Did Russia launch Denial of Service Attacks against Georgia?
At 3:00 am Saturday morning I tried accessing Georgia's main government and presidential websites and received a "network timed out" message. I confirmed with Siteuptime that the sites were indeed down.
I suspected it might be a Denial of Service Attack (DDoS). After some research I found that Russia had already attacked the Georgian president's website on July 22 earlier this year:
For over 24 hours the website of President Mikhail Saakashvili of Georgia (www.president.gov.ge) has been rendered unavailable due to a multi-pronged distributed denial of service (DDoS) attack. The site began coming under attack very early Saturday morning (Georgian time). Shadowserver has observed at least one web-based command and control (C&C) server taking aim at the website hitting it with a variety of simultaneous attacks. The C&C server has instructed its bots to attack the website with TCP, ICMP, and HTTP floods. Commands seen so far are:
The server [126.96.36.199] which houses the website has been largely offline since the attack started. Passive DNS records show the system houses several other websites which are mostly unrelated to the Georgian government. However, the server does also host the Social Assistance and Employment State Agency website (www.saesa.gov.ge). This website along with the others on the host have been rendered inaccessible.
We do not have any solid proof that the people behind this C&C server are Russian. However, the HTTP-based botnet C&C server is a MachBot controller, which is a tool that is frequently used by Russian bot herders. On top of that the domain involved with this C&C server has seemingly bogus registration information but does tie back to Russia. “
Richard Stiennon from Network World's community blog speculated that Russia will renew this attack:
Over the past year+ Russia has engaged in all out Denial of Service Attacks (DDoS) against two of its neighbors, Estonia and Ukraine. Cyber attacks against Georgia would be militarily appropriate considering that they are reportedly sending 150 tanks and associated troops( I mean peace keepers) across the border. And, for that matter, Georgia has probably studied Russia’s cyber techniques and prepared its own strategic cyber attack capability.
Richard argues that the world should prepare for spill over effects, as Russia might engage in DDoS attacks against news outlets (like CNN) covering the current conflict. If you rely on web based resources you should prepare for alternatives, says Richard.
Richard didn't actual see the Georgian sites go down but his prediction seems to be coming true.