Russia is not only attacking Georgia by land and by air, but hackers are attacking Georgia's computer systems. Cyber attackers began launching virtual missiles at Georgian servers on Aug. 8.
A group calling itself South Ossetia Hack Crew claimed responsibility for an attack that defaced the Web site of the Georgian Parliament. The group posted images that compare Adolf Hitler with Georgian President Mikheil Saakashvili. Saakashvili's Web site also came under attack on Monday.
"We definitely see hactivism taking place from people who have a political ideology and jump on the bandwagon with bots to help promote their opinions and viewpoints, whether that be for war or against war or for or against certain countries," said Ken Dunham, director of global response for iSIGHT Partners. (Hactivism is using digital tools for political ends.)
The Attack Before the Attacks
But Dunham and his colleagues at iSIGHT report a deeper issue. The security company has found in its analysis of network traffic that there was a lightweight denial-of-service attack July 18 against the Georgian president's Web site.
"This appears to be more of an intelligence-gathering effort rather than a distributed denial-of-service attack," Dunham said. "The lightweight attacks that took place well over a month prior to this incident indicates other actors with motives different than hactivism are likely involved by the incident."
Once an issue becomes public and people start to get upset and begin discussing it, hactivism becomes a very large-scale public concern. That is a factor in the Georgian server attacks, Dunham said. But the larger question is, who was talking the Georgia-Russia conflict this July? Why would a lightweight attack take place a month before the issues we are seeing?
"Someone performed lightweight DDoS against a site that later became the target of significant attacks," Dunham said. "It appears that someone was sizing up what the resources and capabilities of servers of interest were."
Hackers for Hire
The attacks against Georgian sites happened quickly, Dunham said, adding that large-scale DDoS attacks against multiple Web sites don't happen that quickly without a significant amount of hactivism. It takes time to get people stirred up for that type of action.
"When these attacks first took place, before the hactivism jumped on the bandwagon, who was behind that and who organized those attacks?" Dunham asked. "The sequence of events tends to force you to acknowledge that there are likely other actors and other motives involved other than just the reactive hactivism we've seen online."
iSIGHT has concluded the Mafia is not involved in these attacks, and is not pointing fingers at Russia, either. However, the firm has substantiated in recent days that there are people trying to secure hacker-for-hire agreements to perform attacks against these Web sites.
"This is not some Mafia group or organized criminal group that launched this attack," Dunham said. "There may be individuals who are associated with such groups that may be doing hacker-for-hire-type work. But what we have seen so far is not the typical organized criminal work."