Cyber awarness project
In 2008, Georgia sustained Russian kinetic and cyber attacks, the latter directed against both public and private sector networks. Regrettably, no comprehensive cyber defense system was yet implemented in the country. However, since then, the Georgian government has worked to implement cyber defense policies. The Data Exchange Agency (DEA) of the Ministry of Justice, which was founded in 2010, takes the lead in this process. DEA, together with the National Security Council and an inter-agency working group, has elaborated a draft of Cyber Security Strategy. Part of that strategy is a new Georgian Information Security Act.
Khatuna Mshvidobadze. Published in TABULA (Weekly magazine). December 19 – 25, 2011
Just two days after the polls closed, downtown Moscow’s Tverskoi Magistrate’s Court stood as a metaphor for Russia’s December 4 Duma elections—botched election fraud, street protests and a popular blogger jailed. The Internet generation had handed Prime Minister Vladimir Putin and President Dmitry Medvedev a sound and apparently unexpected blow.
State-sponsored Cyber Terrorism: Georgia’sExperience
Presentation to the Georgian Foundation for Strategic and International Studies
“Here in Georgia,” Georgian Security Analysis Center (GSAC) Senior Associate Khatuna Mshvidobadze told a GFSIS audience on September 29, “our primary cyber terrorist concern is state-sponsored attacks.” She was speaking at a GFSIS seminar, “State-sponsored Cyber Terrorism: Georgia’s Experience.”
The chairman of the seminar was Professor Alexandre Rondeli, President of GFSIS. In addition to Mshvidobadze, speakers included GSAC Director David J. Smith and Ambassador Batu Kutelia, Deputy Secretary of National Security Council of Georgia.
Mshvidobadze began the presentation with an overview of cyber hooliganism, cyber crime, cyber espionage and cyber terrorism. Cyber terrorism, she said, is “cyber acts designed to foment terror or demoralization among a target population for some purpose of the perpetrator.” She discussed the cyber criminal organization Russian Business Network, which played a key role in Russia’s 2008 attack on Georgia. That war was the first ever combined kinetic and cyber war. “We can say beyond a reasonable doubt,” she stressed, “that Russia directed the cyber attacks on Georgia, operating through Russian organized crime and well organized hacktivists.”
She ended up her presentation with recommendations for Georgia, in particular that it must ratify the European Convention on Cybercrime. She said that since the 2008 war, Georgia made some steps forward in cyber security: the Data Exchange Agency was created, now running a 24/7 CERT.
Mshvidobadze will present a version of her talk at the Cyber Security Forum Initiative in Washington in early November.
Smith reviewed the international context of cyber terrorism noting that Georgia should cooperate with like-minded countries on all aspects of the cyber threat. He pointed out that in Russia, there is a nexus of government, business and crime. Westerners delude themselves to believe that they have law enforcement counterparts there.
Kutelia presented the Georgian government’s view about cyber security. He sketched the pillars upon which government policy must rest. These include public awareness and cooperation between the private sector and government. He said that cyber threats are included in the Threat Assessment Document of Georgia and they will be significant part of new National Security Concept.
A lively discussion ensued well beyond the seminar’s scheduled end. The room was comprised of people from the government, NGOs, foreign experts and students. “Chatham House rules” applied.
David J. Smith. Published in TABULA (Weekly magazine). July 25 – 31, 2011
Just over three years ago, Russia fired the first shot in its war upon Georgia, the first ever combined kinetic and cyber war. The shot was not fired from the 125 millimeter gun of a T-72 tank, but from the keyboard of a computer.
By Khatuna Mshvidobadze.
Presentation to the NATO Conference Emerging Security Challenges. Tbilisi. July 7, 2011
Presentation to the SMi / Cyber Security Forum Initiative
Cyber Defence Conference
May 16, 2011
In the modern world, we see technology evolving quicker than ever. This rapid technological evolution changes the economics of international markets, alters relations among states and even introduces new, non-state actors onto the stage of international relations. The realities of globalization and technological development combine to create a new concept in modern international relations, a new kind of war—cyber war. And cyber war is closely related to several other modern developments—cyber crime, cyber espionage and even cyber hooliganism.
