ArticlePDF Available

The 2008 Russian Cyber-Campaign Against Georgia

Authors:

Abstract and Figures

In August 2008, the Russian Army invaded georgia. numerous, coordinated cyber attacks accompanied the military campaign. this represents the first instance of a large-scale computer network attack (CNA) conducted in tandem with major ground combat operations. The attack had no direct connection to the Russian government, but had a significant informational and psychological impact on Georgia: it effectively isolated the Caucasus state from the outside world. Security experts have identified two phases of the Russian cyber cam-paign against Georgia. The first phase commenced on the evening of 7 August when Russian hackers targeted Georgian news and government websites. 1 Russian Military Forecasting Center official Colonel Anatoly Tsyganok said these first actions were a response to Georgians hacking South Ossetian media sites earlier in the week. 2 The fact that the alleged counterattacks occurred only one day prior to the ground campaign has led many security experts to suggest that the hackers knew about the date of the invasion beforehand. In the first phase of the attack, the Russian hackers primarily launched distributed denial of service (DDoS) attacks. A denial of service attack is a cyber attack that attempts to prevent the legitimate use of a computing resource. When multiple computers achieve this goal, a distributed denial of service attack has occurred. One way to categorize DDoS attacks is to differentiate between semantic and brute force attacks. A semantic DDoS takes advantage of either a feature or bug in some software on the target system. A brute force (or "flooding") DDoS attack occurs when the target system receives more Internet traffic than it can handle, which exhausts the command and control resources of the server, rendering it unavailable. 3 The DDoS attacks during this phase were primarily carried out by botnets. 4 A botnet is a group of computers on the Internet (termed "bots" or "zombies") that have been infected with a piece of software known as malware. The malware allows a computer "command and control" server to issue commands to these bots. Often, botnets launch spam email Captain Paulo Shakarian is an as-sistant professor in the Department of Electrical Engineering and Computer Science at the U.S. Military Academy (USMA). He holds a B.S. from USMA and an M.S. and Ph.D. from the University of Maryland. He served two tours in Iraq in various military intelligence positions. PHOTO: Russian soldiers are seen atop an armored vehicle in the breakaway Georgian Province of South Ossetia, 8 August 2008. (AP Photo/Musa Sadulayev)
No caption available
… 
Content may be subject to copyright.
A preview of the PDF is not available
... július végétől (hetekkel Grúzia orosz fegyveres erők általi megtámadását megelőzően) számos kibertámadás ért grúz kormányzati honlapokat, médiumok online felületeit, elérhetetlenné téve azokat, vagy tartalmukat megváltoztatva. Ez volt az első olyan kombinált csapásmérés-sorozat, amelynek során kinetikus és kiberfegyvereket egyidejűleg használtak [8]. Oroszország minden fórumon tagadta, hogy állami részvétellel történtek volna a kibertámadások. ...
... Így szorosan vett értelemben kiberhadviselésről is csak akkor beszélhetünk, ha az fegyveres erő által végrehajtott. 8 Védekező műveletek során is szükséges lehet a támadási képesség és a támadás -akár válaszlépésként, akár megelőzésként. Ugyanúgy lehetséges, hogy kibertámadásra kinetikus válaszcsapás szülessen, ami sokáig teoretikus lehetőség volt csupán, ám 2019. ...
... A források egy része a kártevőt "NoPetya" néven, míg egy másik része "NotPetya" néven említi. 8 A hadtudományi és jogi kérdésekkel e tanulmány második része foglalkozik részletesebben. 9 Hamász -arab kifejezés mozaikszava, jelentése: Iszlám Ellenállási Mozgalom. ...
Article
Full-text available
It is essential to have a proper definition of cyberspace as it is the foundation of the proper understanding operations being performed therein. The increasing role of state actors both on the defensive and on the offensive side together with the economic and political risks and interconnections further emphasise the importance of cyberspace. Through critical infrastructures, infocommunication systems and artificial intelligence, cyberspace became an integral part of our day-to-day lives. Cyberspace will keep changing its role due to future technological advancements – that is why we should understand its evolution curve.
... The growth of the internet of things in the twenty-first century is a growing cyber-attacks nightmare [109]. The historical events have proved that cyberattacks (warfare) activities with the involvement of military and non-military weaponisation [110]. ...
