As they say in the NFL, "On further review." First, it appears that the attacks did not appear to originate from government operators, but a group of civilian hackers. According to Shadowserver, a volunteer group that monitors internet hacking activity, the attack linked to a group of servers previously corresponding with hackers known for hacking pornography and gambling websites.
It is important to note that, as with any attack, the ability to pin the rose on any particular group, government or individual is extremely difficult. The attack may originate in Russia, but that does not mean it came from their government. On the other hand, you cannot remove government-sponsored operators from consideration regardless of their own spokespeople.
Do not think that the Georgian hackers are sitting idle while their country takes a pounding. Apparently, they responded, by taking down sites that provided news about the Russian-backed Georgian breakaway province of South Ossetia and in one case replacing the Web site´s content with a news feed from a pro-Georgian service.
Now that the cyber dust is settling, what did we learn? Here is a great PCWorld article by Andreas Antonopoulos. His point: "There were no reports of attacks against critical infrastructure, electronic jamming of stock exchanges, SCADA-hack explosions in substations or anything like that. This was not a battalion of elite army-trained hackers from the Russian Southern Command of Cyber Warfare. In all likelihood it was groups of run-of-the-mill script kiddies with control of a botnet, stroking their egos with the higher cause of injured nationalism."
Personally, I believe the lessons learned lies somewhere in the middle. While the cyber attacks in Georgia proved anything buy decisive, they received considerable attention from an international press fascinated by cyber-warfare. Hackers were able to draw the attention of Georgian officials already decisively engaged by attacking Russian forces. Like it or not, they were a factor albeit not a decisive one.
4 comments:
BW - Your favorite IO dude here...good blog. Just a comment on OPFOR doctrine...we(U.S.), in the past hardly ever thought about warfare in the cyber domain. However, with the advent of flattened communications and the world's (to include formations in the DIME, especially the M for what I'm addressing here) dependency on it, we must continue to explore the other domains outside of the physical, information, and cognitive. Jumping to another sub-topic...did you know that Chinese tactical units have IT specialists to conduct cyberattacks simultaneously with physical maneuver attack? It's true! They see physical attacks in the cyber domain equal to that of dropping a JDAM. Makes you wonder how well we are transforming our efforts to gain overmatch.
Great post as always Ken.
BTW, thanks for linking to my blog.
Hackers will be part of our 'Operator' community probably sooner than we think, but probably not at lower tactical levels. Whether the hackers were government-sponsored or not is beside the point. A cyber-attack conducted parallel with full spectrum operations has a strategic IO effect.
As per the Chinese, while I appreciate their effort I am dubious as to the effectives of a hacker at lower level tactical echelons. Decisive hacking (breaking encryption) requires access; access to computers with computational firepower not available with a laptop.
I think that's why you will never see similar position in the US tactical military organizations.
Hi Ken
You have a good blog.
Please visit my fun blog on:
http://www.soldierfun.blogspot.com
Be happy.
Post a Comment