At the 47th Munich Security Conference in February, cybersecurity emerged as a key issue for the entire world. Regrettably, too much discussion focused on rules of cyber-engagement, a takeoff on The Hague or Geneva Conventions. Many experts are skeptical of this approach because on the Internet, actors and intentions can be hidden in the cyber-mist, a dodge that Russia often uses.
Senior Associate, Georgian Security Analysis Center, GFSIS
Russian Cyber Attacks on Georgia: Looking Forward, March 17, 2011
Russian Cyber Capabilities
Thank you very much, Professor Rondeli for inviting me to address this distinguished audience. I shall discuss Russia’s cyber capabilities—information security policy, diplomatic posture, what Russia is doing and why cyber is a priority for Moscow.
At the 47th Munich Security Conference in February, cyber security emerged as a key issue for the entire world. Regrettably, too much discussion focused on cyber rules of engagement, a take-off on The Hague or Geneva Conventions. Many experts are skeptical of this approach because on the Internet, actors and intentions can be hidden in the cyber mist, a dodge that Russia often uses.
Moscow refuses to sign the only promising agreement, the European Convention on Cyber-crime, open for signatures since 2001. The Kremlin does not want to cooperate with foreign law enforcement officers looking into something like the 2007 cyber attacks on Estonia, and it is surely does not want to risk exposure of its links to the thugs who run cyber crime syndicates such as the Russian Business Network (RBN).
As a diversion, Moscow has a treaty proposal of its own. The thrust of its proposal would be to ban media or Internet broadcast of any information that could “distort the perception of the political system, social order, domestic and foreign policy, important political and social processes in the state, spiritual, moral and cultural values of its citizens.” RFE/RL would be one of Moscow’s first targets under such an approach!
During the era of President and Prime Minister Vladimir Putin, one of Russia’s top priorities has been to control information and media networks as well as foreign involvement in the information field.
In 2003, Putin reorganized FAPSI (Federal Agency for Government Communications and Information), its assets and functions distributed among the Foreign Intelligence Service (SVR), Military Intelligence (GRU), the Federal Security Service (FSB) and the Federal Protection Service (FSO). FSB’s Sixteenth Directorate is believed to control Russia’s reserve force of hackers.
The FSB and the FSO monitor telegraph, telephone, Internet, satellite uplinks and downlinks and wireless communications. Internet traffic is copied by a system called SORM-2 (System of Operation Research Measures). Internet Service Providers are even required to train FSB officers to use this equipment to spy on their clients.
And there is no shortage of personnel. After the fall of the Soviet Union, many Russian scientists and mathematicians moved into the commercial world, which includes legitimate business but also cyber crime and certain services to the Russian state.
Russia has become known for its high standard, openly advertized hacker schools. Often, fees are covered by unnamed sources. In Voronezh, for example, FAPSI, as many still call it, runs possibly the biggest and best hacker school in the world.
And, in a country where any publication unacceptable to the government is harassed or closed, Xaker: Computer Hooligan Magazine thrives. There is no clear law against cyber crime and it is even semi-officially encouraged, so long as hackers do not attack the Russian state.
Russia views cyber-capabilities as tools of information warfare, which combines intelligence, counter-intelligence, maskirovka, disinformation, electronic warfare, debilitation of communications, degradation of navigation support, psychological pressure and destruction of enemy computer capabilities.
The first concrete effects of this approach were in cyber-espionage. For example, in 1999, the London Sunday Times reported that American officials believed that Russia had stolen US military secrets, including weapons guidance systems and naval intelligence codes. The cyber theft was so sophisticated that John Hamre, then US Deputy Secretary of Defense wondered whether America was losing the world’s first cyber-war.
