Websense.com / Security Labs / Blogs / Georgia-Russia conflict: Impact on the Threat Webscape

Archived Blog

Georgia-Russia conflict: Impact on the Threat Webscape

08.13.2008 - 11:30 AM

If you have been following recent news, you have probably seen that the top stories are covering the conflict in Georgia. In the Security Labs, we have seen evidence and reports that this conflict is also apparent in the realm of cyberspace.

You can read more about the key issues in this conflict here. The point of conflict - South Ossetia:

What is the impact on the webscape?

In the Labs, we have seen evidence of attacks that are typical of so-called cyber-warfare attacks. Certainly, DDoS attacks and defacements are not new and have been used by those with malicious intent during events such as public riots or events of a politicial nature.

In 2007, Web sites of the government in Estonia were targeted by a reported DDoS attack, and in 2008 a Web site belonging to the Tibetan government was injected with malicious source code. The timing of the current round of attacks to coincide with the physical conflict in the Georgia region has been commented on in the news.

Georgian goverment Web sites have been defaced by hacking groups. These sites include the Ministry of Foreign Affairs and the Georgian parliamentary Web site. Access to some Georgian government Web sites still is not possible. Major government sites were defaced and some are still down:

Some of those hacked Web sites, such as the Ministry of Foreign Affairs, are now showing evidence of being cleaned of malicious code, but users have been warned not to trust these sites, even if they become available, due to suspected compromise. Three weeks ago the Web site of the President of Georgia was unavailble for approximately one day. News reports issued by the security community at the time tied in the use of bot networks in these attacks. Georgia's Ministry of Foreign affairs Web site has also been heavily DDoS'd, and the Ministry has moved to disseminating its news from a Google Blogspot account.

At least 6 different command and control servers have been involved in this attack. More details are available from Shadowserver.

This conflict has been covered well on ZDNet by Dancho Danchev.

Spammers are also using the news of the conflict in social engineering techniques by sending emails with subjects such as 'Georgia war hot spot area'.

We wouldn't be surprised to see these trends continue in the near future.

Security Researcher: Elad Sharf

Bookmark This Post: