Posts
In my view, the individuals most directly responsible for carrying out the cyber "first strike" on Georgia are two Russian Business Network operatives, Alexandr A. Boykov and Andrew Smirnov, both of Saint Petersburg, Russia. These men are not "kiddie scripters" (as some have sought to rather narrowly characterize the attackers of Georgia).
Mr. Boykov has been engaged in criminal activity for some time. He is best known for registering an distributing the malware VirusIsolator (which downloads trojans to take control of the victims computer) (1). He has been directly involved in financial crime, and operated scam sites including: Harbor Lending, Oakwood Lending, and Capital Lending (2). Mr Boykov is also a purveyor of porn spam (3).
Mr. Smirnov is known for operating a number a scam sites including canadian-pharmacy-support (4) and canadiandiscountmeds (5). Mr. Smirnov is known to hold Russian nationalist views, and supported cutting off natural gas supplies to the Ukraine (6). The Ukrainian authorities should note that he often travels between Russia and the Ukraine (7).
According to Spamhaus, Ukrainian cyber criminals operate a hosting service in Class C Network 79.135.167.0/24. Mr. Boykov is considered by many analysts to be the proprietor. It should be noted that opening salvos on Georgia emanated from 79.135.167.22. This was noted as early as the morning of Sunday 10 August by both Shadowserver.org (8) and Dancho Danchev (9). These opening cyber attacks preceeded the large-scale mobilization of Russian nationalist hacktivists. In fact, the Website for the President of Georgia had been under attack since July 20th (10)
In the following days, a very heavy (11) spam campaign was launched purporting to be from the BBC which accuses the President of Georgia of being gay . When an individual clicks on the link in the email, a compromised web site is opened, which downloads a virus from 79.135.167.49 (12). Spamhaus issued a warning regarding the malware at 79.135.167.49 on July 29th in SBL66533 (13). On August 5th, Alexey Vasiliev of Novosibirsk, Russia, one of the Storm worm's authors (14), had a malware domain, freepostcardonline_com parked at 79.135.167.49 (15).
AbdAllah a/k/a IstanbulTelecom (79.135.167.0/24) has long been a haven for criminal activity. Steven Adair of Shadowserver has previously identified the AbdAllah Internet Hizmetleri group as RBN affiliated (16). Currently, the malware distributing domain antivirus-2008pro_net resolves to 79.135.167.54 (along with ninety-three other dangerous domains). Malwaredomains.com listed the domain as a hazard on May 28th of this year (17). Presently, virus-isolator_com resolves to 79.135.167.54. The whois information for the site no longer lists Mr. Boykov, but was registered through the notorious EstDomains to a Vargendia Limited in Cyprus. Mr. Boykov's *.virusisolator_com, a subdomain of virusisolator, resolves to IP address 217.170.77.150, as do numerous other virus-isolator sites (18). Such DNS resolution schemes are typical of fast flux and botnet operators. As with many other Russian spammers and cybercriminals, Mr. Smirnov also is now in the process of anonymizing the whois information associated with the spam domains he has registered.
Our research indicates that Mr. Smirnov and Mr. Boykov have exercised administrative level control over this Class C Network (CNet). This is clear in the historical data related to the CNet. The sheer number and frequency of their domains that have moved from IP address to IP address, across the full range of IP addresses in CNet 79.135.167, allows for no other conclusion. Given the degree of control they have historically exercised, it is very likely that they conducted or were a party to the cyber "first strike".
