN Web site, which normally attempts to track the activities of the criminal Russia Business Network, kept a running commentary of technical developments over the weekend.

On Saturday, the RBN blog, which is run by security researcher Jart Armin, claimed there was a "full cyber-siege" of Georgia. The RBN blog post claimed that the Russia-based servers AS12389 Rostelecom, AS8342 Rtcomm, and AS8359 Comstar were controlling all traffic to Georgia's key servers.

According to the blog, German hackers managed to route traffic directly to Georgia through Deutsche Telekom's AS3320 DTAG server for "a few hours" on Saturday, but this traffic was intercepted and rerouted through AS8359 Comstar, which is located in Moscow.

The RBN Web site also warned users not to trust any Web sites that appeared to be maintained by the Georgian government but did not have any statements about the weekend's hostilities, as these had likely been intercepted and altered.

Security organization the Shadowserver Foundation reported in an update to an earlier blog post that it was also seeing cyberattacks directed against ".ge" sites, with the Georgian Web sites being hit with HTTP floods. Shadowserver reported that the command-and-control server being used to launch the attacks was located in Turkey.

In July, Shadowserver security volunteer Steven Adair reported that the president of Georgia's Web site had suffered a denial-of-service attack following a buildup of hostilities between Russia and Georgia over South Ossetia.

Tom Espiner of ZDNet UK reported from London.

Background information provided by CNET's Rob Vamosi

[benjaminstraight]

It is amazing that now 'cyber acts of agression' are being cited to justify physical action.

[sanenazok]

@ben: what physical acts of violence were being justified exactly?? It's Russia that invaded a smaller neighbor AND started a cyberwar.<br /><br /><p>It's so hilarious that the ruling Russian autocracy complains when Western powers push to have greater civil rights and a free press in Russia. What does Russia do...invade another country to "protect the Russian minority" or other such garbage. I guess Poland should invade Belarus to protect the Polish minority there (which is actually being repressed). Hell, Mexico should invade the US to protect the large number of Mexicans here!

[n3td3v]

"However, the spokesperson acknowledged that, as yet, Georgia could not confirm that Russia had been responsible, as the causes were still "under investigation." But the spokesperson asked: "Who else might it be, though?""<br /><br />It might be the Israeli government since Gadi Evron has been posting information warfare onto the mailing lists today about this security incident in an apparent U-turn from his earlier stance about the affair. <a class="jive-link-external" href="http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/063820.html" target="_newWindow">http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/063820.html</a> Its also suspected that Gadi Evron has links with Mossad. Add the math up yourself and make your own opinion about it.

[sanenazok]

Yeah it's Israel that's invading Georgia, not Russia! And and per you Georgians themselves are doing it. Riiight! Did you read the post before clicking on "submit?"

[-STOPWAR-]

People of the world. You deceive! World mass media conduct propagation of a false information. Russia DID NOT ATTACK Gia! 07.08.2008 at 22:00 Gia has attacked South Ossetia. At 3:30 08.08.2008 tanks of the Gian armies have entered into city Tskhinvali.Artillery bombardment all the day long proceeded, fights with use of tanks and heavybat material, both against ossetic armies, and against peace inhabitants were conducted. 1400 civil people already were lost.The Russian peacemakers have arrived to South Ossetia in the evening 08.08.2008 for settlement of the conflict and prompting of the world in republic and protection of the Russian citizens living on territory of South Ossetia.Gia has attacked South Ossetia on eve of Olympiad, it is top of cruelty and cynicism.

[sanenazok]

@-STOPWAR- Since when does Russia have a right to invade another country, under the guise of "peacekeepers" or whatever? Georgians have a right to pacify a break-away province. If Russia doesn't like what Georgia is doing then Russia needs to be a modern (post 1939) country and comply with international law to stop whatever Georgia was doing that was so bad. Invading another country is an invasion regardless of the reason provided. "Protecting national minority" stopped being an acceptable basis for invasion following the annexation of Sudetenland by Hitler.

[sanenazok]

As Pres. Bush just recently put it, the Russians are trying to depose the Georgian government to try to set up a friendly one. It's kind of understandable, but not anywhere near of an explanation for an invastion of a sovereign state.

[katie3445]

what do you guys know? Georgia started the war with Ossetia and killed a thousands of people kids, old people and thanks god Russia is helping !!!!!!!!!!! Georgia started the war!!! GET A LIFE PEOPLE AND A BRAIN WOULDNT HURT!

[Levski1914]

@katie3445, @STOPWAR<br />Since when bombing Tbilisi airport is peacekeeping operation in Osetia?

[sanenazok]

@katie3445: Ossetia is a part of Georgia. Georgian troops moved in to restore order. It would be like France invading Louisiana after hurricane Katrina to protect the "French" citizens. Sure the US didn't handle hurricane recovery very well, but then again that doesn't mean another country should be able to invade it. Georgia has a right to maintain order within its borders just like Russia says it does whenever it's accused of human rights violations.