RBN is still a prime suspect in a 2003 attack on Pentagon and US Treasury computers. And cyber spies have penetrated the US electrical grid, leaving behind programs—trap doors—that could be used to disrupt these systems later.
Closer to home, Russia is desperate to rebuild a privileged sphere of influence in the former Soviet states and to push the west out. Traditionally, there have been three not mutually exclusive avenues toward this objective. First is dirty tricks—energy manipulation, economic embargoes, blackmail, extortion, political subversion, etc. Second is keeping the post-Soviet space economically dependent on Russia. Third, as Georgia learned in August 2008, is direct military invasion.
Cyber-warfare, of course, is a cost effective and stealthy fourth way to attempt to subdue the countries on Russia’s periphery. Considering the political situation surrounding Estonia’s 2007 decision to move the Soviet Bronze Soldier statue from Tallinn city center, it is incredible that the ensuing cyber attacks came from Peruvian or Vietnamese teenage hackers. Russia, of course, denied any involvement.
Then it was Georgia’s turn. These cyber attacks were a bit more sophisticated, they were coordinated with a kinetic attack and invasion, and, this time, Russian organized crime did little to hide its involvement.
Western computer security researchers found clear evidence that the attackers used the same attack commands, computers and botnets—many computers surreptitiously roped together to churn out messages—used by RBN for criminal activities. RBN was (and probably still is) a group of cyber criminals tied to Putin. It has been involved in phishing, malware distribution, malicious code, denial-of-service attacks and child pornography. After the war on Georgia, RBN evaporated into the Ethernet, but they and their ilk will always find benefactors—criminals or aggressive states. Some experts believe that RBN was also involved in the cyber offense against Estonia.
We must assume that they have learned and applied the lessons of 2008—Russian cyber-capabilities today are better than they were then.
In February 2010, Russia published its new Military Doctrine, outlining its objectives in modern military conflicts, including, “The prior implementation of measures of informational warfare in order to achieve political objectives without the utilization of military forces.”
In sum, Russian cyber-warfare is here and here to stay unless and until there is fundamental change in Russia. Russia will be ready. Will we be ready?
The Internet has become the habit of people’s daily life. However, we often forget that we need protection in cyberspace. Every day we see news about some cyber-crime. Indeed, Internet crime has become more normal than pick-pocketing or car theft. So, we need to be careful by keeping in mind the following rules:
DO install anti-virus software and DO keep it up to date. However, DO NOT click on those pesky pop-ups that say you have a security problem. (Instead, run the update for the security program that you installed or go directly to the company’s website.)
DO NOT install a program downloaded from the Internet unless you know the source.
DO choose complicated passwords—use alpha-numeric combinations, e.g. d19an52a1. DO NOT choose easy passwords like your name, address or birthday—they can be cracked easily. DO change your passwords regularly.
DO NOT disclose personal information: telephone number, bank details, physical address or photos.
DO NOT share the IP address of your computer.
DO be aware of botherders who take over a bit of your computer to be part of a spam-generating botnet. If you have a security program and have cleaned your computer of malware and temporary Internet files and it is still too slow, have it serviced by a professional.
DO NOT perform sensitive transactions like online banking on an unfamiliar computer (such as computers at Internet cafe). DO activate a firewall and make sure it is active at all times during sensitive transactions. DO keep records of all your online transactions and review your monthly credit card and bank statements to spot errors or unauthorized charges. DO report problems immediately to your financial institution, the company with which you are doing business and your Internet Service Provider.
DO NOT open suspicious E-mails—they are likely spam and may contain viruses or spyware.
DO NOT follow the directions of those mails, even if they are sent from your friends’ electronic address. DO NOT click on any suspicious link.
DO NOT follow popup links—they may contain viruses or switch you to a pornographic website.
DO install anti-popup software to get rid of dangerous links and to protect your children from pornography. DO monitor what your children are accessing on the Internet.
DO turn off your computer, when you are not using it.
