Georgia hacking stirs fears of cyber militias

WASHINGTON (Reuters) - Attacks that hit Georgian Web sites after Russian tanks rolled across the border have U.S. officials concerned that independent “cyber militias” will play a growing role on the electronic battlefield.

Despite the massive publicity they received, the attacks that brought down or defaced government and media sites were not sophisticated and had virtually no impact on the overall conflict, according to experts.

The attacks overwhelmed the Georgian sites with traffic, causing them to crash or work only sporadically, and seem to have originated in Russia, according to U.S. analysts.

Georgia accused Moscow of staging the attacks as part of a war plan, but the attacks more likely were the work of “hacktivists” -- politically motivated hackers, experts said.

Instead of heaving a sigh of relief at the apparent lack of official Russian involvement, U.S. government officials and experts are on edge, worried that groups with little or no connection to any state can assert such influence.

“In future warfare, governments aren’t going to be the only ones waging war,” said a senior U.S. military official.

Militaries have conducted electronic warfare for decades, such as jamming communications, so attacks on computer systems alongside a conventional conflict are not new. But those operations are normally carried out by nation-states.

The official, speaking on condition of anonymity, suggested the Georgia attacks could signal that “paramilitary or militia-like organizations start to come back into the fray.”

That fear is particularly great for the United States and other Western nations because so much of modern life is potentially vulnerable to attack from cyberspace -- power grids, banking systems, air traffic and telecommunications.


Cyberattacks are an especially effective weapon for small groups because the technology required is cheap and easy to get -- sometimes just a computer and an Internet connection.

“It’s a great level playing field,” said Jose Nazario, senior technology researcher at Arbor Networks, a technology security company.

“A gang can compete against the state,” he said. “Sometimes they can win.”

Far more serious attacks than those that hit Georgia take place regularly but get far less attention. Many have a far more subtle aim than crashing a Web site or causing a catastrophic system failure -- they are used for spying.

The Pentagon, the German chancellor’s office and the U.S. defense consulting firm Booz Allen Hamilton have been among the high-profile targets of attacks to gather sensitive information or probe system vulnerabilities.

Washington says some of the most sophisticated cyberspying originates in China. The Chinese government denies involvement and says its own computer systems are frequently targeted.

The attacks on Georgian Web sites took place just as Moscow deployed troops to crush a Georgian attempt to retake the breakaway province of South Ossetia on Aug. 8, according to experts who monitor Internet traffic.

The sites of President Mikheil Saakashvili, government ministries and news organizations were all targeted.

The use of cyberspace in the conflict was not all one-way. Georgian authorities blocked most access to Russian news broadcasters and Web sites when war broke out, saying they could not be allowed “to scare our population.”


Moscow has denied any role in the attacks and experts say a country such as Russia could have used far more sophisticated methods for an electronic assault.

“It’s a loud and awkwardly clumsy attack for a national government like Russia to use,” said Amit Yoran, former national cybersecurity chief at the U.S. Department of Homeland Security and now CEO of network security firm Netwitness.

They also question whether the attacks meshed with any larger strategy. If Russia’s objective was to stop Georgia’s government communicating with its people, why attack Web sites but leave television and radio broadcasting intact?

Georgia is not a high-tech country, unlike Estonia, which was hit by a far more severe series of cyberattacks last year.

What is almost impossible to know is whether the hackers received any official encouragement or guidance, highlighting another problem with cyberattacks -- the origins are hard to pinpoint, making it difficult for governments to respond.

No one has yet defined what would constitute an act of war in cyberspace -- a task that nations must address, said Air Force Gen. Gene Renuart, head of U.S. Northern Command.

“Is it degree? If you affect so many millions of people or so many millions of dollars or so many organizations, does that constitute a legal act of war?” asked Renuart, whose headquarters is charged with protecting the U.S. homeland.

To secure cyberspace, governments and international organizations will have to work closely with private companies, who own most of the infrastructure, Renuart said.

“Frankly, I don’t know how easy it will be to gain consensus that each of them has to give up a little bit of their sovereignty in order to gain collective security.”