David J. Smith*
“Last summer, Russia invaded Georgia on four fronts,” Georgian National Security Council Secretary Eka Tkeshelashvili told a recent Washington conference. “Three of them were conventional—on the ground, through the air and by the sea. The fourth was new—their attacks via cyberspace.” The era of cyber-warfare has begun.
“When a tank crosses our sovereign border,” Tkeshelashvili continued, “there can be no doubt about the transgression. However, when we come under attack via cyberspace, the provenance of this aggression is more difficult to trace.” Indeed, it may take awhile before we even recognize an attack.
Consider all those spam E Mails—counterfeit designer watches, beautiful Russian girls, American “green cards,” sexual enhancement and great deals on stock in fictitious companies. The sons of momentarily distressed Nigerian bankers offer millions in exchange for our bank account numbers and passwords.
Just as we encounter pickpockets and car thieves in the street, we find E-criminals in cyberspace.
The BBC Television program Click recently aired some of the basic cyber-crime techniques. “For a short time in February,” says Click Presenter Spencer Kelly, “I had complete control over 21,696 personal computers around the world.” As many as a million computers have been lashed together in so called botnets, all under the direction of a single controller. “The biggest botnet around at the moment, the Mega-D,” Kelly continues, “sends out an unbelievable 28 million spam messages every minute.”
The BBC found many botnets “to buy or rent from cyber-criminals hiding behind fake usernames and the non-cooperation of authorities across international borders.”
When you have trouble accessing a site to check your bank balance or to help your daughter with her homework it is because too many people at that moment are trying to access that site. Usually, trying a bit later solves the problem. However, imagine someone malevolently employing a botnet to swamp a site. This is a Distributed Denial of Service (DDoS) attack. With a botnet of just 60 computers, the BBC brought down a security company’s website.
They did this legally in cooperation with the security company to prove a point for television. Imagine much larger botnets controlled by criminal fingers. Or imagine a large hostile power using botnets against a tiny neighbor. “It may seem like science-fiction,” says Kelly, “but armies of remote-controlled bots are a reality.”
Such a bot-army attacked Georgia last summer.
Tkeshelashvili described the army: “‘Soldiers’: the professional planners, computer scientists, engineers and other implementers, including the military itself…‘Mercenaries.’ These are the criminal organizations paid to carry out certain elements of the attacks…‘Volunteers.’ These are the individuals with PCs who are recruited to carry out attacks.”
Based on the BBC’s findings, some of the “volunteers” are altogether unwitting. “I could have made their computers do anything I wanted without anyone knowing,” says Kelly of his television experiment.
According to Tkeshelashvili, “DDoS attacks began in the weeks before the Russian invasion and continued even after the Kremlin announced that it had ceased hostilities.” The attacks blocked Internet communications, crippled Georgian government fileservers, defaced websites, established counterfeit sites and degraded telephonic communications, she said.
Private analysts add that fraudulent transaction attempts overwhelmed Georgian bank computers, spurring foreign commercial institutions to cut links with Georgia in self-defense.
Of course, one of the advantages of cyber-war is that it is hard to trace. But no one believes that a gaggle of Indonesian teenagers or Colombian narcotraficantes struck Georgia through the Ethernet just as Russian tanks prepared to strike through the Roki Tunnel.
Moreover, the attack was too well coordinated to come from Russian “hacktivists” alone, although many such individual malefactors took their cues from sites like stopgeorgia.ru.
“It smells like a three-letter intelligence agency’s propaganda arm,” writes Dancho Danchev, an independent security consultant, in an August 11 blog on ZDNet.
“There is plenty of evidence that the attacks were directly organized by the Government of Russia,” Tkeshelashvili told Wired News before her conference appearance. “The primary orchestrator,” she told the conference, “was the Russian Business Network (RBN),” directing things from Saint Petersburg.
RBN was a group of cybercriminals with ties to Russian Prime Minister Vladimir Putin, Stephen Spoonamore of Global Strategic Partners told Internet News.com. RBN has evaporated into the Ethernet, but they and their ilk will always find benefactors—criminals or aggressor states.
The era of cyber-warfare has begun. Cyber-warfare can terrorize, isolate, demoralize and cast a country into disarray as a precursor to physical invasion. However, as Georgia and its cyber-allies showed last summer, a cyber-attack can also be defeated. Public awareness will undermine the psychological value of a cyber-attack. Moreover, just as tanks and fighter aircraft can be countered with anti-tank and anti-
aircraft missiles, cyber-attacks can be countered by good preparation and the keystrokes of computer experts.
The point is that we must never yield to bullies, whether they wield tanks or PCs.
(Published in Tbilisi 24 Saati March 24, 2009)
*David J. Smith is Director, Georgian Security Analysis Center, Tbilisi, and Senior Fellow, Potomac Institute for Policy Studies, Washington.
The Fourth Front: Russia’s Cyber-attack on Georgia