• Investment World
• eWorld
• Brand Line
• Mentor
• Life
• Brand Quest
• The New Manager
• Smartbuy

Stocks

• Quotes
• SE Diary
• Scoreboard
• Open-End Mutual Fund

Cross Currency

• Rates
  
  

Shipping

• Ports
  
  

Archives

• Yesterday
• Datewise
• Resources
• In Focus
• In Depth
• Events 2007

Group Sites

• The Hindu
• The Hindu ePaper
• Business Line
• Business Line ePaper
• Sportstar
• Frontline
• The Hindu eBooks
• The Hindu Images

R.K.Raghavan

It is again eventful times in cyberspace. It all started earlier this month with the entry of Russian troops into neighbouring Georgia’s South Ossetia, a region not reconciled to its present political status within Georgia, and with strong affinity for North Ossetia that is part of Russia.

Following Georgia’s decision earlier in the year to send its army to South Ossetia to quell a revolt, the Russians jumped into the fray on what they considered a humanitarian mission to protect the local population. This was, no doubt, a violation of the sovereignty of an independent country that came into existence after the 1991 break-up of the Soviet Union. The hostilities ended quickly with the rout of Georgia and a truce brokered by French President Sarkozy and others. There have, however, been allegations of a breach of promise by Russia to respect the cease-fire accord. As I write this, uneasy peace prevails in the region.

What is more relevant here is the controversy over a cyber attack launched allegedly by Russia against systems in Georgia a few days before it actually sent its troops to that country. This has received nearly disproportionate attention from the Western Press, which looks upon the near collapse of some computers, including those of the Georgian President, as regular cyber warfare unleashed by a peeved Russia. Experts are divided on this, with some believing that what was just a routine disturbance in cyberspace had been exaggerated without any basis whatsoever.

Here are some basic facts of the whole episode. Sometime in July this year, a researcher in Lexington (US), detected a huge inflow of data into Georgian government sites accompanied by the inexplicable message, “win+love+in+Russia”. A little later, on July 20 or nearabouts it, there was a barrage of DDOS attacks on several Georgian sites, and these were so well coordinated to make one believe that there was a deliberate attempt to disrupt the country’s cyber infrastructure.

When such inflow had become intense, Shadowserver, a voluntary group that keeps a watch on malicious traffic on the Net, found the Web site of Georgian President, Mikhail Sakaashvili, non-functional for more than 24 hours. The indications were that this was the result of external mischief.

It was further found that the command and control server involved in this operation was located in the US. Interestingly, this server had been noticed coming online several times before the attack on the President’s Web site. Also, the National Bank of Georgia’s site was found defaced, and the images of a few of twentieth century dictators were transposed to the Web site along with a picture of President Sakaashvili. Such a posting of images clearly pointed to the miscreant’s hostility to Georgia’s regime that went beyond mere pranks.

According to one investigation, all these came from a server based in Moscow, in contrast to the July assault on Georgia which was traceable to a server in the US.

Significantly, after the Russian troops’ entry into Georgia, the cyber attacks were noticed extending to many Georgian government computers. Other targets were a few media, communication and transport corporations. In addition to such attacks, there was the charge that mail traffic proceeding to and from Georgian servers was being deliberately misdirected to some communication firms in Russia. Experts discountenance this allegation because most of Georgia’s traffic was being routed through Turkey and not Russia, and hence the latter did not have the opportunity to tinker with such inflow/outflow of data.

Georgia was quick to react to the situation by charging Russia with launching a cyber war against it. Simultaneously, it took some remedial action by shifting some of its Internet operations to the US. Experts in Estonia, which had suffered similar fury from Russia in 2007, also chipped in offering to assist Georgia. Ironically, Georgia’s retaliation in the form of a counter-attack on a Russian news agency, RIA Novosti, operating from Moscow, was a damp squib, clearly showing that between the two countries it was Russia which called the shots in a cyber exchange.

While the situation now appears to be returning to semi-normalcy, it is a field day for speculation on who was responsible for the mess that Georgian IT systems had become. The needle of suspicion pointed more to Russia than to any other source, particularly because the peak of intrusion into Georgia systems coincided with the former’s invasion of South Ossetia.

One specific suspect was RBN (Russian Business Network), an organisation that had come to adverse notice for renting out botnets or servers for facilitating the operations of crime syndicates. (While some Western observers see a link between RBN and the Russian government, there is no hard evidence to substantiate this.) RBN’s involvement in the offensive against Georgia is ruled out by some experts, especially Paul Ferguson, of Trend Micro, who point out that RBN had been disbanded long ago after causing embarrassment to the Russian authorities, and hence its role in the operation against Georgia was unlikely.

Notwithstanding this clean chit, it is said that one cannot rule out the possibility of a splinter from RBN having caused the damage to Georgia’s networks.

The confusion becomes compounded by the theory advanced by Andre DiMino, Director of Shadowserver, who went on record to say: “This actually looks more like grass roots hacktivist types — people that jumped on the bandwagon.”

But then how can one ignore the fact that the attacks against Georgia revealed more than a measure of coordination, triggering the speculation that someone, possibly within Russia, was distributing hacking tools to be used against Georgia. Some hacker forums in Russia had also been found to be active in educating interested elements on the vulnerabilities of some Georgian sites.

Incidentally, these forums have been referred to as the ‘hacker militia’ of Russian botnet herders and volunteers.

In the final analysis, several conclusions are possible from the recent experience of Georgia and that of Estonia last year. Whenever there is a conflict, major or minor, between nations, we may, in future, certainly expect cyberspace to be misused, not only to disseminate false propaganda but also to inflict material damage on a rival’s economy and infrastructure. Who gets the better of the exchanges will depend on a country’s state of preparedness and its IT prowess.

The next issue is how much damage can such an adventure inflict on a nation? The extent of disruption suffered by countries could actually vary greatly. Although Georgia was traumatised by the Russian offensive on cyberspace, the dislocation caused to its normal life was nominal, because computerisation of its service sectors is still very modest. According to one report, the country is ranked 74 in a list of 234 nations in terms of total Internet addresses.

This is quite in contrast with Estonia which was also a victim last year at the hands of elements traced to Russia. Estonia is known for its IT strength, and it, therefore, suffered tremendous dislocation when it was subjected to cyber attacks, in all probability by Russia or elements close to the government there.

Also, the dividing line between routine botnet activity and politically motivated cyber attacks being thin, very often, one can be mistaken for the other. The occurrence of a normal cyber crime coinciding with an escalation of tension between any two nations could easily be played up by the media and interpreted as classic cyber warfare. Such exaggeration could only exacerbate a conflict between nations.

There is, therefore, a case for moderation and balance while studying damage caused to nations by cyber aggression.

The writer is a former CBI Director who is currently Adviser (Security) to TCS Ltd.

More Stories on : Security | Security Musings

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Copyright © 2008, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line