Home / Blogs

Internet Attacks Against Georgian Websites

Gadi Evron

In the last days, news and government web sites in Georgia suffered DDoS attacks. While these attacks seem to affect the Georgian Internet, it is still there.

Facts:
1. There are botnet attacks against .ge websites.
2. These attacks affect the .ge Internet infrastructure, but it's reachable.
3. It doesn't seem Internet infrastructure is directly attacked.
4. Every other political tension in the past 10 years, from a comic of the Prophet Muhammad to the war in Iraq, were followed by online supporters attacking targets which seem affiliated with the opposing side, and vise-versa.

Up to the Estonian war, such attacks would be called "hacker enthusiast attacks" or "cyber terrorism" (of the weak sort). Nowadays any attack with a political nature seems to get the "information warfare" tag. When 300 Lithuanian web sites were defaced last month, "cyber war" was the buzzword.

Running security for the Israeli government Internet operation and later the Israeli government CERT such attacks were routine, and just by speaking on them in the local news outlets I started bigger so-called "wars" when enthusiasts responded in the story comments and then attacks the "other side".

Not every fighting is warfare. While Georgia is obviously under a DDoS attacks and it is political in nature, it doesn't so far seem different than any other online after-math by fans. Political tensions are always followed by online attacks by sympathizers.

Could this somehow be indirect Russian action? Yes, but considering Russia is past playing nice and uses real bombs, they could have attacked more strategic targets or eliminated the infrastructure kinetically.

Coulda, shoulda… the nature of what's going on isn't clear, but until we are certain anything state-sponsored is happening on the Internet it is my official opinion this is not warfare, but just some unaffiliated attacks by Russian hackers and/or some rioting by enthusiastic Russian supporters.

It is too early to say for sure what this is and who is behind it.

The RBN blog (following the Russian Business Network) is of a different opinion and more here.

Also, Renesys has been following the situation and provides some data.

(Thanks to Paul Ferguson for the URLs)

DDoS attacks harm the Internet itself rather than just this or that web site, so soon this may require some of us in the Internet security operations community getting involved in mitigating the attacks, if they don't just drop on their own.

By Gadi Evron, Security Strategist. More blog posts from Gadi Evron can also be read here.

Related topics: Cyberattack, Cybercrime, DDoS, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

Nominum Announces Future Ready DNS

New from Verisign Labs - Measuring Privacy Disclosures in URL Query Strings

DotConnectAfrica Delegates Attend the Kenya Internet Governance Forum

3 Questions to Ask Your DNS Host about Lowering DDoS Risks

Continuing to Work in the Public Interest

Verisign Named to the OTA's 2014 Online Trust Honor Roll

4 Minutes Vs. 4 Hours: A Responder Explains Emergency DDoS Mitigation

Dyn Acquires Internet Intelligence Company, Renesys

Tips to Address New FFIEC DDoS Requirements

Smokescreening: Data Theft Makes DDoS More Dangerous

dotStrategy Selects Neustar's Registry Threat Mitigation Services for .BUZZ Registry

24 Million Home Routers Expose ISPs to Massive DNS-Based DDoS Attacks

What Does a DDoS Attack Look Like? (Watch First 3 Minutes of an Actual Attack)

Joining Forces to Advance Protection Against Growing Diversity of DDoS Attacks

Why Managed DNS Means Secure DNS

Rodney Joffe on Why DNS Has Become a Favorite Attack Vector

Motivated to Solve Problems at Verisign

Diversity, Openness and vBSDcon 2013

Neustar's Proposal for New gTLD Collision Risk Mitigation

IT Project Management: Best Practices in Small-Scale Engagements

Sponsored Topics