Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Govsec Georgia 2008 Cyber War


Published on

Published in: Business, Technology
  • Be the first to comment

Govsec Georgia 2008 Cyber War

  1. 1. Where Cyber and Military Might Combined for War Fighting Advantage. Paul M. Joyal, Managing Director Public Safety and Homeland Security The Brave New World of the 5 Day War
  2. 2. Russian Views on Electronic and Information Warfare “ The growing role of information-technology is rapidly lowering the barrier between war and peace.” Mary C. FitzGerald
  3. 3. Briefing <ul><li>In the Early 1980’s, Marshal Ogarkov, then Chief of the Soviet General Staff , first noticed a new “revolution” occurring in military affairs. According to the Russian military they recognized two major information technologies which today are said to be “ the most formidable weapons of the 21 st century” which are comparable to weapons of mass destruction. </li></ul><ul><ul><li>Reconnaissance, surveillance, and target acquisition (RSTA) systems </li></ul></ul><ul><ul><li>“ Intelligent” command-and-control systems </li></ul></ul><ul><li>Under conditions of parity in nuclear and conventional weapons, superiority in reconnaissance, command and control, and electronic warfare is said to be the main factor in raising the qualitative indices of weapons and military equipment, which will have a “decisive” effect on the course and outcome of combat operations </li></ul>“ Warfare has indeed shifted from being a duel of strike systems to being a duel of information systems”
  4. 4. Russian analysts Yevgeniy Korotchenko and Nikolay Plotnikov conclude in 1993: We are now seeing a tendency toward a shift in the center of gravity away from traditional methods of force and the means of combat toward non-traditional methods, including information. Their impact is imperceptible and appears gradually. ... Thus today information and information technologies are becoming a real weapon. A weapon not just in a metaphoric sense but in a direct sense as well
  5. 5. Two Aspects of Parity and Defense Sufficiency (1993) Russian Admiral V.S. Pirumov &quot;... that a war's main objective is shifting away from seizure of the opponent's territory and moving towards neutralizing his political or military-economic potential - eliminating a competitor - and ensuring the victor's supremacy in the political arena or in raw materials and sales markets.
  6. 6. General Viktor Samsonov, Chief of the Russian General Staff stated 23 Dec 96 The high effectiveness of ‘information warfare’ systems, in combination with highly accurate weapons and ‘non-military means of influence’ makes it possible to disorganize the system of state administration, hit strategically important installations and groupings of forces, and affect the mentality and moral spirit of the population. In other words, the effect of using these means is comparable with the damage resulting from the effect of weapons of mass destruction.
  7. 7. Developments to this doctrinal understanding have evolved in the 90’s with the dynamism of the information era <ul><ul><li>Today information warfare doctrine has expanded to include target country information systems, communications networks and economic infrastructure. The role of intelligence services have accelerated these developments. Lessons learned from US and coalition forces information warfare operations during the I st Gulf War contributed to these developments </li></ul></ul><ul><ul><li>Cyberspace has clearly emerged as a dimension to attack an enemy and break his &quot;will&quot; to resist. This is an extension of traditional Soviet intelligence “Active Measure” doctrine. Active Measures being an array of overt and covert techniques for influencing events and behavior in, and the actions of target foreign countries </li></ul></ul>
  8. 8. Information age technologies have created a new cyberspace environment in which to conduct warfare. Russia's response to the information age highlights the potential for challenges to the existing military balance and global security. This was brought vividly home during the 5 Day Russian Georgian War. Countries around the globe are increasingly vulnerable to information warfare as cyberspace and social networking increases, dependence expands. The gap between the emerging information age environment and the doctrine, capabilities and strategies for defending against and prosecuting information warfare are now being globally confronted.