James McQuaid
(1) http://www.malwarebytes.org/forums/index.php?showtopic=4288&pid=16324&mode=threaded&show=&st=0
(2) http://www.ripoffreport.com/reports/0/337/RipOff0337263.htm
(3) http://www.castlecops.com/Blogspot_redirection_Porn_site_spam167793.html
(4) http://www.robtex.com/whois/canadian-pharmacy-support.info.html
(5) http://groups.google.com/group/news.admin.net-abuse.sightings/browse_thread/thread/9d9aa3a014ae6748
and http://www.robtex.com/whois/canadiandiscountmeds.com.html
(6) http://translate.google.com/translate?hl=en&sl=ru&u=http://supol.narod.ru/members/Andrew_Smirnov/gaz1.htm&sa=X&oi=translate&resnum=6&ct=result&prev=/search%3Fq%3Dandrew_smirnov%26hl%3Den%26sa%3DG
(7) author's private note
(8) http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20080720
(9) http://ddanchev.blogspot.com/2008/08/russia-vs-georgia-cyber-attack.html
(10) http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20080720
(11) https://forums.symantec.com/syment/blog/article?message.uid=344935
(12) http://garwarner.blogspot.com/2008/08/new-bbc-spam-mocks-georgias-president.html
(13) http://www.spamhaus.org/security/cookies.lasso?query=SBL66533
(14) http://www.sudosecure.net/archives/212
(15) http://www.dozleng.com/updates/index.php?autocom=custom&page=results&numpage=1&words=blocklist
(16) http://www.securityzone.org/?cat=8
(17) http://malwaredomains.com/?p=218
(18) http://www.robtex.com/ip/217.170.77.150.html
Monday, August 18, 2008
Friday, August 15, 2008
DNS Blackhole for Smoothwall
DNS Blackhole for Smoothwall 3.0 available at Emerging Threats:
This is the most comprehensive DNS blacklist available. These files allow you to blacklist malicious domains by name. This is particularly useful because of the frequency with which the enemy changes the IP addresses of malware domains in an effort to evade IP blocking.
* config-hosts: 175,550 organized crime, RBN affiliates, malware hosts and bad actors blacklisted for Smoothwall 3. Leave last line blank. Place in /var/smoothwall/hosts/, then rename config-hosts to config. Updated 8-14-2008.
http://doc.emergingthreats.net/pub/Main/HoneywallSamples/config-hosts
* hosts: Protect your home from 175,550 bad domains for Smoothwall 3; placed in /var/smoothwall/hosts/. Note: with this many objects in BlackHole, you must use local loopback. Update 8-14-2008: added 3,000 new malware domains.
http://doc.emergingthreats.net/pub/Main/HoneywallSamples/hosts
For effective protection, you should use anti-spyware and anti-virus products in addition to IP blocking and DNS blacklisting.
I maintain the Snort Config Samples Project at Emerging Threats. Visit http://doc.emergingthreats.net/bin/view/Main/HoneywallSamples for more information.
This is the most comprehensive DNS blacklist available. These files allow you to blacklist malicious domains by name. This is particularly useful because of the frequency with which the enemy changes the IP addresses of malware domains in an effort to evade IP blocking.
* config-hosts: 175,550 organized crime, RBN affiliates, malware hosts and bad actors blacklisted for Smoothwall 3. Leave last line blank. Place in /var/smoothwall/hosts/, then rename config-hosts to config. Updated 8-14-2008.
http://doc.emergingthreats.net/pub/Main/HoneywallSamples/config-hosts
* hosts: Protect your home from 175,550 bad domains for Smoothwall 3; placed in /var/smoothwall/hosts/. Note: with this many objects in BlackHole, you must use local loopback. Update 8-14-2008: added 3,000 new malware domains.
http://doc.emergingthreats.net/pub/Main/HoneywallSamples/hosts
For effective protection, you should use anti-spyware and anti-virus products in addition to IP blocking and DNS blacklisting.
I maintain the Snort Config Samples Project at Emerging Threats. Visit http://doc.emergingthreats.net/bin/view/Main/HoneywallSamples for more information.
Thursday, August 14, 2008
Monday, August 11, 2008
Real Time Cyber Attack Details Against Georgia
Russia's SVR Seen Acting in Collusion with the Criminal RBN
Top ace Internet security researcher, Dancho Danchev, indicated late today that it was likely that the Russian Foreign Intelligence service (SVR) was behind the attacks on Georgia's communications infrastructure, "It smells like a three letter intelligence agency’s propaganda arm has managed to somehow supply the creative for the defacement of Georgia President’s official web site, thereby forgetting a simple rule of engagement in such a conflict - risk forwarding the responsibility of the attack to each and every Russian".
In his "Zero Day" column at ZDNet http://blogs.zdnet.com/security/?p=1670 and at his brilliant blog http://ddanchev.blogspot.com/ Danchev identified the RBN command and control servers acting on behalf of the Russian government. The RBN is at the crux of malware creation, child pornography, and financial crime on the Internet. The close relationship between these activities and the Russian government may shock soccer moms in the West, but Internet security professionals have long suspected as much.
Earlier this week, the West's top RBN expert Jart Armin http://rbnexploit.blogspot.com identified many of the routing details of the Russian attack on Georgia's communications infrastructure.