DO NOT respond to deals that seem too good to be true—you have won the lottery when you did not buy a ticket or given an American Green Card for which you did not apply. DO NOT apply for visas or educational programs except on official websites.
DO NOT send money via Internet without being absolutely sure about the recipient, the means of transaction and the security of the sites handling the transaction.
DO think well before you act on Internet. Once you put something out there—information, pictures, etc.—you cannot get it back!
*Diana Tsutskiridze is Researcher, Georgian Security Analysis Center, Tbilisi.
ბევრი ჩვენთაგანისათვის ყოველდღიური ჩვეულება გახდა, დილით გაღვიძებისთანავე ყავის დალევა, კომპიუტერის ჩართვა და ვირტუალური სამყაროში შესვლა. ვამოწმებთ ელექტრონულ ფოსტას, ვეკონტაქტებით მეგობრებსა თუ ნათესავებს სოციალური ქსელებისა და ჩატის მეშვეობით, ვკითხულობთ ახალ ამბებს, ვუსმენთ მუსიკას, ვახორციელებთ საბანკო გადარიცხვებს.
ჩვენი ოჯახების ყველაზე ახალგაზრდა წევრებიც კი თავიანთ საყვარელ ანიმაციურ საბავშვო ფილმებს კომპიუტერის მეშვეობით უყურებენ და სხვადასხვა კომპიუტერული თამაშებით ერთობიან. სკოლამდელი ბავშვებიც კი, რომლებსაც კითხვაც კი არ შეუძლიათ, ორიენტირებენ ინტერნეტში.
ინტერნეტი გახდა ადამიანთა ყოველდღიური ცხოვრების წესი. თუმცა, მიუხედავად ამისა ხშირად გვავიწყდება რომ კიბერსივრცეში თავდაცვაც საჭიროა. უკვე ყოველდღიურად ვუსმენთ ახალ ამბებს კიბერ დანაშაულის შესახებ. მართალია რომ კიბერდანაშაული გახდა უფრო ჩვეულებრივი რამ ვიდრე ჯიბის ქურდობა ან ავტომანქანის გატაცებაა. ასე რომ ჩვენ, თითოეულ ინტერნეტ მომხმარებელს სიფრთხილე გვმართებს შემდეგი წესების გამოყენებით:
- დაამონტაჟეთ ანტი-ვირუსული პროგრამა და განაახლეთ ის ხშირად. თუმცა, არასდროს დააჭიროთ ლინკებს რომლებიც თვითონ გაფრთხილებენ რომ თქვენს კომპიუტერს აქვს უსაფრთხოების პრობლემა. (ამის მაგივრად კიდევ ერთხელ გაწმინდეთ კომპიუტერი იმ ანტივირუსული პროგრამით რომელიც უკვე არის თქვენს კომპიუტერში ან მიმართეთ კომპანიის ოფიციალურ ვებგვერდს).
- არ დაამონტაჟოთ ინტერნეტიდან გამოტვირთული ანტივირუსული პროგრამა, თუ ნამდვილად არ იცით წყარო საიდანაც ის გადმოიწერეთ.
- ამოირჩიეთ რთული პაროლები, გამოიყენეთ რიცხვისა და ასოების შემცველი კომბინაციები, მაგ. თბილ13ს52ი. არასდროს შეარჩიოთ ისეთი ადვილი პაროლები როგორიცაა თქვენი სახელი, მისამართი ან დაბადების თარიღი, რადგანაც მათი გაშიფრვა ადვილადაა შესაძლებელი. შეცვალეთ თქვენი პაროლი რეგულარულად.
- არ გაამჟღავნოთ ინტერნეტში პირადი ინფორმაცია, როგორიცაა ტელეფონის ნომერი, საბანკო დეტალები, სურათები ან საცხოვრებელი მისამართი.
- გაეცანით ვებგვერდის საიდუმლო წესების უსაფრთხოების სერთიფიკატს, სანამ მიაწოდებთ პირად ან ფინანსურ ინფორმაციას.
