CircleID

Part of Georgia's information warfare campaign was aiming to minimize the bandwidth impact on its de-facto media platforms such as the website of their Ministry of Foreign Affairs. I've just received a report [PDF] on "Russian Invasion of Georgia," titled "Russian Cyberwar on Georgia" which is quoting me on page 4 regarding "too good to be courtesy of Russia's cyber militia” creative that appeared on the defaced Georgian President's website. The report also includes DDoS attack graphs and related details worth going through:

The last large cyberattack took place on 27 August. After that, there have been no serious attacks on Georgian cyberspace. By that is meant that minor attacks are still continuing but these are indistinguishable from regular traffic and can certainly be attributed to regular civilians.

On 27 August, at approximately 16:18 (GMT +3) a DDoS attack against the Georgian websites was launched. The main target was the Georgian Ministry of Foreign Affairs. The attacks peaked at approx 0,5 million network packets per second, and up to 200-250 Mbits per second in bandwidth (see attached graphs). The graphs represent a 5-minute average: actual peaks were higher.

The attacks mainly consisted of HTTP queries to the http://mfa.gov.ge website. These were requests for the main page script with randomly generated parameters. These requests were generated to overload the web server in a way where every single request would need significant CPU time.

The initial wave of the attack disrupted services for some Georgian websites. The services became slow and unresponsive. This was due to the load on the servers by these requests. As you see from the graphs above the attacks started to wind down after most of the attackers were successfully blocked. The latest attack may have been initiated as a response to the media coverage on the Russian cyber attacks.

In case you're interested in more factual evidence about what was happening at that particular moment in time, go through the following assessments: "Coordinated Russia vs. Georgia cyber attack in progress”; "The Russia vs. Georgia Cyber Attack”; "Who's Behind the Georgia Cyber Attacks?”; "Georgia President's web site under DDoS attack from Russian hackers”.

By Dancho Danchev, Independent Security Consultant. Visit the blog maintained by Dancho Danchev here.

Related topics: Cyberattack, Cybercrime, DDoS, Security