Weeks before bombs fell on Georgia, a security researcher in suburban Massachusetts was watching an attack against the country in cyberspace. Jose Nazario of Arbor Networks in Lexington noticed a stream of data directed at Georgian government sites.
Other Internet experts in the U.S. said attacks against Georgia's Internet infrastructure began as early as July 20, with coordinated barrages of millions of requests – known as distributed denial of service, or DDOS, attacks – that overloaded Georgian servers.
Shadowserver, a volunteer group that tracks malicious network activity, reported the Web site of Georgian President Mikheil Saakashvili had been rendered inoperable for 24 hours by DDOS attacks. They said the command and control server that directed the attack was based in the U.S. and had come online several weeks before it began the assault.
As it turns out, the July attack may have been a dress rehearsal for an all-out cyberwar once the shooting started between Georgia and Russia. According to Internet technical experts, it was the first time a known cyberattack had coincided with a shooting war.
It will likely not be the last, said Bill Woodcock, research director of the nonprofit Packet Clearing House, which tracks Internet traffic. He said cyberattacks are so cheap and easy, with few fingerprints, they will almost certainly remain part of modern warfare.
“It costs about 4 cents per machine,” Woodcock said. “You could fund an entire cyberwarfare campaign for the cost of replacing a tank tread, so you would be foolish not to.”
Exactly who was behind the cyberattack is not known. The Georgian government blamed Russia, but the Russian government said it was not involved.
In the end, Georgia, a relative latecomer to the Internet, saw little effect beyond inaccessibility to many government sites.