The presidential and defense websites slipped offline, Internet communications were down, and major media were inaccessible. While the Georgian government tried to cope with the country falling into darkness, Russia launched a physical assault with soldiers and tanks.
One of the main weapons of choice in the 2008 cyberwar was a botnet—a network of infected computers sometimes referred to as “zombie armies,” which work as slaves to a master computer. The main attack from a botnet can take websites offline by overloading them, known as a distributed denial of service (DDoS) attack.
There was something unique about this particular botnet though. “When Russia rolled into Georgia they hired a botnet to shut down the country,” Matthew Jonkman, president of the Open Information Security Foundation, said in a phone interview.
“That was years ago and they’ve gotten even better,” Jonkman said.
The hacker underground has grown since the 2008 attacks. Hackers can now be hired through underground forums using anonymous payment methods like BitCoins, botnets can be rented for as little as $5 an hour, and nearly any target can be taken offline or compromised for the right price.
“Cyber attacks designed to knock Web sites off line happen every day, yet shopping for a virtual hit man to launch one of these assaults has traditionally been a dicey affair,” states Brian Krebs on his popular cybersecurity blog, Krebs on Security.
“That’s starting to change: Hackers are openly competing to offer services that can take out a rival online business or to settle a score,” Krebs states.
Hackers for Hire
The Russia-Georgia cyberwar, as well as the Estonia-Russia cyber conflict of 2007, are often referenced as examples of what cyberwar is capable of. Although the attacks on Estonia—one of the world’s most wired countries—did not involve physical attack, virtually the whole country came to a standstill as banks, communications, and government fell victim to cyberattacks.
Even in 2007, however, much of the world was still ignorant of the devastating potential of cyberwar. The risks only came to the forefront after hacker group Anonymous Operations began its “Operation Payback” attacks on companies including Mastercard and PayPal in 2010, retaliating against government actions on information-leaking website WikiLeaks.
Their attacks, and the highly publicized attacks from hacker group LulzSec that came later, highlighted the rise of a new kind of threat. With that, the eyes of the world opened to the flimsy foundation that much of the Internet is built on—one riddled with holes that can be stopped on little more than a whim.
Among the terrible truths of the attacks by Anonymous and LulzSec is that neither group is necessarily skilled when compared to the hacker elite. The majority of them use software or pre-written scripts to launch their attacks—hackers refer to them as “script kiddies,” unworthy of being called hackers. Thus, the companies that have fallen victim to their attacks, often fell to some of the most basic attacks there are—highlighting again the despondent state of digital security.
While these groups have garnered the most attention, the real concern is about the groups that are lesser known—terrorist organizations, state-affiliated hacker groups like the Chinese Honker Union and the Russian Business Network, and the underground elite (“leet”) of the hacker world.
In September, Secretary of the Department of Homeland Security (DHS) Janet Napolitano stated “The U.S. has become ‘categorically safer’ since 9/11, but cyber-terrorism now tops the list of security concerns.”
Cyber jihadists are already springing up around the Web, while many, like the Tariq bin Ziyad digital terrorist organization, even offer to train new members who know little or nothing about hacking.
The added threat, however, is that these groups could pull from the same resources as Russia did during their attack on Georgia—weaponizing a botnet, or going to the hired guns on the digital front. “Just as organized crime groups have hired hackers, it is possible that nation states could hire or distantly support jihad networks and launch cyber-attacks through them,” states an April 17 report from Project Cyber Dawn, part of The Cyber Security Forum Initiative.
Meanwhile, concern over groups like Anonymous and lesser-skilled yet active groups like the Iranian Cyber Army are less about where they are now, and much more about what they could become.
The DHS posted a bulletin on Oct. 17 warning that Anonymous may be planning attacks on critical infrastructure, including energy companies and industrial control systems. It adds that while the group seems to lack the ability to hit such targets currently, they may develop the skill.
But the poor state of today’s cybersecurity leaves major gaps. “What we have is in a very fragile state, so anybody who does get organized and goes after it could cause serious damage,” Jonkman said.
He added that a lot of groups, like the Iranian Cyber Army, launch many of their attacks for bragging rights—maybe defacing someone’s website with their logo and a statement. The concern though is that the lesser skilled groups could also pull from the more elite guns-for-hire.
“The ones we should worry about are the ones we don’t know about, and the state-sponsored stuff. Now, these groups can make a lot of noise or be hired by an organization or country to do something,” Jonkman said.
“It could pose a very significant threat, more than the overall threat in general,” he said.