Details of the parallel Russian cyberwarfare campaign against Georgia began to emerge even as Russian tanks appeared on the south side of the Roki Tunnel in South Ossetia on Aug. 8. There is little doubt at this point that a concerted assault took place alongside conventional military operations.
Interactive Cyberwarfare TimelineEditor's note: This is part of a series of analyses on the emergence of cyberspace as battlespace. Russia's offensive against Georgia began not with tanks or fighter jets, but in cyberspace. STRATFOR knows firsthand that Georgian government and media Web sites began to crash the night of Aug. 7 — well before Russian troops emerged on the south side of the Roki Tunnel in the breakaway republic of South Ossetia the following morning. Though much that takes place in cyberspace is deniable, there is little doubt that a concerted offensive cyberwarfare campaign against Tbilisi shifted into high gear that night. And cyberwarfare appears to be emerging as a principal tool for Moscow's operations on its periphery. The Georgian news Web site Civil.ge claims that it is "under permanent DDOS attack," referring to a distributed denial of service attack that attempts to overwhelm a server's capacity. After assistance from Google and Estonian computer security experts, it is now being hosted temporarily on a Blogspot account. Meanwhile, Georgian President Mikhail Saakashvili's Aug. 11 interview with CNN was interrupted in what he claims was a targeted cyberattack. Many more claims have been made, and the groundwork now looks to have been laid well before Aug. 7 (Saakashvili's Web site, for example, was shut down by a July 20 DDOS attack). Several computer security experts have claimed that many of these DDOS attacks can be traced back to systems known or thought to have been used by a Russian hacker network and the Russian government in similar previous attacks. While Moscow has been particularly good about herding its domestic hackers as well as bringing its own resources to bear in these scenarios, however, the situation in Georgia and South Ossetia is just the sort of divisive event that attracts independent hackers to organize and stir up trouble on their own. The Web sites shut down since Aug. 7 nevertheless represent a concerted — and effective — attack on the means of Georgia to communicate with its population and the world. Unlike a similar attack on Estonia in 2007, assaults carried out in cyberspace were supplemented in Georgia by real-world bombings by the Russian air force in which telecommunications infrastructure was specifically targeted. Additionally, more of Georgia's connections to the Internet pass through Russia than any other country — comprising nearly half of Georgia's thirteen links to the worldwide network. (Other former Soviet republics may be even more reliant to Russian acquiescence for Internet connectivity.) Of course, Tbilisi has still been communicating with the world. Reporters are still picking up statements from Saakashvili and senior Georgian officials. Saakashvili even published an Op-Ed in The Wall Street Journal on Aug. 10. One could also accurately point out that support for Georgia or Russia was largely predetermined; sides had been taken before the first shot was fired. In a war where accusations of genocide have been levied, the degradation of Georgia's ability to communicate its perspective of the situation through the Ministry of Foreign Affairs and its own media coverage undermines its ability to help shape international perception. And this is to say nothing of the distraction Georgia faced of having to deal with IT issues when it had a pressing need to focus elsewhere. As we have already argued, no one was coming to Georgia's rescue. But whatever history may ultimately decide about the events of Aug. 7-12, the decisive moment for Tbilisi to seek help and make that case abroad was during the hours and days after the Russian invasion began. Russia's cybermoves undermined its ability to do so. While this was not decisive here, it could have been in some other conflict. Ultimately, two points have become apparent. First, Russia is refining its capability to use cyberwarfare to alter the dynamics of a crisis with its peripheral states. Second, Moscow has now used cyberwarfare alongside conventional military efforts. The degree of integration of those two efforts is not clear to us, but the fact of the matter is that both were used in parallel to achieve the Kremlin's aims. In so doing, Russia is gaining valuable operational experience in a new, emerging domain. This will not be the last time Moscow will exploit cyberspace to achieve its aims. And distance is not really a factor in cyberwarfare. The next time, it may not involve a country with which Russia shares a border.