In addition to the bloody conventional war that has raged between Georgia and Russia over South Ossetia (which at least appears to be at a pause, now), there has also been a less-bloody but no-less-ruthless cyber-war waged by Russia against Georgia’s technology infrastructure:

The Georgian government is accusing Russia of disabling Georgian Web sites, including the site for the Ministry of Foreign Affairs.

Because of the disruption, the Georgian government began posting the Foreign Ministry’s press dispatches on a public blog-hosting site owned by Google (georgiamfa.blogspot.com) and on the Web site of Poland’s president, Lech Kaczynski.

…

The attacks are structured as massive requests for data from Georgian computers and appear to be controlled from a server based at a telecommunications firm, he said.

This kind of attack, known as a distributed denial of service attack, is aimed at making a Web site unreachable. It was first used on a large scale in 2001 to attack Microsoft and has been refined in terms of power and sophistication since then. The attacks are usually performed by hundreds or thousands of commandeered personal computers, making a positive determination of who is behind a particular attack either difficult or impossible.

…

Bill Woodcock, research director of the Packet Clearing House, a nonprofit technical organization that tracks Internet traffic, said cyberattacks are so inexpensive that they are almost a certainty in modern warfare. “It costs about 4 cents per machine,” he said. “You could fund an entire cyberwarfare campaign for the cost of replacing a tank tread, so you would be foolish not to.”

Take special note of one element of the above passage – “first used on a large scale in 2001 to attack Microsoft.” While that is not chiefly true – the 2001 attacks came a year after DDoS attacks “slowed, and in some cases halted, access to eight major Web sites, including Yahoo, eBay and CNN.com” – the overall thrust is correct. These were tactics first deployed by loose confederations of Internet mischief-makers (or, if you prefer, criminals) against corporate entities, and are now being used as part of a coordinated war effort by one sovereign state against another. And corporations are being used as allies – unwitting or not – in this war:

[Georgia has] switched their operations to one of Google’s Blogspot domains, to keep the information flowing about what’s going on in their country.

…

“In a sense,” notes Jim Stogdill, “They must be saying ‘we can’t keep our sites up, but we don’t think [Russian hackers] can take down Blogspot, given Google’s much better infrastructure and ability to defend it.'”

Set aside for a moment the cheesiness of a nation-state needing to outsource its information-space to Blogspot, and try to consider the whole bizarre set of exchanges of tactics and technologies in play.

• Georgian troops move into breakaway region South Ossetia
• Russian troops respond, repelling initial invasion and pushing Georgian forces into a full retreat
• As part of continued counter-offensive, Russia adopts online assaults – first used less than a decade ago – and also used by Anonymous in their protests against the Church of Scientology
• Due to the success of those attacks, Georgia takes refuge on the servers of one of the world’s most powerful corporations, whose market capitalization of US$158 billion dwarfs Georgia’s GDP of $20.5 billion, using a service first developed less than a decade ago

Thousands have died in this war. And while DDoS attacks are more a function of propaganda than lethal violence (and Russia’s straightforward bombing of cell phone towers probably more effective, tactically), it’s worth considering the degree to which online actions and innovations by individuals and entrepreneurs can be adopted by states in support of bad actions. This isn’t an argument in favor of locking down or making online life less open, but rather this should be a moment to realize another of the problematic aspects of a world that’s not flat but instead characterized by interconnections that increase complicity among a wide range of actors, whether that complicity is an active choice or not.

Digital citizenship is a tricky business – online, it’s not entirely clear where one’s loyalties do or should lie. What of international human rights activists whose own governments spy on them? Or software entrepreneurs whose products are adopted by repressive governments? It may simply be the case that with the near-zero cost of moving ideas around the world, we must get used to our ideas being carried forward and adopted by those with whom we disagree or even find abhorrent.

What of responsibility, then? I think our responsibilities online ultimately are no more or less than our responsibilities offline – be conscious of our actions and how they effect others, and always seek to treat others justly.

–Jacob Kramer-Duffield