Since Danchev published those details 5 hours ago, the Russian mafia/SVR operation has sought to evade detection by changing the DNS servers (ns1.guagaga.net and ns2.guagaga.net) of their actual command and control location (a-nahui-vse-zaebalo-v-pizdu.com) from the Turkish Telecom IP address 79.135.167.22 to an IP address (210.145.102.19) in the Yamato Life Insurance Building in Japan (DNS server is ns1.srv.com). Meanwhile they have created two new DNS servers ns1.guagaga.net.guagaga.net and ns2.guagaga.net.guagaga.net, which they are preparing to bring online between 10:00 pm and 2:00 am EST to act as authoritative name servers for the other attacking command and control servers, domains and botnets.
A complete list of RBN IP addresses, domains, franchisees and affiliates is available at http://doc.emergingthreats.net/pub/Main/RussianBusinessNetwork/RussianBusinessNetworkIPs.txt.
Georgia, Ukraine and NATO should refer to Dancho Danchev's column for additional details and incisive analysis. Security professionals should DNS Blackhole all of the involved domains, as well as their DNS servers. Given their infamous history, compounded by events of the past several days, it is time that the RBN was officially designated as a terrorist organization by the government of the United States.
James McQuaid
Top ace Internet security researcher, Dancho Danchev, indicated late today that it was likely that the Russian Foreign Intelligence service (SVR) was behind the attacks on Georgia's communications infrastructure, "It smells like a three letter intelligence agency’s propaganda arm has managed to somehow supply the creative for the defacement of Georgia President’s official web site, thereby forgetting a simple rule of engagement in such a conflict - risk forwarding the responsibility of the attack to each and every Russian".
In his "Zero Day" column at ZDNet http://blogs.zdnet.com/security/?p=1670 and at his brilliant blog http://ddanchev.blogspot.com/ Danchev identified the RBN command and control servers acting on behalf of the Russian government. The RBN is at the crux of malware creation, child pornography, and financial crime on the Internet. The close relationship between these activities and the Russian government may shock soccer moms in the West, but Internet security professionals have long suspected as much.
Earlier this week, the West's top RBN expert Jart Armin http://rbnexploit.blogspot.com identified many of the routing details of the Russian attack on Georgia's communications infrastructure.
Since Danchev published those details 5 hours ago, the Russian mafia/SVR operation has sought to evade detection by changing the DNS servers (ns1.guagaga.net and ns2.guagaga.net) of their actual command and control location (a-nahui-vse-zaebalo-v-pizdu.com) from the Turkish Telecom IP address 79.135.167.22 to an IP address (210.145.102.19) in the Yamato Life Insurance Building in Japan (DNS server is ns1.srv.com). Meanwhile they have created two new DNS servers ns1.guagaga.net.guagaga.net and ns2.guagaga.net.guagaga.net, which they are preparing to bring online between 10:00 pm and 2:00 am EST to act as authoritative name servers for the other attacking command and control servers, domains and botnets.
A complete list of RBN IP addresses, domains, franchisees and affiliates is available at http://doc.emergingthreats.net/pub/Main/RussianBusinessNetwork/RussianBusinessNetworkIPs.txt.
Georgia, Ukraine and NATO should refer to Dancho Danchev's column for additional details and incisive analysis. Security professionals should DNS Blackhole all of the involved domains, as well as their DNS servers. Given their infamous history, compounded by events of the past several days, it is time that the RBN was officially designated as a terrorist organization by the government of the United States.
James McQuaid
Saturday, August 9, 2008
Russian Cyberattack on Georgia
In line with its information warfare doctrine, the opening salvos of Russia's invasion of Georgia consisted of attacks on Georgia's communications infrastructure. The goal of this activity was to deny Georgia the opportunity to provide its perspective to the international press, and give Russia a corresponding advantage in shaping world opinion.
As documented at http://rbnexploit.blogspot.com, this cyberattack has been systematic and thorough. It's coordinated timing with the Russian conventional attack suggests that the criminal RBN is a military intelligence asset of the Russian government.
Many of Georgia's web servers are now under "unauthorized external control", and some web sites have been defaced. In addition, other Georgian servers are inaccessible due to disruptions by Russia and the RBN in the Internet's routing infrastructure. It should be noted that "AS8342 RTCOMM (Ru), AS12389 ROSTELECOM (Ru), AS9121 TTNet Autonomous System Turk Telekom (Tk) are well known to be under the control of RBN and influenced by the Russian government."
