IT Attack to Georgia - more good data

The Arbor Sert, that many things can create the problems that one can see. They write:

While some are speculating about cyber-warfare and state sponsorship, we have no data to indicate anything of the sort at this time. We are seeing some botnets, some well known and some not so well known, take aim at Georgia websites. Note that RIA Novosti, a Russian news outlet, was apparently targeted during this fighting. Georgian hackers are accused of this event.

They also have a link to a presentation from USENIX Security 2008 just before this discussion started. The presentation by Jose Nazario indicate that just the background noise from attacks is between 2% and 3% of the traffic on the backbones of the Internet. Further that Sweden is number four (1.7% of attacks) of countries regarding being source of an attack, and number three (3.0% of targets) of countries regarding targets of attacks. About 40000 attacks each 24 hours.

Given this noise, I still think much of the problems in Georgia is because they do not have enough bandwidth, everyone is trying to see whether their websites are up etc. Of course a situation where it is very very easy to be successful in an attack, if that is the goal.

The important conclusions though, both from this and from attacks against Estonia that I wrote about here, is that one have to protect against bad traffic. Both intentional and unintentional attacks, and from increase in normal good traffic. It is absolutely clear that IT Attacks are part of the life today. They already happen and will continue to happen. See Page 23 and onwards in the presentation by Jose Nazario.

We need much better robust IT Infrastructure. Also in Sweden. PTS is doing a good job, but more can be done. It is sad to see that so much energy have to be spent on convincing people this is needed.

Updated: It has been pointed out in a comment by my friend Fergie that the reports by IntelFusion and SecureWorks do see criminal activities as part of the attacks. I am pretty sure there is, and good that there are some evidence and not only rumors. Still, my conclusions are the same: That deliberate attacks using IT based tools is part of the normal day today (either from individuals or groups), and that only a robust infrastructure, where measurements against deliberate and non-deliberate attacks (as well as “surprising” increase of good traffic) are installed from day one, helps.