Thesis
Full-text available
Cyber-attacks are the use of network and computer-based attacks to critical infrastructures and services that compromise the confidentiality, integrity, and availability to further the persona, political, economic, and military goals of the attackers. The nature and forms of cyber-attacks include infrastructure sabotage, financial fraud, denial-of service, data modification or deletion, theft of trade secrets and propaganda. Cyber-attacks can cause harm directly or indirectly to connected systems using botnet command control operators, organised criminal groups, hackers, insiders, and state-sponsored hackers using distributed denialof-service attacks, Malware attacks, viruses and many more. This paper reports the results from the private and public sectors in Zambia that comprises the Health; Consumer Products; and Services; Manufacturing, Mining, Construction and Engineering; public sectors; Energy (Power, utility); ICT and Telecoms; and Banking and Finance. The study aimed at identifying whether Zambia utilises cyber-attacks preparedness strategy resources in an optimal manner to protect various assets. The study shows that Zambian private and public sectors have low-level compliance and have experienced cyber-attacks which indicated only 10% could recover from the attacks within a day and the rest it will require days, weeks, and months to recover. That calls for considered efforts in developing measures for mitigation of these challenges in order to ensure national cyber-attacks preparedness defence strategy. The study showed that the majority of organizations have understaffed cybersecurity personnel. The study shows less than 50% of the staff have cybersecurity training and 48.2% have the right skills. The study shows IT personnel manages cybersecurity instead of cybersecurity experts as a resulting weakness in the security postures. The study indicated 70% availability of formal policies, documents, rules, and controls aimed at strengthening the security against cyber-attack is likely to yield more results if only the issues covered in the policies are implemented fully. The study shows 63% of the Organisations adopted cybersecurity frameworks or standards but the implementation is not in effect. However, this is likely to be weakened by the lack of reporting procedures of any suspicious or real cybersecurity breach, and the lack of a cyber-security emergency response team, as revealed by the results of this study. This, therefore, calls for the need to develop a framework, based on the findings of this study that would specifically be tailored with other best frameworks and best practices towards addressing the problems of cybersecurity in Zambia. Keywords: Cybersecurity, Cyberwarfare, framework, Critical infrastructure and services, cyberattacks, model, hacker
... 57 The following year, similar DOSS attacks were used against the Georgian state and its communication networks, in advance of Russian military operations. 58 More recently, Russian cyberops were linked to power outages across parts of Ukraine in December 2015. While the Ukrainian attacks were not well-publicized, they were very worrying for infrastructure experts as a demonstration of both how well prepared Russian cyberops could be (the attack required some six months of preparation), and how vulnerable Western and American utilities could be to energy security disruption. ...
Conference Paper
Full-text available
The Arctic has been reemerging as a major security theater. The military shifts of Russian forces, energy security efforts of Shell Oil, and ecosystem and geophysical shifts from climate change have drawn the attention of security planners and some International Relations scholars. Human security risks of climate change in the Arctic are often overshadowed by the attention given to potentially greater access to resources and transport routes. The nations interested or involved in the Arctic issues have yet to address – in political and operational terms – the complex risks that climate change poses in the region. This paper addresses applied international security frames and methodologies that can assess complex risks and high uncertainties, particularly by military and intelligence agencies. Rather than relying on state-centered security and predictive models, the most usefully applied approaches combine variants of human security with scenario planning and risk assessment. Drawing on the experience of US security efforts in this area, the paper outlines the role of International Relations scholars and other scientists in applying such approaches and fostering both academic and policy cooperation.
Chapter
This material is based on work supported by the U.S. Office of Naval Research, Grant No. N00014-09-1-0597. Any opinions, findings, conclusions or recommendations therein are those of the author(s) and do not necessarily reflect the views of the Office of Naval Research.
Article
Full-text available
In this article, we provide an introduction to simulation for cybersecurity and focus on three themes: (1) an overview of the cybersecurity domain; (2) a summary of notable simulation research efforts for cybersecurity; and (3) a proposed way forward on how simulations could broaden cybersecurity efforts. The overview of cybersecurity provides readers with a foundational perspective of cybersecurity in the light of targets, threats, and preventive measures. The simulation research section details the current role that simulation plays in cybersecurity, which mainly falls on representative environment building; test, evaluate, and explore; training and exercises; risk analysis and assessment; and humans in cybersecurity research. The proposed way forward section posits that the advancement of collecting and accessing sociotechnological data to inform models, the creation of new theoretical constructs, and the integration and improvement of behavioral models are needed to advance cybersecurity efforts.
Article
Full-text available
While much focus has remained on the concept of cyberwar, what we have been observing in actual cyber behaviour are campaigns comprised of linked cyber operations, with the specific objective of achieving strategic outcomes without the need of armed attack. These campaigns are not simply transitory clever tactics, but strategic in intent. This article examines strategic cyber competition and reveals how the adoption of a different construct can pivot both explanation and policy prescription. Strategy must be unshackled from the presumption that it deals only with the realm of coercion, militarised crisis, and war in cyberspace.
Chapter
Full-text available
Article
For the states with advanced technology, effective use of electronic warfare and cyber warfare will be the main determining factor of winning a war in the future's operational environment. The developed states will be able to finalize the struggles they have entered with a minimum of human casualties and minimum cost thanks to high-tech. Considering the increasing number of world economic problems, the development of human rights and humanitarian law it is easy to understand the importance of minimum cost and minimum loss of human. In this paper, cyber warfare and electronic warfare concepts are examined in conjunction with the historical development and the relationship between them is explained. Finally, assessments were carried out about the use of cyber electronic warfare in the coming years.
