Inside Cyber Warfare - Jeffrey Carr [109]
After the breakup of the Soviet Union, tensions in Abkhaz continued to rise. In 1992, Abkhaz nationalists continued to press for independence, and militants attacked government buildings in Sukhumi. In response, Georgian police and National Guard units were sent into Abkhaz to regain control. The tensions between Georgia and Russia over Abkhaz have continued to the present day and were largely responsible for the outbreak of conflict in the South Ossetia region in 2008.
The outbreak of conflict in South Ossetia in 2008 was paralleled by the outbreak of cyber attacks against Georgian government websites (Figure 12-2). Pro-Russian hackers promoted attacking Georgian websites and coordinated their actions via a network of hacking websites frequented by Russian cyber criminals and hackers. Additionally, suspected pro-Russian hackers launched StopGeorgia.ru, a website dedicated to recruiting sympathetic hackers to the Russian cyber militia. StopGeorgia.ru provided eager sympathizers with a list of Georgia websites to attack, as well as instructions on how to launch various kinds of cyber attacks. Georgian websites were either defaced with anti-Georgian propaganda (Figure 12-3) or were knocked offline with distributed denial of service (DDoS) attacks.
Figure 12-2. Stages of cyber attacks on Georgian websites
Figure 12-3. Defaced Georgian government website
Case study: GhostNet cyber espionage
According to the Information Warfare Monitor’s “Tracking GhostNet: Investigating a Cyber Espionage Network” report, “accusations of Chinese cyber war being waged against the Tibetan community have been commonplace for the last several years. The Chinese government has been accused of orchestrating and encouraging such activity as part of a wider strategy to crack down on dissident groups and subversive activity.”
During their investigations, the Information Warfare Monitor team found evidence of an extensive cyber espionage network that targeted the Tibetan community as well as other groups. The cyber espionage network was composed of “at least 1,295 computers in 103 countries, of which close to 30% can be considered high-value diplomatic, political, economic, and military targets.” Further, the Information Warfare Monitor found “documented evidence of GhostNet penetration of computer systems containing sensitive and secret information at the private offices of the Dalai Lama and other Tibetan targets.”
The cyber espionage attacks against the Tibetan community were carried against the backdrop of political tensions between the Chinese government and the Tibetan community (Figure 12-4). Tensions between these two groups escalated prior to the 2008 Beijing Summer Olympics. The Chinese government was increasingly concerned that pro-Tibetan independence groups planned to use the Summer Olympics as a platform to protest and attract increased international attention. Although cyber espionage attacks occurred well before the Chinese government became concerned about the possibility of Tibetan protests during the Beijing Games, it is likely that the increased tension between the Chinese and the Tibetans during this time period was a driver of increased cyber espionage attacks against the Tibetan community. It is unclear who carried these attacks, but it is likely that the Chinese government received the information collected from these efforts.
Figure 12-4. Stages of Chinese cyber espionage attacks on pro-Tibetan targets
The Chinese hacker community communicates primarily through a series of web forums and chat rooms. Hacking attacks are promoted on these websites, and often calls to action against specific targets are posted. In the case of the GhostNet attacks, rallying the Chinese cyber militia against specific