In a much noticed article today, the NYTimes notes that, weeks before the gunfire, cyberattacks hit Georgia:
Jose Nazario of Arbor Networks in Lexington noticed a stream of data directed at Georgian government sites containing the message: “win+love+in+Rusia.”
Other Internet experts in the United States said the attacks against Georgia’s Internet infrastructure began as early as July 20, with coordinated barrages of millions of requests — known as distributed denial of service, or D.D.O.S., attacks — that overloaded and effectively shut down Georgian servers. […]
As it turns out, the July attack may have been a dress rehearsal for an all-out cyberwar once the shooting started between Georgia and Russia. According to Internet technical experts, it was the first time a known cyberattack had coincided with a shooting war.
Salon’s Evan Ratliff tells us where the Georgian government turned after the botnet-driven denial of service attacks:
The first option was Google-owned Blogger, which now hosts a replacement site from the Ministry of Foreign Affairs (whose main site was at one point defaced with a photo collage of Georgian President Mikheil Saakashvili alongside Hitler, but as of now is back up).
The more oddly serendipitous outcome, however, is that the Russian president’s official Web site is now being hosted in the United States, by Atlanta-based Tulip Systems. The Associated Press reported in a short story Monday that Tulip CEO Nino Doijashvili, a native Georgian (the country), happened to be vacationing there when the fighting broke out.
So who’s behind the attacks? Monday the WSJ found investigators claiming the St. Petersburg-based criminal gang Russian Business Network was responsible. Wired’s Danger Room found skeptics; the NYTimes says the evidence remains unclear.
Salon’s Ratliff talks with a security expert who raises another question:
Since most of Georgia’s Internet connections likely originate in Russia, why wouldn’t the Russians just unplug the Georgians? It would seem at least as effective as denial of service attacks. The New York Times Bits blog reports that Georgia has connections through only Russia and Turkey, although the CIA World Factbook, at least, doesn’t list a Turkey-Georgia fiber connection. At least one major cable into Georgia (as of 2002, it was the only one) originates from Soti, Russia. A planned cable to Bulgaria via the Black Sea isn’t yet complete. But it’s possible, of course, that the government is predominantly utilizing a satellite link.
Wired’s Danger Room and ZDnet’s Zero Day are among those tracking developments.