  9. 9. Tectonic shift in military affairs: 6 th Generation warfare will change the laws of combat and the principles of military science <ul><li>The Russians foresee impending sixth generation of information warfare technology as a potential for cyber warfare to inflict decisive military and political defeat on an enemy at low cost and without occupying enemy territory </li></ul><ul><li>Thinking of the enemy as a system is the basis to understanding how cyberspace might be exploited for warfare. </li></ul>
  10. 10. Nature of Information Warfare <ul><li>Information Warfare (IW) has three components that encompass the totality of actions which ensure victory over the opponent in the information sphere. </li></ul><ul><ul><li>First Component  a complex of measures for acquiring information on the opponent and the conditions of the conflict (radioelectronic, meteorological, the engineering situation etc.) </li></ul></ul><ul><ul><li>Second Component  to gain knowledge to the information support of the opponent's troop and weapon control (“information opposition”). It includes measures to block the acquisition, processing, and exchange of information ( troop and weapon control.) </li></ul></ul><ul><ul><li>Third Component  to defend against the opponent’s information opposition (“information defense.”) </li></ul></ul>
  11. 11. Information Warfare <ul><li>The ultimate objective of IW is to achieve information dominance over the opponent </li></ul><ul><li>Russians define IW as a complex of measures for information support, information opposition, and information defense. </li></ul><ul><li>The ideas and material foundations of information weapons were formed simultaneously with the development of society’s information environment. </li></ul><ul><li>An adversary's targets include: telecommunications, space based sensors, communications and relay systems; automated aids to financial, banking and commercial transactions; supporting power productions and distribution systems; cultural systems of all kinds; and the whole gamut of media hardware and software that shapes public perceptions. </li></ul><ul><li>The Chinese Liberation Army Daily reportedly advocated the recruitment of civilians to aid in the cyber attacks. There is evidence that Russian special services have also recruited “hackivists” and criminal groups. </li></ul>
  12. 12. Computerization of Information Warfare <ul><li>Russia has a well-documented offensive cyber attack program. It has developed tactics and weapons designed to produce dominance in the information “battle space.” Experts list the following information in which effect attack systems : </li></ul><ul><ul><li>Computer Viruses </li></ul></ul><ul><ul><li>Logic Bombs </li></ul></ul><ul><ul><li>Systems to suppress the exchange of information in telecommunications networks, its falsification, and the transmission of needed information (Denial of Service (DOS) attacks). </li></ul></ul><ul><ul><li>Techniques and systems that permit the introduction of computer viruses and logic bombs into state and corporate information networks and systems and their remote control. </li></ul></ul><ul><ul><li>Malware </li></ul></ul>
  13. 13. Russian intelligence services have a history of employing hackers against the United States . <ul><li>In1985 the KGB hired Markus Hess, an East German hacker, to attack U.S. defense agencies in the infamous case of the “Cuckoo’s Egg.”436 </li></ul><ul><li>Both FAPSI and the FSB, KGB successor organs, are believed to have potent information-gathering programs, which has led to increased suspicions over possible attempts at espionage. </li></ul>
  14. 14. Russian FSB continues to employ hackers <ul><li>Sergei Pokrovsky, the editor of the Russian hacker magazine Khaker confirmed that the FSB employs hackers for both foreign and domestic espionage. </li></ul><ul><li>As evidenced by the Chechen conflict, Russian secret services under sponsorship of the government will not hesitate to use cyber warfare to further their agenda and to protect what they deem to be matters of national security. </li></ul>
  15. 15. Psychological Operations and Information Warfare <ul><ul><li>According to Russian military scientists new weapons will exert a deep influence on the methods, ultimate objectives and definitions of victory in future wars </li></ul></ul><ul><ul><li>The use of new information and cyber weapons will be directed primarily at achieving the most important political and economic objectives without direct contact of the opposing forces and without armed combat </li></ul></ul><ul><ul><li>These weapons and techniques are designed to destroy the state and societal institutions, create mass disorder, degrade the functioning of society, and ultimately the collapse of the state. </li></ul></ul>
  16. 16. Reflexive Control of the enemy is the goal of PYSOPS and A/M <ul><li>Russian general officers stress that to achieve success the entire process of warfare must be kept under control---including that of the enemy </li></ul><ul><li>The target of enemy control is the opposing decision-making commander or national leader. This is called reflexive control. </li></ul><ul><li>Its goal is to create an atmosphere of pressure to force the target into decisions objectively leading to its own defeat. This can be “being intimidated” to not act or “being lured with advantage” to act against its own interests. </li></ul><ul><li>This utilizes disinformation, concealment and deception as means to achieve this end. </li></ul>
  17. 17. CYBERWAR The New “Active Measure” <ul><li>New cyber military, intelligence subunits involved in preparing and conducting psychological operations reinforce the actions of sabotage and reconnaissance, military intelligence and public information services during combat operations. </li></ul><ul><li>The organization of such is regulated by special directives and manuals developed by military and intelligence services </li></ul><ul><li>These CYBER PSYOPS support combat operations in the preparatory period of combat and during combat. </li></ul>
  18. 18. Russian cyber warfare doctrine also addresses the optimum time to strike. Prior to an “information strike”, all targets should be identified (including enemy information systems), enemy access to external information should be denied, credit and monetary circulation should be disrupted, and the populace should be subjected to a massive psychological operation--including disinformation and propaganda.