- არავის გაუზიაროთ თქვენი კომპიუტერის IP მისამართი.
- სიფრთხილე გამოიჩინეთ იმ ბოტმმართველის მიმართ, რომელმაც თქვენი კომპიუტერი შეიძლება გახადოს სპამის გამავრცელებელი მექანიზმი. თუ თქვენ გაქვთ კომპიუტერული უსაფრთხოების პროგრამა და წმენდთ კომპიუტერს ვირუსებისა ან დროებითი ინტერნეტ ფაილებისგან და ის მაინც მუშაობს ძალიან ნელა, მიაკითხეთ პროფესიონალს.
- არ აწარმოოთ უცხო კომპიუტერიდან (როგორიცაა: ინტერნეტ-კაფეს კომპიუტერები) ისეთი მგრძნობიარე ტრანზაქციები როგორიცაა ონლაინ ბანკი.
- გააქტიურეთ ფილტრაციის სისტემა მნიშვნელოვანი ტრანზაქციების დროს და დარწმუნდით მის აქტიურობაში. შეინახეთ ონლაინ განაღდებების ჩანაწერები და განიხილეთ თქვენი საკრედიტო ბარათი ყოველთვიურად, ასევე ბანკის განცხადებები შეცდომებსა თუ არაავტორიზებულ გადახდებზე. დაუყონებლივ აცნობეთ პრობლემების შესახებ თქვენს ფინანსურ დაწესებულებას, კომპანიას სადაც გქონდათ გადახდილი თანხა და თქვენს ინტერნეტის მომწოდებელ სერვისს.
- არ გახსნათ საეჭვო ელექტრონული წერილები, ისინი შესაძლოა შეიცავდნენ ვირუსებს.
- დაამონტაჟეთ კომპიუტერში თავისით ამოტივტივებული ლინკების საწინააღმდეგო პროგრამა, ამით დაიცავთ თავს საშიში ვებ-გვერდებისაგან და თქვენს შვილებს პორნოგრაფიისაგან.
- თვალ-ყური ადევნეთ რას აკეთებენ თქვენი შვილები კომპიუტერის გამოყენების დროს.
- გამორთეთ კომპიუტერი როდესაც მას არ იყენებთ.
- არ მიჰყვეთ საეჭვო და უცნაური წერილების ინფორმაციას, თუნდაც ისინი მეგობრის ელექტრონული მისამართიდან იყოს გამოგზავნილი. არ დააჭიროთ საეჭვო ლინკებს, განსაკუთრებით “ამომხტარ” ლინკებს, ისინი ან ვირუსების შემცველნი არიან ან ავტომატურად მოახდენენ გადართვას სახიფათო ვებგვერდებზე.
- არ უპასუხოთ ისეთ შემოთავაზებებს, როგორიცაა მაგალითად, თქვენ მოიგეთ ლატარია, როდესაც თქვენ საერთოდ არ გიყიდიათ ლატარიის ბილეთი, ან მოიგეთ ამერიკის Gრეენ ჩარდ-ი რომლის აპლიკაცია არც კი შეგივსიათ.
- შეავსეთ სავიზო აპლიკაცია ან სასწავლო პროგრამა მხოლოდ ოფიციალურ ვებგვერდებზე.
- არ გააგზავნოთ ფული ინტერნეტით თუკი სრულიად დარწმუნებული არ ხართ მიმღების, გადარიცხვის ტიპის და იმ ვებგვერდის უსაფრხთოებაში რომლის მეშვეობითაც აგზავნით თანხას.
დაფიქრდით კარგად სანამ დაიწყებთ მოქმედებას ინტერნეტში. რადგანაც იქ დადებულ ან გაგზავნილ ინფორმაციას უკან ვეღარ დააბრუნებთ.