As noted in the August 8th editorial by The Washington Post, "Russian military probes, always denied by Moscow, have been frequent in recent years. But certainly the deeper source of tension between the two countries is Russia's insistence on maintaining hegemony in the Caucasus. Georgia's democratically elected government has accepted U.S. military and economic aid, supported the mission in Iraq and pursued NATO membership. Moscow will not tolerate such independence -- even by a relatively poor country of just 4.6 million people."
The Russian government's use of murder, extortion and blackmail in pursuit of political and economic policy goals has been well documented in the past several years. Europe, the United States, and the world at large will proceed from this point wary of the Russian mafia state.
For the purpose of circumventing the Russian cyber blockade of Georgia, I am reproducing below an official statement of the government of Georgia:
"Georgia seeks peaceful resolution to the conflict in South Ossetia Georgian troops mobilize to protect civilian population from rebel attacks TBILISI – Sat 09 August 2008 –
The Government of Georgia has sought to defuse the tense and violent situation in the South Ossetia region yesterday by declaring a unilateral ceasefire and appealing to the leadership of the separatist rebels to begin talks with the State Minister for Reintegration Temuri Yakobashvili. Despite calls for peace, separatist rebels continued to attack Georgian police posts and the civilian population.
Initially government forces did not return fire. However, at 8:30pm the village of Avnevi came under fire from separatists and the village was almost completely destroyed. The government-controlled village of Prisi also came under attack by separatists, which left several people wounded.
In response to separatist attacks on government-controlled villages, Georgian Armed Forces occupied several villages in South Ossetia early this morning. At around 5:30am, Russian Federation forces began moving into the conflict zone through the Roki tunnel, which connects Russia and Georgia and has been an entry point for the illegal transfer and sale of arms to separatist rebels. Two additional Russian units entered into Georgia through the Roki tunnel around 8:00am. The first Russian unit that entered Georgia through the Roki tunnel was killed as they attempted to cross the Gufta Bridge, which was also destroyed in the operation conducted by the government’s air command.
The Russian air force has also been conducting military operations in Georgia. Military fighter planes dropped bombs in four towns. The Russian air force also bombed the villages of Variani, injuring seven civilians, and dropped three bombs on Gori. The OSCE has confirmed the Gori operation was conducted by the Russian air force. So far several people have been killed and wounded, including innocent civilians.
In an effort to protect the civilian population, the President of Georgia Mikhail Saakashvili declared a unilateral ceasefire to be in effective between 3:00pm – 6:00pm Friday. During this time, the civilian population and the separatists were invited to cross the line of control. The government has also provided humanitarian assistance and full amnesty for those separatists that choose to surrender. As of 2:30pm, Georgian forces controlled 100% of Tskhinvali with just a few small groups still resisting government presence. Despite the ceasefire, Russia continued to take aggressive military action within Georgian territory.
At 4:30pm and 5:35pm, Russian military aircraft bombed a Georgian military base in Marneuli three times, in the southern part of the country about 30 kilometres from Tbilisi, resulting in the destruction of grounded Georgian military equipment, severe damage to a number of buildings, and several causalities.
Russian military aircraft also entered Georgian airspace at 3:05pm and dropped two bombs on the Georgian military airbase in Vaziani, just on the outskirts of the capital."
As documented at http://rbnexploit.blogspot.com, this cyberattack has been systematic and thorough. It's coordinated timing with the Russian conventional attack suggests that the criminal RBN is a military intelligence asset of the Russian government.
Many of Georgia's web servers are now under "unauthorized external control", and some web sites have been defaced. In addition, other Georgian servers are inaccessible due to disruptions by Russia and the RBN in the Internet's routing infrastructure. It should be noted that "AS8342 RTCOMM (Ru), AS12389 ROSTELECOM (Ru), AS9121 TTNet Autonomous System Turk Telekom (Tk) are well known to be under the control of RBN and influenced by the Russian government."
As noted in the August 8th editorial by The Washington Post, "Russian military probes, always denied by Moscow, have been frequent in recent years. But certainly the deeper source of tension between the two countries is Russia's insistence on maintaining hegemony in the Caucasus. Georgia's democratically elected government has accepted U.S. military and economic aid, supported the mission in Iraq and pursued NATO membership. Moscow will not tolerate such independence -- even by a relatively poor country of just 4.6 million people."
The Russian government's use of murder, extortion and blackmail in pursuit of political and economic policy goals has been well documented in the past several years. Europe, the United States, and the world at large will proceed from this point wary of the Russian mafia state.
