Part 2 (1/2)
The Way Forward.
If I were asked what I hoped to accomplish with this collection of facts, opinions, and a.s.sessments about cyber warfare and its various permutations, my answer would be to expand the limited thinking of senior leaders.h.i.+p and policymakers surrounding the subject and to instigate a broader and deeper conversation in the public sphere. This book will probably feel more like a collection of essays or an anthology by different authors than a cohesive story with a clean development arc. In part, that's because of the nature of the beast. When it comes to how attacks orchestrated by a myriad of parties across globally connected networks are impacting national security for the United States and other nation-states, we're all like blind men describing an elephant. The big picture sort of eludes us. My hope for this book is that it will inform and engage the reader; inform through the recounting of incidents and actors stretching across multiple nations over a period of 12 years up to almost the present day (Thanksgiving 2011) and engage by firing the reader's enthusiasm to get involved in the debate on every level-local, state, and national. If it raises almost as many questions as my contributors and I have attempted to answer, I'll feel like the book accomplished its mission.
Chapter 2. The Rise of the Nonstate Hacker..
List of first goals for attacks is published on this site: ponent of the Russia-Georgia conflict of 2008.
Anatoly Tsyganok is a retired officer who's now the director for the Center of Military Forecasting at the Moscow Inst.i.tute of Political and Military a.n.a.lysis. His essay ”Informational Warfare-a Geopolitical Reality (en.fondsk.ru/article.php?id=1714)” was just published by the Strategic Culture Foundation. It's an interesting look at how the July and August cyber war between Russia and Georgia was viewed by an influential Russian military expert. The full article discusses information warfare, but this portion focuses on the cyber exchange: Georgia was also the first to launch an attack in cybers.p.a.ce. When Tskhinvali was sh.e.l.led on August 8 the majority of the South Ossetian sites were also knocked out. Later Russian media including Russia Today also came under cybers.p.a.ce attacks. The response followed shortly as the sites of the Georgian President, parliament, government, and foreign ministry suffered malicious hacks. The site of Georgian President Saakashvili was simultaneously attacked from 500 IP-addresses. When the initially used addresses were blocked, the attacks resumed from others. The purpose was to render the Georgia sites completely inoperable. D.D.O.S. attacks overload and effectively shut down Internet servers. The addresses from which the requests meant to overload sites were sent were blocked by specialists from the Tulip Systems, but attacks from new 500 addresses began in just minutes. Cleaning up after a cybers.p.a.ce attack took an average of 2 hours.
Part of what's so interesting about this excerpt is Tsyganok's choice of words. He clearly states that Georgia launched a cyber attack against Russia first. This presents the attack as a state action rather than a civilian one. He then carefully states the Russian response, i.e., ”the response followed shortly.” Since the subject of this exchange is two states warring, ”the response followed shortly” implies a state response rather than a spontaneous gra.s.sroots action of so-called hacktivists.
Tsyganok's depiction of events manages to underscore the Russian government's practice of distancing itself from the nationalistic hacker community, thus gaining deniability while pa.s.sively supporting and enjoying the strategic benefits of their actions.
The Foundation for Effective Politics' War on the Net (Day One).
Pravada.ru printed an article by Maksim Zharov of the Foundation for Effective Politics (FEP) ent.i.tled ”Russia Versus Georgia: War on the Net-Day One” on August 9, 2008. Zharov is also one of the authors of the book Chronicles of Information Warfare and used to work for Nikita Ivanov, then deputy chief of the Administration for Interregional and Cultural Ties With Foreign Countries of the President's Staff and supervisor of the pro-Kremlin youth movements (i.e., Nas.h.i.+). (Zharov earlier published (through Yevropa) an instruction manual for bloggers who want to ”fight the enemies of Russia” in the blogosphere.) The Foundation for Effective Politics is a Kremlin-friendly organization created by Gleb Pavlovsky, one of the earliest adopters of the Russian Internet for state propaganda purposes. You can read more on Pavlovsky and the FEP in Chapter 11.
Zharov comments on the use of the Russian youth movements to wage warfare on the Net. This was repeated by the administrator of the StopGeorgia.ru forum in the following announcement to its members.h.i.+p on August 9, 2008, at 3:08 p.m.: Let me remind you that on August 8, leaders of several Russian youth movements have signed the statement which calls for supporters to wage information war against the President of Georgia Michael Saakashvili on all Internet resources.