* დიანა ცუცქირიძე, მკვლევარი, საქართველოს უსაფრთხოების ანალიზის ცენტრი
Published in Investor.ge. (19) February-March 2011, pp. 29-32
Just a couple of decades ago, only science fiction buffs could imagine something called the cyber sphere, not to mention the real-world challenges it would soon present. But today, individuals, businesses and governments have become dependent on the Internet and computerization of just about everything. That brought much good, but also many new vulnerabilities. The need for cyber-security is no longer news to most people, but few yet understand the acute need for broader action and an unprecedented government-business partnership.
David J. Smith.
Published in Federal Computer Week. Published on Jan 26, 2011.
The 2,000-plus cables WikiLeaks has published are wreaking considerable damage. Consequently, the federal government must tighten personnel and technical security, but it must do so without alienating its very loyal workforce and without reintroducing the stovepipes that were dismantled in the wake of the 2001 terrorist attacks.
Published in TABULA (Weekly magazine). Dec. 27, 2010 - Jan. 9, 2011
In a few days, we usher out the year of the tiger and welcome the year of the rabbit. But we could as well dub 2010—and 2011 also—the year of the worm. Stuxnet and Wikileaks are just two examples of how worms—computer and human—are crawling into our lives. The repercussions will resonate throughout 2011 and beyond on three levels—technical, human and historical.
David J. Smith.
Presentation to the Georgian Cyber Security and ICT Innovation Conference 2010
Tbilisi, Georgia November 10, 2010The 2008 Russian cyber attack on Georgia, an improved version of Moscow’s 2007 cyber-assault on Estonia, along with the recent (thus far unattributed) appearance of the Stuxnet worm and several other instances, was a clear signal that cyber-war is here and here to stay.
“Electronic warfare against Iran,” an unnamed Iranian intelligence source told the New York Times. We shall probably never know the details or the extent of it, but apparently last summer, something went askew with the computer-controlled processes in the Islamic Republic’s nuclear programs. Then, Belarusan security experts discovered that Stuxnet—a super-cyber-weapon—had wormed its way into some of Iran’s most sensitive computers. Considered alongside the Russian cyber-attacks against Estonia in 2007 and Georgia in 2008, Stuxnet’s appearance signals that cyber-warfare is as much a contemporary reality as social networking.
By now, Stuxnet has been parried by most computer users—in October, Microsoft patched the operating system vulnerabilities that Stuxnet exploited. But its discovery last summer
Millions of Internet users have had at least a casual brush with cybercrime. An E-Mail message arrives from a friend in trouble far from home. Please help; send some money. The E-mail message contains all the necessary banking information to send money or the telephone number of a so-called friend of your friend who will be happy to help you. The situation is very confusing as the E-mail appears to come from the friend’s address. Many people around the world send the money without checking the information—they become victims of cybercrime.
Published in Investor.ge. (19) February-March 2010
Just about everyone has received one of those bogus e-mails that appear to come from a friend in trouble in, say, London—please send me $2,000! The clumsy handiwork of petty cyber-swindlers is easy to spot, but more creative cyber-crimes against individuals, businesses and governments are perpetrated every day. And cyber-war is already a threat against which national security experts must plan.
Presentation of Khatuna Mshvidobadze
Senior Associate, Georgian Security Analysis Center. Georgian Foundation for Strategic and International Studies, Tbilisi
To the Conference NATO and the New Strategic Concept: Romania`s Priorities. Bucharest, Romania. October 23, 2009
David J. Smith. 24 Saati. March 24, 2009. “Last summer, Russia invaded Georgia on four fronts,” Georgian National Security Council Secretary Eka Tkeshelashvili told a recent Washington conference. “Three of them were conventional—on the ground, through the air and by the sea. The fourth was new—their attacks via cyberspace.” The era of cyber-warfare has begun.
The era of cyber-warfare has begun! A senior Estonian Government official visited Tbilisi last week to explain the cyber-war against his country last April and May and to offer Georgia assistance in preparing to meet this Twenty-first Century challenge. Henceforward, all countries must prepare to parry crippling assaults via the Internet, he said.