August 12, 2008

Georgia calls in Estonia and Poland to fight cyber attacks

Former Soviet bloc security experts rally against hacker attacks

By Jeremy Kirk, IDG News Service

---

Computer experts from Estonia are travelling to Georgia today to keep the country's networks running amid an intense military confrontation with Russia.

Poland has also offered support, allowing Georgia space on its president's Web page to post updates on its ongoing conflict with Russia.

The fighting is over the break away Georgian regions of South Ossetia and Abkhazia, which have strong ties to Russia.

The cooperation between the former Soviet bloc allies is aimed at blunting pro-Russian computer hackers, who have been blamed over the last few years for cyber attacks against Estonia, Lithuania and Georgia in incidents linked to political friction between those nations and Russia.

Two of the four experts that staff Estonia's Computer Emergency Response Team (CERT) were waiting Tuesday morning in Yerevan, the capital of Armenia, seeking permission to drive into Georgia, said Katrin Pärgmäe, communication manager for the Estonian Informatics Centre. The two officials are also bringing humanitarian aid, she said.

Estonia is also now hosting Georgia's Ministry of Foreign Affairs Web site, which has been under sustained attack over the last few days.

"Let's just say we moved it," Pärgmäe said. "I know that there are interested parties who read media so it's not good to say exactly where the hosting is."

The Web site for Georgia's president, Mikheil Saakashvili, remained up on Tuesday morning. That site was knocked offline around mid-July after a DDOS attack from a botnet, network experts said.

The botnet was based on the "MachBot" code, which communicates to other compromised PCs over the HTTP (Hypertext Transfer Protocol), the same protocol used for transmitting Web pages. MachBot code has been known to be used by Russian bot herders, according to the Shadowserver Foundation, which tracks malicious Internet activity.

Shadowserver said Monday that hackers had at one point defaced the Web site for Georgia's parliament. "The attackers have inserted a large image made up of several smaller side-by-side images of pictures of both the Georgian President and Adolf Hitler," the group wrote.

Georgia is now also hosting some sites in the U.S., a logical move to better defend the sites against attacks, Pärgmäe said. Shadowserver wrote that the presidential site appeared to have been moved to an IP (Internet protocol) address belonging to Tulip Systems, an ISP in Atlanta, Georgia.

The country is also looking to other ways to keep information flowing. A Georgian news site was also up, but the site warned it was under "permanent DDOS attack" That Web site has set up a group in Google's Groups service, where subscribers can get the news stories it regularly posts.

An official at Georgia's CERT said the unit was too busy to speak.

On Tuesday morning, Russia announced it would stop military operations in South Ossetia and Abkhazia, saying the safety of its peacekeepers in the region had been secured.

Newsletters

Sign up to our Weekly Round-Up for the past week’s not-to-be-missed news analysis and insight delivered straight to your inbox.