Zharov elaborates on this fact by referring to an event in the city of Krasnoyarsk where a joint statement by the leaders of Russian youth movements announced: We declare information war on the Saakashvili regime. The Internet should oppose American-Georgian propaganda which is based on double standards.
He names Nas.h.i.+ as one such organization whose leaders have close ties with the Kremlin and whose members have been involved in these Internet wars, both in Estonia and Georgia.
Internet warfare, according to Zharov, was started by Georgian hackers attacking South Ossettian websites on August 7, one day before the Russian invasion.
The South Ossetian site cominf.org reported in the afternoon of August 7 that because of a DDoS attack, the Ossetian sites were often inaccessible for long periods. In order to relieve them, an additional site, tskhinval.ru, had to be set up. In addition, a fake site of the Osinform news agency, , created by Georgia, appeared.
Zharov's personal preference for information about the Georgian war was LiveJournal, known in Russian as ZhZh (Zhivoy Zhurnal), particularly the georgia_war community. It contained, in Zharov's words, ”a fairly objective indicator of the state of affairs on the Internet front, in which the most diverse opinions are published.”
One of the more interesting things that Zharov wrote in ”Russia Versus Georgia: War on the Net. Day Three,” published in Moscow Pravda.ru in Russian August 11, 2008, was his conjecture about which nation had the capability to launch a DDoS attack of the size seen during the five-day war: In general, many people are forming the impression that these attacks are certainly not the work of Georgian hackers.
And to be honest, I do not believe that the Russian military have a special service that swamped all of the Georgian websites even more quickly on the very day of the unexpected attacks by the Georgians.
However, in the United States, such sub-units of cyber troops were created many years ago (emphasis added).
So Zharov acknowledges their involvement in organizing an ”information war” against Georgia, but he completely ignores their involvement in the cyber war, and he instead speculates that the only military force that has the capability of ”swamping all of Georgian websites” so quickly is that of the United States. This serves as another example of the Kremlin strategy of making the cyber war debate about military capabilities rather than their use of Russian hackers and, of course, to paint the United States as the aggressor whenever possible.
The Gaza Cyber War between Israeli and Arabic Hackers during Operation Cast Lead.
Attacking Israeli websites has been a popular way for Palestinians and their supporters to voice their protests and hurt their adversaries. Arab and Muslim hackers mobilized to attack Danish and Dutch websites in 2006 during the Prophet cartoon controversy. A small-scale ”cyber war” also erupted between s.h.i.+te and Sunni Muslims in the fall of 2008, as predominantly Arab Sunni Muslims and Iranian s.h.i.+te Muslims worked to deface or disrupt websites a.s.sociated with one another's sects.
The latest example of this occurred when Israel began a military a.s.sault on Hamas's infrastructure in Gaza on December 27, 2008, called Operation Cast Lead. After almost a month into the operation, Palestinian officials declared the death toll had topped 1,000, and media reports carried images of ma.s.sive property destruction and civilian casualties. This provoked outrage in the Arab and Muslim communities, which manifested itself in a spike of anti-Semitic incidents around the world, calls for violent attacks on Jewish interests worldwide, and cyber attacks on Israeli websites.
The exact number of Israeli or other websites that have been disrupted by hackers is unknown, but the number is well into the thousands. According to one estimate, the number reached 10,000 by the first week of January 2009 alone. Most attacks are simple website defacements, whereby hackers infiltrate the site, leaving behind their own graffiti throughout the site or on the home page. The hackers' graffiti usually contains messages of protest against the violence in Gaza, as well as information about the hackers, such as their handles and country of origin. The majority of cyber attacks launched in protest of Operation Cast Lead were website defacements. There is no data to indicate more sophisticated or dangerous kinds of cyber attacks, such as those that could cause physical harm or injury to people.
Impact.
While media coverage focuses on the most high-profile hacks or defacements, this current cyber campaign is a ”war of a thousand cuts,” with the c.u.mulative impact on thousands of small businesses, vanity websites, and individual websites likely outweighing the impact of more publicized, larger exploits.