Russia-Georgia conflict still raging on Web

New York — As Russian tanks roll through Georgia, the assault is continuing in another realm: cyberspace, where hackers are waging war on Georgian Web sites, e-mail and communication services.

About 20 Georgian government, banking and media sites were offline Thursday, said Scott Borg, director of the U.S. Cyber Consequences Unit, an independent research group that advises the government. Some sites have fled to hosting computers elsewhere, including Atlanta, but are continuing to take digital fire.

The ongoing online battle, which appears to have begun before the first shots were fired, is a preview of a new era in warfare — one for which the United States is not ready, government officials and security experts say.

It’s a conflict where the weapons take the form of digital bits instead of bombs and bullets, and attacks can cause chaos beyond the Web by disrupting critical services such as transportation, banking and electric power. Combatants may range from governments with high-tech soldiers to teens with laptops in their bedrooms.

“Are we prepared to defend ourselves from highly sophisticated cyberattacks directed at our critical infrastructure industries? Of course not,” Borg said.

He said most people in the United States and their political leaders are just waking up to the threat.

“There are going to be no incoming forces, no incoming missiles, no incoming ships. The attacks will emerge from our own computer systems,” Borg said.

Earlier this year, National Intelligence Director Michael McConnell told a Senate committee that the United States is ill prepared for cyberattacks that could steal data or cause disruptions. He mentioned China and Russia as potential threats.

McConnell said the military is best protected, but the federal government and private companies are vulnerable.

However, U.S. companies may be better off than the government and the military because they “have felt the sting of attacks before” and spend more money on defenses, said Don Jackson, director of threat intelligence for SecureWorks, an information security company in Atlanta.

Cyberattacks can be cheap to launch, employing instructions and tools available online. A popular type of attack called “denial of service,” which is apparently being used extensively against Georgian Web sites, bombards the server computers that run sites or e-mail services with electronic requests. The servers overload and shut down.

More intricate attacks may involve remotely breaking into specific computers to steal, destroy or alter critical data.

Jackson said the United States is well prepared for large denial-of-service attacks because of its privatized networks. But he said more targeted attacks, which may involve deceiving computer users to download dangerous software, are a bigger problem.

A coordinated cyberwar effort by a government could be devastating, said Marcus Sachs, a former White House cybersecurity official who now runs the volunteer threat-monitoring group SANS Internet Storm Center.

Sachs compared a cyberwar to a Cold War nuclear standoff in which nations fear to fire the first shot because the potential consequences are so horrific.

“If we push the switch and actually start launching cyberattacks, what’s next?” he said. “What’s somebody else going to do to you? I don’t think our country is ready for that yet.”

And unlike past warfare, in the Internet age civilians acting on their own can increasingly inflict damage on foreign nations, making it more difficult to determine who is involved and how to respond.

The Georgian government has accused Russia in the recent cyberattacks. Russia’s government denies being involved, but the traffic patterns and servers used point to this “overwhelmingly coming out of Russia,” Borg said.

Georgian Web sites have been trying to evade the attacks, moving to servers in countries including Germany, Estonia and the United States, said Borg, whose group has been monitoring the sites.

“But each time they put one up it gets discovered and then attacked again,” he said.

Many Web sites have been shut down repeatedly or defaced “with obscenities and pictures of (Adolf) Hitler and things like that,” he said.

A haven for the Web site of the president of Georgia has been the Atlanta-based Web-hosting firm Tulip Systems Inc., whose founder and chief executive was born in the European Georgia. The site was transferred there Saturday yet continued to be the target of a flood of traffic from Russia, the company says.

Cyberattacks happen constantly around the world, but those involving Georgia and Russia have drawn special attention because they are extensive and coincide with a shooting war. Borg said Russian civilian hacker groups with the involvement of criminal organizations are behind the attacks.

“But the Russian government controls the places that these servers are operating from,” he said. “They’re at minimum letting this happen.”