  19. 19. In preparation for conflict, computer networks and databases are penetrated before the beginning of combat operations by agent and other methods Micro-organism cultures are introduced that eat away electronic components. The employment of information weapons in the concluding phase of a major regional conflict is similar to their use in peacekeeping operations.
  20. 20. Combined information and military operations are required Estimates have shown that the use of information weapons must be constantly accompanied by the limited use or threat of use of conventional weapons, especially high-precision weapons.
  21. 21. Information Warfare Wrap Up <ul><li>The Russians argue that information war occupies a position between “ cold” war and “hot” war. </li></ul><ul><li>The result of an information war is disrupted functioning of elements of the enemy infrastructure. </li></ul><ul><li>“ Hot” war uses conventional and/ or mass destruction weapons, it is aimed not at material but at “theoretical” objects. </li></ul><ul><li>At the same time , such objects and systems can be destroyed while their material basis is preserved. </li></ul>
  22. 22. Russian-Georgian War <ul><li>The Cyber attack on Georgia illustrates an important detailed example of information warfare as a prelude to military conflict </li></ul><ul><li>But this was only part of a more extensive “active measure” campaign that begun much earlier. </li></ul><ul><li>July 3: One month before Russia’s invasion into Georgia, separatists try to assassinate Dimitri Sanakoyev, Head of the Temporary Administration of South Ossetia. </li></ul><ul><li>Georgia’s internet infrastructure experienced coordinated barrages of millions of attacks (distributed denial of service DDOS) beginning on July 20 th . </li></ul>
  23. 23. Information Warfare and Active Measures have a highly developed history in Soviet -Russian Intelligence History Today Russia is no longer constrained by communism. Government, business and criminal groups operate seamlessly. Intelligence skills have now entered the market place and are used by any number of public and private entities to achieve their ends. Cyber threats only amplify this muddled reality
  24. 24. The Brave New World of the 5 Day War: Where Cyber and Military Might Combined Presented by Eka Tkeshelashvili Secretary, National Security Council of Georgia February 6, 2011 , Washington, DC
  25. 25. PLANNING <ul><li>“ No battle plan survives contact with the enemy.” Field Marshall Helmuth von Moltke </li></ul><ul><li>“ Plans are nothing; planning is everything.” General Dwight D. Eisenhower </li></ul><ul><li>“ It’s tough to make predictions, especially about the future.” Yogi Berra </li></ul>February 6, 2011
  26. 26. Let’s go back about a decade <ul><li>To the Year 2000 Problem , aka </li></ul><ul><ul><li>Y2K </li></ul></ul><ul><ul><li>The Millennium Bug </li></ul></ul><ul><li>FEARS that everything would stop </li></ul><ul><ul><li>Telephone systems </li></ul></ul><ul><ul><li>Nuclear Reactors </li></ul></ul><ul><ul><li>Airplane Navigation systems </li></ul></ul><ul><ul><li>Even Elevators ! </li></ul></ul>February 6, 2011
  27. 27. THE PROBLEM <ul><ul><li>Computer Chips are Ubiquitous </li></ul></ul><ul><ul><li>Our Dependence increases day by day </li></ul></ul><ul><ul><li>Y2K brought that message home </li></ul></ul><ul><ul><li>With massive interconnection, possibilities for consequential mischief multiplied </li></ul></ul>February 6, 2011
