Russian troops invaded Georgia's South Ossetia on Friday, but Russian attacks on Georgia’s major Web sites and overall Internet access began a day earlier. <snip>
Official Georgian domains are currently so unreliable that the country is now using a Google-run Blogspot Web site to host information from the Georgia Ministry of Foreign Affairs.
<snip>
The first development of the cyberwar (which is really one-sided), between Russia and Georgia was on the 20th of July when we started to notice some hack attempts on the Web site of the president [Mikheil Saakashvili] of Georgia. They were coming from known cybercriminal servers inside Russia. That hack seemed to be a test because the sites went back online after a few hours and the attacks stopped.
Then, as of last Thursday, came a full-blown attack which can only be described as a cybersiege on the whole of Georgia's Internet space. It's basically being controlled now by a group of five all-Russian servers and one Turkish server, which is under some sort of direction from Russian cyberspace.
<snip>
Basically the RBN started as a very crude hacking group, hiring out expensive Web hosting to hide different users, particularly for the use of malware, cybercriminal usage, even child pornography. In the middle of last year, May 2007, we saw the first signs of them being hired [for international attacks] or being used by Russian government groups to actually start to take down Estonian government Web sites, which is pretty well reported. Although those [sites] came back online, what you have seen more recently is the attack on Lithuania's Internet infrastructure, by the same groups and same methods as the RBN used. It just happened to be at the same time as the president [Valdas Adamkus] of Lithuania's visit to Washington, D.C.
It seems to be a pattern: When Russia's neighbors start talking to NATO and get involved with the European community, or work to get better relations with the U.S., they start to come under attack. The attacks are ways of stifling the government's information activities. From Thursday, the day before the Russian troops invaded, you had the full-blown cybersiege in place. Basically no Georgian Web sites were available and a great amount of traffic was stopped. If you actually use the trace routes and see these servers in action, they were simply blockading all routes in and out of Georgia.
How does one fight a war like this? Can you do it from within Georgia? Or once those servers are shut down, is it something that has to be done from outside?
Two things. The smaller neighbors of Russia should watch out who controls their next stage of Internet servers, the actual pipelines. Unfortunately for Georgia, they had an agreement where the main switch for most of Georgia's Internet is through Moscow. Very logically, it's submarine fiber roots; you can read about [it] on the CIA Web site, which actually shows the limitations of Georgia, the near-reliance on physical routing through Russia. Georgia gets taken offline fairly easily because Russia is simply blocking all traffic coming in and out. Estonia learned last year; Lithuania is learning now, as even Ukraine is starting to learn, and a few others—they have to start looking for alternative rooting for the Internet for their countries or else they're going to end up in the same situation as Georgia.
<snip>
Besides counterattacking, is there any way to defend yourself?
One way is not to rely too much on purely directed, solely physical pipelines, as has unfortunately proved a problem for Georgia. It also proves a problem for most of Eastern Europe. Hopefully one of the lessons learned is that these countries start to look at wider Internet services. Governments will start to look at making sure that certain countries don't have a monopoly of control over these pipelines.
Another way is to ensure that you have multiple name servers, which would also have helped Georgia. Let's say their sites were mirrored on U.S. servers, maybe Western Europe, maybe even Asia. This parallel, this mirroring of Web sites helps because even if one server is attacked, at least the other servers could come into action.