The Guardian Online just posted an assessment I co-wrote with my friend Jim Hendler (computer science professor at RPI) about the Georgia-Russia Cyberwar.
Aaron Mannes and James Hendler
Friday August 22 2008
The Russian-Georgian conflict is being described as the first time cyber-attacks have accompanied an actual war. Last year, the Russian-Estonian spat was described as the first modern cyber-war. These descriptions over dramatise events and are a distraction from the more prosaic, but more serious, danger these illicit cyber-actions represent. The technology used in these cyber-conflicts has only limited strategic impact, but represents a major threat to one of the most successful engines of human freedom and opportunity – the World Wide Web itself.
The strikes against Georgian government websites, along with last April’s attacks against Estonian websites, were distributed denial of service attacks (DDoS) where many computers simultaneously send messages to a website, preventing legitimate traffic from reaching the site. These attacks are relatively easy to launch, but taking a website down does not affect real world infrastructure and competent IT professionals can counter or at least mitigate DDoS attacks. The increasing volume and sophistication of these attacks is a subject much discussed among IT professionals, but its impact is to create an inconvenience.
Theoretically taking down Georgian government sites could have prevented Georgia from publicising its side of the conflict. However, some Georgian sites were migrated to new locations. More importantly, the Georgian government’s message was getting out to the world. The problem was that the United States and Nato had limited options for supporting Georgia. In short, the cyber component had no significant known impact.
Advanced economies and militaries rely on sophisticated information networks. Damaging or infiltrating these networks will probably be an important component of future wars. The ability to listen in on or disable an enemy’s military communications net could be the difference between victory and defeat. It is also conceivable that information inside these networks could be influenced, or that the networks running critical infrastructure – military or civilian – could be infiltrated and used to cause real-world damage. However the skills and technologies needed for these attacks will be highly specialised, and not akin to the DDoS attacks which a relative amateur can launch.
Russia, home to a sophisticated core of cyber-criminals, undoubtedly possesses some of these capabilities. But, considering Russia’s massive military advantage over tiny Georgia, it is unlikely that Russia would have turned to advanced cyber war to guarantee victory, particularly when deploying it would provide potential future adversaries with valuable intelligence about Russia’s cyber war strategies and tactics. In addition, much of Georgia’s infrastructure is old and consequently not online and therefore invulnerable to a cyber strike. (The Georgians claim that Russia has targeted their phone system, and while that is possible, it is more likely that Georgian phone systems were overwhelmed in the general crisis accompanying the Russian attacks.)
The Russian government may have instigated the DDoS attacks, although the evidence is unclear, and it is difficult to identify the origins of a DDoS attack. It appears that the DDoS attacks were in fact a mass action by regular Russian citizens. For the future of the Web, this is even more worrisome.
DDoS attacks typically use botnets, networks of thousands of compromised computers that, unbeknownst to their owners, are used to disseminate spam. Five years ago DDoS attacks and botnets were the domain of highly skilled cyber-criminals. Now, botnets can be rented online, and rentals come with tech support. The massive DDoS attacks on Georgia included botnets, but ordinary citizens joined in, using simple tools distributed online to join in the attacks. The tools of cybercrime are becoming progressively easier to use.
The Web was established as an open environment, with minimal governance, that puts a premium on individual liberty and initiative. This openness has been essential to the Web’s success as a tremendous engine of creativity, opportunity, and liberty. DDoS attacks that take down websites are bad manners and one threat to the open spirit that underpins the Web. But the technology behind these attacks represents even greater threats.
The primary use of botnets is not DDoS attacks, but to perpetrate an ever expanding repertoire of online frauds and distribute malicious software. These activities undermine the physical and moral integrity of the Web. Some estimates are that more than 75% of the emails sent worldwide are spam. With botnets becoming easier and easier to create and manage, the rate of spam is increasing faster than new internet capacity. Spam also represents a moral threat to the Web, as online fraud undermines trust in e-commerce and online communications in general.
Governments can better prepare for specific events, such as international cyberspats. There are a number of improvements that could be made in coordination and in developing early warning systems. But the systemic issues also need to be addressed. Software designs need to be improved to reduce the vulnerabilities that cyber-criminals exploit and the public needs to be better educated about safer online behaviour. Major Web users such as governments, ISPs, universities, and corporations need incentives to better secure their networks, and educate their users. Finally, serious efforts must be made to develop international laws that can prevent increasingly sophisticated cyber attacks and to prosecute cyber-criminals. All of these steps are costly, but without them more draconian efforts that impinge on individual privacy may be needed to keep the Web viable.
The cyber-component of the Russian-Georgian conflict was only a sideshow, but it highlighted the threats facing one of history’s great promoters of freedom and innovation – the World Wide Web.