  28. 28. The Cyber War <ul><li>The (Cyber) Agents - i.e. Who </li></ul><ul><ul><li>The Soldiers </li></ul></ul><ul><ul><li>The Mercenaries </li></ul></ul><ul><ul><li>The Volunteers </li></ul></ul><ul><li>Note that the latter two can serve as effective smoke screens for the first </li></ul>February 6, 2011
  29. 29. The Cyber War <ul><li>The components – What </li></ul><ul><ul><li>Sites Defaced </li></ul></ul><ul><ul><li>Counterfeit Sites set up, traffic redirected </li></ul></ul><ul><ul><li>International Internet Communications disrupted </li></ul></ul><ul><ul><li>Servers brought down (DDoS) </li></ul></ul>February 6, 2011
  30. 30. The Cyber War <ul><li>The Timing – When </li></ul><ul><ul><li>Friday, Aug 8, Russian Land forces “officially” attack </li></ul></ul><ul><ul><li>The day before, massive Cyber-attacks begin </li></ul></ul><ul><ul><li>Two-three weeks prior marks a steady build-up of Cyber-attacks </li></ul></ul>February 6, 2011
  31. 31. The Cyber War <ul><li>The Purpose – Why </li></ul><ul><ul><li>Doctrine </li></ul></ul><ul><ul><li>Making your enemy shut up is a potent weapon of modern warfare </li></ul></ul><ul><ul><li>Demoralize through propaganda / disinformation </li></ul></ul><ul><ul><li>Ensure only one message gets out </li></ul></ul><ul><ul><li>Isolate the Target </li></ul></ul>February 6, 2011
  32. 32. The War in Context <ul><li>Why Georgia, why now? </li></ul><ul><ul><li>Georgia’s substantial headway in </li></ul></ul><ul><ul><ul><li>Democracy </li></ul></ul></ul><ul><ul><ul><li>Civil Society </li></ul></ul></ul><ul><ul><ul><li>Economic Development </li></ul></ul></ul><ul><ul><li>Georgia was integrating with the West </li></ul></ul><ul><ul><li>NATO, The European Union </li></ul></ul><ul><ul><li>East West Corridor for Caspian Oil/Gas </li></ul></ul>February 6, 2011
  33. 33. The Cyber-attack Details - 1 <ul><li>DDoS attacks before and after the War </li></ul><ul><li>US Hosting firm confirms attacks </li></ul><ul><li>Georgian Internet Servers “High-Jacked” </li></ul><ul><li>Georgian President’s Site Defaced </li></ul><ul><li>Later the Site suffered DDoS attacks </li></ul><ul><li>Expert Dancho Danchev points to Russia </li></ul>February 6, 2011
  34. 34. The Cyber-attack Details - 2 <ul><li>Known Internet rogue Organisation, RBN, orchestrated attacks </li></ul><ul><li>Hosting moved off-shore </li></ul><ul><li>RBN website provides hacker tools, instructions, and list of targets </li></ul><ul><ul><li>38 important sites listed, including US Embassy in Georgia </li></ul></ul>February 6, 2011
  35. 35. Conclusions <ul><li>Attacks shed light on the aggressor’s methods </li></ul><ul><li>2 attacks against 2 different countries in 2 consecutive years by a single belligerent is alarming </li></ul><ul><li>NATO members and aspirants should be prepared for Cyber-warfare </li></ul>February 6, 2011
  36. 36. Commercial Effects of E-Wars Analysis of Georgia events and related topics . Stephen Spoonamore Partner GSP llc [email_address] Skype: spoonamore 202 351 1883
  37. 37. Where was the Georgian War? This is snapshot of what part of the Internet looked like at a computational perspective near the start of the Georgia War. Yes…it is fuzzy… So is the web.
