CircleID

This is an update of my previous post on the subject.

To be honest here, no one truly knows what's going on in Georgia's Internet except for what can be glimpsed from outside, and what has been written by the Georgians on their blog (outside their country). They are probably a bit busy avoiding kinetic bombing.

As mentioned in the previous post, Renesys has been following the Georgian links, which seem to be there, but occasionally drop due to possibly power failures.

Shadowserver and others have been following the botnets attacking the Georgians web sites, and that is confirmed as happening.

According to Dancho Danchev, there have also been some defacements, which he describes.

So — it is clear their web sites are under attack, and that Internet visibility-wise, the impact is real for the Georgians. And yet, it is simply too early and there is not enough information to call this an Internet war. It is too early to establish motive or who the perpetrator is, however much we may want to point fingers.

Following every, and any political or ethnic tension, world-wide, an online aftermath comes, in the form of attacks, defacements, and enthusiast hackers swearing at the other side (which soon does the same, back).

While Georgia's suffering is real, such attacks are nothing but routine here in Israel. When I ran the defense for the Israeli government Internet operation and then the Israeli government CERT, such attacks would occur daily. Hackers on the other side would band together, talk, coordinate a date, exchange tools, and attack.

While I apologize for the analogy, post-9/11 Israelis were shocked. We were sympathizing and crying for the victims. What we did not understand was why people were still shocked ten minutes past, as this was a normal every-day life happening for us over here. The same applies for cyber-space, the Internet — we are used to this.

The difference in this attack was that the Georgian authorities, like numerous others around the world still aren't, were not prepared to face and fend against such an attack.

In my article "Fighting Botnets and Online Mobs” for the Georgetown Journal of International Affairs covering the Internet war in Estonia, I state how our opponents will no longer be just countries, or even organizations as Martin van Creveld once predicted ahead of his time, but that on the Internet playing field any individual or loosely affiliated group can be a player, affecting countries and yes, corporations as well.

The best article describing the events so far is by John Markoff at the New York Times.

By Gadi Evron, Security Strategist. Visit the blog maintained by Gadi Evron here.

Related topics: Cyberattack, Cybercrime, Security