For the purpose of circumventing the Russian cyber blockade of Georgia, I am reproducing below an official statement of the government of Georgia:
"Georgia seeks peaceful resolution to the conflict in South Ossetia Georgian troops mobilize to protect civilian population from rebel attacks TBILISI – Sat 09 August 2008 –
The Government of Georgia has sought to defuse the tense and violent situation in the South Ossetia region yesterday by declaring a unilateral ceasefire and appealing to the leadership of the separatist rebels to begin talks with the State Minister for Reintegration Temuri Yakobashvili. Despite calls for peace, separatist rebels continued to attack Georgian police posts and the civilian population.
Initially government forces did not return fire. However, at 8:30pm the village of Avnevi came under fire from separatists and the village was almost completely destroyed. The government-controlled village of Prisi also came under attack by separatists, which left several people wounded.
In response to separatist attacks on government-controlled villages, Georgian Armed Forces occupied several villages in South Ossetia early this morning. At around 5:30am, Russian Federation forces began moving into the conflict zone through the Roki tunnel, which connects Russia and Georgia and has been an entry point for the illegal transfer and sale of arms to separatist rebels. Two additional Russian units entered into Georgia through the Roki tunnel around 8:00am. The first Russian unit that entered Georgia through the Roki tunnel was killed as they attempted to cross the Gufta Bridge, which was also destroyed in the operation conducted by the government’s air command.
The Russian air force has also been conducting military operations in Georgia. Military fighter planes dropped bombs in four towns. The Russian air force also bombed the villages of Variani, injuring seven civilians, and dropped three bombs on Gori. The OSCE has confirmed the Gori operation was conducted by the Russian air force. So far several people have been killed and wounded, including innocent civilians.
In an effort to protect the civilian population, the President of Georgia Mikhail Saakashvili declared a unilateral ceasefire to be in effective between 3:00pm – 6:00pm Friday. During this time, the civilian population and the separatists were invited to cross the line of control. The government has also provided humanitarian assistance and full amnesty for those separatists that choose to surrender. As of 2:30pm, Georgian forces controlled 100% of Tskhinvali with just a few small groups still resisting government presence. Despite the ceasefire, Russia continued to take aggressive military action within Georgian territory.
At 4:30pm and 5:35pm, Russian military aircraft bombed a Georgian military base in Marneuli three times, in the southern part of the country about 30 kilometres from Tbilisi, resulting in the destruction of grounded Georgian military equipment, severe damage to a number of buildings, and several causalities.
Russian military aircraft also entered Georgian airspace at 3:05pm and dropped two bombs on the Georgian military airbase in Vaziani, just on the outskirts of the capital."
Friday, August 8, 2008
Stop the Russian Mafia state
Both Senator Barack Obama and Senator John McCain have demanded that Russia withdraw from Georgia. The Washington Post has just published an editorial calling on the West to stop Russia. If we fail to do so, we can expect more predatory violence from the Russian Mafia state.
http://www.washingtonpost.com/wp-dyn/content/article/2008/08/08/AR2008080802741.html
"Stopping Russia
The U.S. and its allies must unite against Moscow's war on Georgia.
THE OUTBREAK of fighting between Russia and the former Soviet republic of Georgia was sudden but not surprising. Conflict has been brewing between Moscow and its tiny, pro-Western neighbor for months. The flashpoints are two breakaway Georgian provinces, Abkhazia and South Ossetia -- the latter being the scene of the latest fighting. The skirmishing and shelling around Georgian villages that prompted Georgian President Mikheil Saakashvilito launch an offensive against the South Ossetian capital, Tskhinvali, may or may not have been a deliberate Russian provocation, to which Russia's tank and air assault was the inevitable follow-up. Russian military probes, always denied by Moscow, have been frequent in recent years. But certainly the deeper source of tension between the two countries is Russia's insistence on maintaining hegemony in the Caucasus. Georgia's democratically elected government has accepted U.S. military and economic aid, supported the
mission in Iraq and pursued NATO membership. Moscow will not tolerate such independence -- even by a relatively poor country of just 4.6 million people.
At its summit in Bucharest, Romania, in April, NATO offered Georgia eventual membership. This was not the more concrete promise that Georgia, and the Bush administration, had wanted. But Tbilisi and Washington settled for less in deference to European NATO members who wanted to avoid inflaming Russia. It didn't work, because Moscow responded by increasing its ties to Abkhazia and South Ossetia, including by beefing up the "peacekeeping" forces it maintains in both regions under the settlement that concluded Moscow-backed secessionist wars in the early 1990s. Even before these latest maneuvers, Russia had issued passports to most inhabitants of the two breakaway regions, which is why it claims to be defending its own people now.
