Declaring cyber-war can be self-deceiving

Declaring cyber-war can be self-deceiving

The level of sophistication and the myriad motives of internet hackers, cyber-nationalists and crime gangs only complicate efforts to pin down who was ultimately responsible for the Georgian government website attacks.

As Russian troops rolled into South Ossetia on August 8, reports spread of cyber-attacks on Georgian government websites that many observers were quick to assume were part of a co-ordinated effort to disrupt the country's internet capabilities. Georgia's political leaders in Tbilisi were also quick to blame Russia but, as the dust settles, it's far from clear if "cyber-war" is the correct term for the online conflict.

It's also likely the attacks were not part of an organised campaign but were instead carried out by an assortment of Russian criminal gangs and hacktivists practising a form of cyber-nationalism.

Computer security experts from around the world are debating the origins of the attacks. There are claims sophisticated computer networks used to deliver spam and phishing scams, and to run extortion rackets against gambling and pornography websites, were engaged in the conflict.

The weapons deployed were predominantly distributed denial of service (DDoS) attacks, which use swarms - often thousands - of hijacked personal computers, known as botnets, to flood websites with hits, causing them to overload.

The botnets are controlled using malicious software programs known as Trojans that unsuspecting PC owners often download through phishing scams common in Australia, the US, Europe and most other parts of the world.

Some experts have argued the attacks on Georgia were co-ordinated between Moscow and the immensely wealthy Russian Business Network (RBN) that sits at the heart of the world's $US100 billion ($114 billion) internet crime industry and controls the infamous Storm botnet.

Others such as former Israeli Computer Emergency Response Team chief Gadi Evron have suggested the attacks, whether perpetrated by the RBN or individuals, show no clear links to the Russian government.

"Could this somehow be indirect Russian action? Yes, but considering Russia is past playing nice and uses real bombs, they could have attacked more strategic targets or eliminated the infrastructure kinetically," Mr Evron blogged at the height of the conflict.

"The nature of what's going on isn't clear, but until we are certain anything state-sponsored is happening on the internet, it is my official opinion this is not warfare but just some unaffiliated attacks by Russian hackers and/or some rioting by enthusiastic Russian supporters."

That view hasn't changed substantially and it even remains disputed that the RBN was involved in the attacks. While the RBN operates one of the largest botnets in the world, it isn't the only one and it's also possible to rent a botnet if you're intent on causing trouble online.

In an article published by the Institute of Electrical and Electronics Engineers (IEEE) Computer Society last year, Rutgers University Department of Library and Information Science chairman Michael Lesk quoted estimates that spammers could rent botnets for between US5¢ and US10¢ a minute.

The renting out of botnets is part of the professionalisation of cyber-crime, an industry which by some accounts now turns over more than $US100 billion a year.

Security software vendor Sophos Asia Pacific managing director Rob Forsyth says that professionalism is making itself felt in increasingly sophisticated attacks such as spear phishing, which is a highly refined version of the phishing scams that have become prevalent.

He also says that the highly traceable nature of some electronic crimes is pushing cyber-crime gangs to hone their skills.

"These [scams] are not things that happen by accident. These are things that happen with malice or forethought, and that requires a level of sophistication and organisation," Forsyth explains.

"It also requires a post-event level of sophistication because, once you actually take money from a bank account, you have a complete money trail. The good guys always say 'follow the money', so the bad guys have a very sophisticated way of making sure the money can't be followed."

That level of sophistication and the myriad motives of internet hackers, cyber-nationalists and crime gangs only complicate efforts to pin down who was ultimately responsible for the Georgian government website attacks.

As a result, experts such as Harvard University Berkman Centre for Internet and Society fellow Ethan Zuckerman urged careful investigation before jumping to conclusions about the perpetrators of cyber-conflicts and question whether such attacks should be called cyber-war at all.

"The rhetoric of 'cyber-warfare' has a reassuring implication - we understand how to fight wars, so surely we can win a cyber-war. Unfortunately, the truth is more complicated," Zuckerman wrote in a blog last week.

"What's frightening about the attacks against Georgia is not that they're organised by shadowy Kremlin forces, but that they're coming from a loosely organised group of individuals."

Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments