Conflict between Russia and Georgia turns to cyber warfare

Filed Under: Malware

Regular readers of the Sophos website will be no strangers to the rumours and accusations that have flown around for years, alleging that countries use the internet to engage in cyber warfare and espionage.

For instance, in September 2007, the Financial Times reported that the Chinese military were being blamed for a cyberattack which targeted a Pentagon computer system serving the office of US defense secretary Robert Gates. The FT reported that the People's Liberation Army (PLA) had been named as the likely perpetrators of the attempted hack.

Earlier this year, we reported how the German foreign intelligence service had been accused of spying on a ministry in Afghanistan, and how the governments of Belgium and India had pointed the finger at China for attacks against official computer systems.

Things have recently heated up, however, as anyone who keeps a close eye on the newspapers will know. Nobody can fail to be saddened by the news of how the long-running dispute over the Georgian breakaway region of South Ossetia, has escalated into a full-blown conflict involving Russian and Georgian forces.

There are plenty of places where you can read on the net about the latest news coming from the region. However, I thought it might be interesting to document how this modern war has also spilled into internet skirmishes. Although we have not yet seen specific malware or spam campaigns related to this ongoing news story, there is evidence of hackers using the internet to disrupt and deface the websites of the opposing forces.

Here is a timeline of what we have seen so far:

8 August 2008
According to the Russian press, the website of South Ossetian government was attacked with a distributed denial of service (DDoS) attack. This followed in the hours after Georgian forces fired artillery shells at South Ossetian villages.

9 August 2008
As reported by Georgian sources, the Georgian Ministry of Foreign Affairs website was defaced by hackers, who replaced it with a collage of photographs of Georgian president Mikheil Saakashvili and Adolf Hitler.

Some hacked websites were defaced with images of Georgian president Mikheil Saakashvili and Adolf Hitler.

Other Georgian websites which also suffered hacker attacks included the Ministry of Internal Affairs, the Ministry of Defense, and the website of the Ossetian Government in Exile. In addition, the National Bank of Georgia was defaced and Georgian news portals are also said to have been on receiving end of DDoS attacks.

11 August 2008
Media reports (in English and Russian) claim that Russian news agency RIA Novosti suffered a denial-of-service attack making it very slow to respond. Other sites are also believed to have been disrupted.

This blog isn't the place to discuss who is right and wrong in the dispute, all we can hope is that the conflict does not broaden, and that there is a peaceful and swift resolution.

We'll keep you informed if the current spate of defacements and DDoS attacks spill into a broader internet attack that could affect computer users in other countries.

Map credit:

, , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley