Home / Blogs

Did Russian Cyber Attacks Precede Military Action?

The RBNexploit blog states that the website ‘president.gov.ge’ was under DDoS attack since Thursday. That site is now hosted out of Atlanta, Georgia (don’t you love coincidence?) by Tulip Systems who is prominently displaying an AP story which says in part:

The original servers located in the country of Georgia were “flooded and blocked by Russians” over the weekend, Nino Doijashvili, chief executive of Atlanta-based hosting company Tulip Systems Inc., said Monday.

The Georgian-born Doijashvili happened to be on vacation in Georgia when fighting broke out on Friday. She cold-called the government to offer her help and transferred president.gov.ge and rustavi2.com, the Web site of a prominent Georgian TV station, to her company’s servers Saturday.

Speaking via cell phone from Georgia, Doijashvili said the attacks, traced to Moscow and St. Petersburg, are continuing on the U.S. servers. The president’s site was intermittently available midday Monday. Route-tracing performed by the AP confirmed that the sites were hosted at Tulip.

See that part about the attacks continuing after the web server was moved to Atlanta? And my warnings when this broke out? If you happen to host your web applications on Tulip Systems’ servers you may be suffering from slow response times or even outages. Collateral damage from cyber war.

Rusisan military surrogates in the form of the criminal Russian Business Network are engaged in attacks against servers on US soil. This point should be brought up as the Group of 8-1 discusses appropriate responses to Russia’s attack on Georgia.

Ok, one more point. Thursday? The attacks on the President’s web server started *before* the action started in South Ossitia? Was this whole war pre-meditated on the part of Russia? Did they incite Georgia to take action against the separatists at a time that was oh so conveniently coincident with the start of the Olympics in Beijing? I may be suffering from time-zone confusion but when the dust settles Russia is going to have some explaining to do.

  1. Was the war with Georgia orchestrated? (I know this is obvious, but diplomacy seems so far removed from reality I think the point should be stressed.)
  2. How did the criminals at RBN know to launch attacks when they did? (In other words what is the real connection between RBN and Putin’s machine?)
  3. Russia has now launched cyber attacks against a web site physically hosted in the US. Is that an act of cyber war?

While the press focuses on Medvedev’s call for a “halt” to the war (which is oddly enough still continuing according to Georgia) attention should also be paid to the ongoing cyber war.

This post originally featured at Network World’s Stiennon on Security and reproduced here with permission.

By Richard Stiennon, Security Industry Innovator

Filed Under


> Ok, one more point. Thursday? The Dmitry Negoda  –  Aug 19, 2008 8:51 PM

> Ok, one more point. Thursday? The attacks on the President’s web server started *before* the action started in South Ossitia? Was this whole war pre-meditated on the part of Russia?

Your information is correct, Richard. Thursday, yes. *AFTER* the action started in South Ossetia by the Georgian president Saakashvili by flattening ossetian city Chinvalli with missils. CNN and other sites remained silent when that happend.  Georgian info agency says it were ossetian hackers, not russian ones, who hacked the website. That happened BEFORE Russia joined the conflict. When Russia took Ossetia side, more and more sites were DOS-attacked, both pro-ossetia-and-russian and pro-georgian. The latter suffered more, of course.

As for other questions in your post: I wouldn’t speculate… My opinion is that there are no good and bad guys in this conflict: Ossetian bandits disrupted georgian villages, georgians retaliated and so on. It does not matter who started, it only matters who continues.

More: they are both Caucasians, very hot folks. It will be VERY difficult to reconcile these people.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Threat Intelligence

Sponsored byWhoisXML API

Domain Names

Sponsored byVerisign


Sponsored byDNIB.com

Brand Protection

Sponsored byCSC

New TLDs

Sponsored byRadix


Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global