Update: Cyberattacks against Georgia

Many experts think that the Russian government may not be directly involved.

Published August 14, 2008 10:00PM (EDT)

Regarding my post from Tuesday about the cyberwar situation in Georgia, more skepticism is emerging about the Russian government's involvement in the attacks, and its failure to take the more decisive action of unplugging the Georgians entirely. That ChannelWeb story mentions security expert Gadi Evron's posts over at CircleID, where he asserts that "it doesn't seem Internet infrastructure is directly attacked." Similarly, the folks at the Information Warfare Monitor conclude:

Active route hijacking by Russian hackers, redirecting traffic to Russian telecom operators. If confirmed it would suggest that Russia ISPs are capable of enforcing an information blockage against a "cyber-locked" Georgia. This now appears implausible.

(And I can't believe I missed the Wired Danger Room pointer to this diagram, which lays out Georgia's Internet connections in detail.) Evron also points out a caveat against the seemingly irresistible desire to declare the most recent conflict to be "the world's first cyberwar":

Every other political tension in the past 10 years, from a comic of the Prophet Muhammad to the war in Iraq, [was] followed by online supporters attacking targets which seem affiliated with the opposing side, and vice versa.

He compares the latest first cyberwar ever to the Russia-Estonia event, and tentatively chalks it up to Russian partisans self-organizing the attack. That type of perpetrator would likely not feel bound by any cease-fire agreement, as it appears they are not.

In the comments here, paulpsd7 astutely points out that the Russian government might have resisted pulling the plug on Georgia to avoid showing its hand in the attacks. In other words, we're now thinking exactly what they wanted us to think. But since they seem to have been inflicting actual physical attacks on Georgia without much fear of approbation from the international community, it's not clear to me why they'd be worried about being fingered for the cyberattacks.

Update: Ethan Zuckerman at WorldChanging has written the most comprehensive post to date summarizing and dissecting the Russia-Georgia reputed cyberwar and its media coverage. Down in the post, he points to the Renesys Blog, which specifically tackles the issue of the actual physical Internet connections coming in and out of Georgia. There they have an even more definitive take on the lack of plug-pulling by Russia:

When you consider the geography of the region, Georgia has few options for connectivity via land routes, namely Turkey, Armenia, Azerbaijan, and Russia. As it turns out, most of those 309 Georgian prefixes get routed via Turkey's TTnet (AS 9121) or Azerbaijan's Delta Telecom (AS 29049). Traffic to Delta Telecom then heads to Russia via TransTelCom (AS 20485). During the hostilities, we've seen no significant changes in routing. In particular, we saw no apparent attempts to limit traffic via Russia, but then again, most traffic from Georgia seems to currently transit Turkey.

We'll probably never know what role, if any, the Russian government played in the cyberattackes on Georgia. But there seems to be a pretty well-founded opinion that they didn't take the more significant step -- and I would argue, the one that would constitute a much more explicit act of "cyberwarfare" -- of physically disconnecting their neighbor.


By Evan Ratliff

Evan Ratliff is a contributing editor to Wired magazine, and the co-author of "Safe: The Race to Protect Ourselves in a Newly Dangerous World."

MORE FROM Evan Ratliff


Related Topics ------------------------------------------