These online attacks were done in coordination with tanks rolling into Georgia, so this is a pretty serious issue beyond the usual cyber threat. It’s been a slaughter so far, but Georgia seems to have some serious infrastructure problems that just made it worse. Though several of the Georgian sites listed in this article seem to be functioning again, so I assume they have been making a lot of progress in the last couple of days.
Also, it looks like this blog here has about your best source of updates for what is happening there.
I’ve heard that some of the Georgian gov sites have been moved to a provider in Atlanta, GA
This seems to me like a good idea from a tactical standpoint, if someone DDoSs sites in the US it could elicit a stronger reaction from US authorities.
Supposedly someone in Tblisi is twittering about it: http://twitter.com/wardirect_en
A journalist from Alaska was wounded by Georgian separtists: http://www.adn.com/news/alaska/story/492611.html
I spoke with an individual on Wednesday who indicated that the DDoS against Georgia was noticed prior to the deployment of troops on the ground.
If you want a better understanding of just what happened. the Arbor Networks Security Blog does a good job of explaining it.
http://asert.arbornetworks.com/2008/08/georgia-ddos-attacks-a-quick-summary-of-observations/
A few quotes:
“These attacks were mostly TCP SYN floods with one TCP RST flood in the mix. No ICMP or UDP floods detected here. These attacks were all globally sourced, suggesting a botnet (or multiple botnets) were behind them.”
“Raw statistics of the attack traffic paint a pretty intense picture. We can discern that the attacks would cause injury to almost any common website.
Average peak bits per second per attack 211.66 Mbps
Largest attack, peak bits per second 814.33 Mbps
Average attack duration 2 hours 15 minutes
Longest attack duration 6 hour”
I was also happy to see them quote Stratfor of who I have been a big fan of for many years now:
“Folks who get Stratfor sitreps and daily intel saw a piece earlier this evening entitled “Georgia, Russia: The Cyberwarfare Angle”. The content is available to subscribers only, or via shared emails.
‘Details of the parallel Russian cyberwarfare campaign against Georgia began to emerge even as Russian tanks appeared on the south side of the Roki Tunnel in South Ossetia on Aug. 8. There is little doubt at this point that a concerted assault took place alongside conventional military operations.’”
I think the Georgia sites were actually based in Atlanta before the attacks. From the linked article.
“We also saw that one of the main servers of government Web sites in Georgia actually had a U.S. server address. We have not been able to contact that server, which is based in Atlanta, for four days, and the whole server has been offline. ”
So their sites weren’t even secure here in the states.
[...] public links >> cyberwar Russia-Georgia Cyberwar Saved by rahen on Mon 22-12-2008 TC_006: Blackhat-Twitter-Cyberwar! Saved by anthonypark on Sun [...]