Article
Full-text available
In early February 2007, security communities became aware of a major sports event website distributing malware.1 It infected visitors through a well-known technique at the time, which was a VML exploit targeting Internet Explorer browsers. Any visitors running Internet Explorer without the VML patch could be infected with the trojan.
Article
Full-text available
Distributed denial-of-service (DDoS) is a rapidly growing problem. The multitude and variety of both the attacks and the defense approaches is overwhelming. This paper presents two taxonomies for classifying attacks and defenses, and thus provides researchers with a better understanding of the problem and the current solution space. The attack classification criteria was selected to highlight commonalities and important features of attack strategies, that define challenges and dictate the design of countermeasures. The defense taxonomy classifies the body of existing DDoS defenses based on their design decisions; it then shows how these decisions dictate the advantages and deficiencies of proposed solutions.
Article
Supervisory Control and Data Acquisition, otherwise known as SCADA, is a system for gathering real time data, controlling processes, and monitoring equipment from remote locations. As more companies are implementing an open SCADA architecture through the Internet to monitor critical infrastructure components such as power plants, oil and gas pipelines, chemical refineries, flood control dams, and waste and water systems, vital systems are becoming increasingly open to attack. This paper provides an overview of SCADA, outlines several vulnerabilities of SCADA systems, presents data on known and possible threats, and provides particular remediation strategies for protecting these systems.
Article
The August 2008 Russian-Georgia conflict was the first Russian full-scale use of force against a former member of the Soviet Union. This paper looks at the August conflict solely from the vantage point of the Russian press, in particular the views of military officers or military journalists. The findings offer insights into the information war conducted in the Russian press, the continued suspicion of Russia about US actions in the area, and the strengths and weak-nesses of Russia's armed forces. Russia's rational for supporting South Ossetia, that "if Georgia can break away from the Soviet Union, why can't South Ossetia break away from Georgia?" indi-cates that this may not be the last development of its kind that Russia supports. The Crimea and Transdniester come immediately to mind.
Overview by the US-CCU of the Cyber Campaign Against Georgia in August of 2008
  • John Bumgarner
  • Scott Borg
John Bumgarner and Scott Borg, Overview by the US-CCU of the Cyber Campaign Against Georgia in August of 2008. U.S. Cyber Consequence Unit Special report, august 2009, 2.
Note that this is an english version of the article provided by the website
  • John Bumgarner
  • Scott Borg
John Bumgarner and Scott Borg, Overview by the US-CCU of the Cyber Campaign Against Georgia in August of 2008. U.S. Cyber Consequence Unit Special report, august 2009, 2. 2. anatoly tsyganok, "informational warfare-a Geopolitical reality," Strategic Culture Foundation online magazine, 5 November 2008, <http://rbth.ru/ articles/2008/11/05/051108_strategic.html> (16 October 2010). Note that this is an english version of the article provided by the website. "South Ossetian News Sites Hacked," Civil.ge Daily News Online, 5 august 2008, <http://www.civil.ge/eng/article. php?id=18896> (16 October 2010).
Georgia DDoS attacks-a Quick Summary of Observations
  • Jose Nazario
Jose Nazario, "Georgia DDoS attacks-a Quick Summary of Observations," arbor Sert (Security engineering and response team), 12 august 2008, <http:// asert.arbornetworks.com/2008/08/georgia-ddos-attacks-a-quick-summary-ofobservations/> (16 October 2010).
lessons from the russia-Georgia Cyberwar
  • Kenneth Corbin
Kenneth Corbin, "lessons from the russia-Georgia Cyberwar," internetnews. com: Real time IT News, 12 March 2009, <http://www.internetnews.com/government/article.php/3810011/lessons-From-the-russia-Georgia-Cyberwar.htm> (16 October 2010).
Coordinated russia vs. Georgia Cyber attack in Progress
  • Dancho Danchev
Dancho Danchev, "Coordinated russia vs. Georgia Cyber attack in Progress,"
Danchev. 14. Carr, 84. 15. ibid, 15. 16. evgeny Morozov, "army of Ones and Zeros: How i became a soldier in the Georgia-russia Cyberwar
  • Johannes B Ullricha
  • Jason Lamb
Johannes B. Ullricha and Jason lamb, "Defacing websites via SQl injection," Network Security, vol. 2008, issue 1, January 2008, 9-10. 13. Danchev. 14. Carr, 84. 15. ibid, 15. 16. evgeny Morozov, "army of Ones and Zeros: How i became a soldier in the Georgia-russia Cyberwar," Slate, 14 august 2008, <http://www.slate.com/ id/2197514> (16 October 2010).