  38. 38. More or less here… The Green Square (virtually as it were) covers the Caucus . It amounts to apx 0.3% of global IT Traffic. From a commercial perspective, it is not a high priority.
  39. 39. Rewind to the Baltics <ul><li>The Baltic Cyber War - May 17 2007 </li></ul><ul><li>Estonia, and IP addresses in Russia go to war. </li></ul><ul><li>Spillover wipes out banking settlement, ATM access, </li></ul><ul><ul><li>Credit Processing and other Bank Ops in 17+ other </li></ul></ul><ul><ul><li>Nations within 36 hours of event start including US, </li></ul></ul><ul><ul><li>Singapore, Germany and Brussels. </li></ul></ul><ul><ul><li>Economic impact outside of Estonia 50-100x </li></ul></ul>
  40. 40. In other words this… The Green Square Now covers the Baltics . Who also amount to apx 0.3% of global IT Traffic.
  41. 41. Became this… Green Square covers failures Spilling out of the Baltics . Impacting nearly 30% of the globes IP traffic and 20% of the globes Finance. This sucked.
  42. 42. After the Baltics <ul><li>Computers in MC, Visa, Maestro, Star, Cirrus, Eurofin, </li></ul><ul><li>Great Wall, Swift and settlement banks get new rules. </li></ul><ul><li>1) If IP Traffic indicates a nation state, or set of </li></ul><ul><li>nation states is under attack…they are cut out. </li></ul><ul><li>2) Once cut out, assume all restart efforts are comp- </li></ul><ul><li>romised data, handled with highest fraud issues </li></ul><ul><li>3) Cutting of Banking functions results in many </li></ul><ul><li>secondary losses for cut out nation. </li></ul>
  43. 43. Banks now act like a herd. Watch our for lions…
  44. 44. One dies, Herd survives. Lions eat the weak link (Georgia) while the bank herd goes off to graze. They are programmed this way as we sit here today.
  45. 45. Banks impact Cell Phones. Average Credit Card usage needs 36 computers to confirm or process data. Many, perhaps most, EU Cell Phones confirm account validity by piggy-backing on credit system Banks cut of Credit Card settlement systems, none of those phones linked to it function.
  46. 46. Impact on other credentials. Border credential systems overlap phone networks . IP address blocks for ISPs of attacked banks shut out. Commercial entities within those ISP blocks can not access ISP or email. ATM network will not function. Travel tickets wont function. Gas Pumps won’t function.
  47. 47. E-War knowns Mo-Fri. <ul><li>Dozens of .ge sites (Com and Gov) face DDoS. </li></ul><ul><li>Sites move to overseas co-location Wed-Sat. </li></ul><ul><li>Main attack, plus hacktivisits, copycats, script kiddies. </li></ul><ul><li>C+C Server (geolocate Turkey) served </li></ul><ul><li>as primary botnet controller for DDoS </li></ul><ul><li>Attack Domains:,, </li></ul><ul><li>,, </li></ul>
  48. 48. Commercial Responses. <ul><li>Banks, on Mon traffic spike, choke down access. </li></ul><ul><li>Settlement systems cut off all referencing IP by Tues. </li></ul><ul><li>Credit Cards had shut out all .ge and .ge related </li></ul><ul><li>domains by Wed, mid-day. </li></ul><ul><li>Systems depending on CC system all down by Thurs. </li></ul><ul><li>Georgia is cut off from digital herd when invaded. </li></ul>
  49. 49. Summary. <ul><li>Russian partisans, aided by hacktivists and </li></ul><ul><li>copycats launch various attacks for 3+ days. </li></ul><ul><li>During those three days, commercial banking entities </li></ul><ul><li>self-protect and cut of .ge and related IP ranges </li></ul><ul><li>Dozens of IP dependent functions cease from cut off. </li></ul><ul><li>Invasion is much easier with most commercial </li></ul><ul><li>systems shut off by commercial partners </li></ul><ul><li>Stephen Spoonamore </li></ul><ul><li>[email_address] </li></ul><ul><li>202 351 1883 </li></ul>