There is no need for Kremlin in this hypothesis or why DDOS is the new poetry
August must be taking a really heavy toll on the news media. How else to explain a recent flurry of half-baked newspaper articles about cyberwarfare? It seems that not a single day could pass without yet another take on how "we all are going to die" at the hands of some evil-minded Russian nationalists, secretly ...
August must be taking a really heavy toll on the news media. How else to explain a recent flurry of half-baked newspaper articles about cyberwarfare? It seems that not a single day could pass without yet another take on how "we all are going to die" at the hands of some evil-minded Russian nationalists, secretly funded by pro-Kremlin oligarchs, intent on blowing up the country’s power grids, water dams, and whatever else is left of the crumbling American infrastructure. Ah, if only those pesky Russians understood the basics of PR! They could already be playing up the fears of the inevitable "cyber-death panels" that would punish all of us for not running that annoying anti-virus check…
It’s not surprising that the public debate on the issue hasn’t changed much since early spring. We keep drowning in a stream of classified reports from numerous cybersecurity organizations (on lucky weeks- like this one – such reports come with unclassified summaries that only make us more concerned, for we could only guess what ominous details have been omitted). We keep wasting time on criticizing the never-ending fear-mongering articles in the Wall Street Journal. We keep dissecting the most outrageous assertions about the impending cyber-Armaggedon. And those assertions keep coming…
Today we’ve got a new summary to play with; this one is from a new report of the US Cyber Consequences Unit (CCU), an independent nonprofit research institute studying, you guessed it, cybersecurity. Several articles – including those in the Wall Street Journal and PC World – report on its findings, featuring numerous quotes from CCU’s experts. There is plenty of stuff in there that I strongly disagree with. However, what really irks me is that the researchers are drawing too many insights from the fact that last year’s cyber-attacks on Georgia started a few hours after the war had begun. To them, this is a sure sign that the Russian military must have been coordinating its actions with hackers, or, at least, granting them access to their war plans.
Yes, you heard it right: the Russian military sharing their plans with a bunch of bloggers, hoping they could help them defeat the Georgians. You can’t make this stuff up. I wonder if those who believe that the Russian military is capable of this would also think that such a scenario is feasible in the US. Imagine Robert Gates inviting Robert Scoble and Giga Om to give them a classified briefing about the US strategy in Afghanistan.
But even if we leave such absurdity aside, this theory assumes that nobody was expecting this war and the cyber-attackers had to be tipped off – or they wouldn’t be able to launch the attacks so promptly. But what about the fact that all three parties to the conflict – i.e. Georgians, South Ossetians and Russians – had been trading rocket fire, grenades, and explosions for a good few months before the conflict began? Those of us who closely followed last summer’s public debates in Russia (and, to a certain extent, Georgia) surely noticed that there had been much talk of a possible war even in June and July.
True, most analysts thought it would happen in Abkhazia, not South Ossetia, but last August’s war was hardly a surprise on the scale of, say, 9/11. Thus, the conflict was actually the culmination of a long-drawn squabble between political leaderships of both countries; those squabbles were well publicized and openly discussed. Did many Russians have animosity towards the Georgian president before the war? Yes, they did – and the same goes for Georgian attitudes towards Kremlin. Once you factor in the much-overlooked regional politics, many things become clear. For example, politics explains why the web-site of the Georgian president had first been attacked a few weeks before the war broke out: enough people hated him already.
It’s time for the cybersecurity community to accept the uncomfortable truth that DDOS is what people do when they hate each other. In the past, they used to trade hate mail; today, they trade DDOS attacks. Historical parallels abound: in the first few months of WWI, German newspapers received almost a million amateurish poems lauding the war; at least at the very beginning of the conflict, many Germans were extremely excited and supportive of the war effort. Thanks to the Internet, today there are plenty of other ways for concerned and patriotic citizens to show their excitement about a war their country is fighting. DDOS is the new poetry.
That said, what I don’t really understand is why it’s so hard to accept the fact that a bevy of nationalistic Russians may have decided to take revenge on Georgia after reading the news of the war WITHOUT coordinating their actions with the Russian government. Why did they need to coordinate anything if they were capable of launching DDOS without government assistance? By the same logic, we should be theorizing that the hordes of people who launched DDOS attacks on the Iranian government’s web-sites two months ago were also being led by DOD or the State Department. How many reasonable people believe that this wouldn’t have happened if the US government didn’t get involved?
This may look silly, but every time I hear of such theories, I am reminded of the famous conversation between Napoleon and the French astronomer Laplace. When the emperor asked the scientist why he didn’t mention God in his vision for the comprehensive world system, Laplace quipped that he had no need for that hypothesis. Similarly, there is no need for DOD or the State Department in explaining the cyber-attacks on Iran; there is also no need for invoking the Russian government in the attacks on Georgia. If the Russian government really wanted to destroy the Georgian communications, they could have done so by destroying their Internet cables or bombing their TV stations. Somehow NATO knew that bombs are usually more effective than DDOS attacks and showed very little restraint in bombing the Serbian television headquarters in 1999; are we holding the Russian military to a higher moral standard?
Military history aside, I am quite surprised that the WSJ article didn’t mention the Iranian DDOS angle at all. Or is it only considered "cyber-terror" when pro-American governments like Georgia get attacked? Why doesn’t the Cyber Consequences Unit also study the Iranian attacks to draw some insights about any timing coincidences? After all, the attacks started only a few hours after the protests had begun: that surely is a sign that the protesters were coordinating their actions with their Western supporters who were behind DDOS?
Of course, I wouldn’t be surprised if this is also the argument that is now used by the Iranian authorities to get the arrested protesters to confess to foreign backing. Something must be really wrong with our own public debate about cyberwarfare if our cyberwarfare experts have to share the same intellectual base with Ahmadinejad. I am being ironic here, but isn’t the fact that America has home-bred "cyber-terrorist" units capable of striking down foreign governments also a cause for concern? I mean, today they DDOS Iran, tomorrow they might DDOS Israel…
Frankly, I am not much surprised by the lack of critical analysis of the attacks on Georgia: this is what happens when technological analysis is conducted in complete isolation from the world of politics. I’d be surprised if any of the recent cyberwarfare reports actually reached out to the non-military and non-tech regional experts, particularly those who are knowledgeable about the political developments in the region. Trying to analyze the cyberdemension of a real war is impossible without understanding the causes, the conduct, and the aftermath of the war.
However, in a quest for anecdotes that could help establish a tenuous connection between DDOS and the "real world" (i.e. the governments rather than petty criminals), most observers of cyberwarfare fail to take notice of the forces shaping that "real world". Perhaps, this is to expected, but that more and more journalists fall for this narrative is quite disconcerting.