It's doubtful, though not unthinkable, that Russia actually plans to conquer all of Georgia. But its objectives are no less cynical for that. Simply by keeping the country in a constant state of territorial division and conflict, it hopes to show NATO that Georgia is too unstable for membership -- thus giving Georgia no choice but to submit to Moscow's "influence." Probably Russia intends to administer a quick military "punishment" (as Russian President Dmitry Medvedev described Moscow's war aim) to Mr. Saakashvili, and then restore some version of the unstable status quo ante.
This is a grave challenge to the United States and Europe. Ideally, the U.N. Security Council would step in, authorizing a genuine peacekeeping force to replace the Russian one that has turned into a de facto occupation of Abkhazia and South Ossetia. But a Russian veto rules that out. Thus, the United States and its NATO allies must together impose a price on Russia if it does not promptly change course. The principles at stake, including sovereignty and territorial integrity, apply well beyond the Caucasus. To abandon Georgia and its fragile democratic Rose Revolution would send a terrible signal to other former Soviet and Warsaw Pact republics that to Moscow's dismay have achieved or are working toward democracy and fully independent foreign policies. The West has made that sort of mistake before and must not do so again."
http://www.washingtonpost.com/wp-dyn/content/article/2008/08/08/AR2008080802741.html
"Stopping Russia
The U.S. and its allies must unite against Moscow's war on Georgia.
THE OUTBREAK of fighting between Russia and the former Soviet republic of Georgia was sudden but not surprising. Conflict has been brewing between Moscow and its tiny, pro-Western neighbor for months. The flashpoints are two breakaway Georgian provinces, Abkhazia and South Ossetia -- the latter being the scene of the latest fighting. The skirmishing and shelling around Georgian villages that prompted Georgian President Mikheil Saakashvilito launch an offensive against the South Ossetian capital, Tskhinvali, may or may not have been a deliberate Russian provocation, to which Russia's tank and air assault was the inevitable follow-up. Russian military probes, always denied by Moscow, have been frequent in recent years. But certainly the deeper source of tension between the two countries is Russia's insistence on maintaining hegemony in the Caucasus. Georgia's democratically elected government has accepted U.S. military and economic aid, supported the
mission in Iraq and pursued NATO membership. Moscow will not tolerate such independence -- even by a relatively poor country of just 4.6 million people.
At its summit in Bucharest, Romania, in April, NATO offered Georgia eventual membership. This was not the more concrete promise that Georgia, and the Bush administration, had wanted. But Tbilisi and Washington settled for less in deference to European NATO members who wanted to avoid inflaming Russia. It didn't work, because Moscow responded by increasing its ties to Abkhazia and South Ossetia, including by beefing up the "peacekeeping" forces it maintains in both regions under the settlement that concluded Moscow-backed secessionist wars in the early 1990s. Even before these latest maneuvers, Russia had issued passports to most inhabitants of the two breakaway regions, which is why it claims to be defending its own people now.
It's doubtful, though not unthinkable, that Russia actually plans to conquer all of Georgia. But its objectives are no less cynical for that. Simply by keeping the country in a constant state of territorial division and conflict, it hopes to show NATO that Georgia is too unstable for membership -- thus giving Georgia no choice but to submit to Moscow's "influence." Probably Russia intends to administer a quick military "punishment" (as Russian President Dmitry Medvedev described Moscow's war aim) to Mr. Saakashvili, and then restore some version of the unstable status quo ante.
This is a grave challenge to the United States and Europe. Ideally, the U.N. Security Council would step in, authorizing a genuine peacekeeping force to replace the Russian one that has turned into a de facto occupation of Abkhazia and South Ossetia. But a Russian veto rules that out. Thus, the United States and its NATO allies must together impose a price on Russia if it does not promptly change course. The principles at stake, including sovereignty and territorial integrity, apply well beyond the Caucasus. To abandon Georgia and its fragile democratic Rose Revolution would send a terrible signal to other former Soviet and Warsaw Pact republics that to Moscow's dismay have achieved or are working toward democracy and fully independent foreign policies. The West has made that sort of mistake before and must not do so again."
Subscribe to:
Posts (Atom)
