Civilians recruited by Russian language social networking sites and using Russian Mafia-associated botnets perpetrated many of the cyberattacks on Georgian government Web sites during the five-day Russian-Georgian war in 2008, according to a recent report.
However, while the cyberattackers appear to have had advance notice of the invasion and the benefit of some close cooperation from a state organ, there were no fingerprints directly linking the attacks to the Russian government or military, according to the U.S. Cyber Consequences Unit (US-CCU), an independent nonprofit research institute that produced the report.
Much of the material in the report was already known. Still, it represents a fairly comprehensive and authoritative chronology of exactly what happened during that cybercampaign, according to the authors.
"The real story here isn't Georgia, of course," John Bumgarner, US-CCU chief technical officer and primary author of the report, told CNET in an e-mail Tuesday. "It's the sort of cyber campaign that we can now expect to accompany most future international conflicts if they become intense enough. This is what makes some of the details about the way the Georgia campaign was managed pretty interesting. Russia is likely to run this playbook again with minor adjustments. Other countries, such as China, are likely to refine their own practices further in the light of these events."
The first wave of attacks was carried out by botnets and command and control system already in place, according to the report. These consisted of relatively unsophisticated denial-of-service and Web site defacement attacks but executed in a very sophisticated manner. One of the attacks was prepared especially for the Georgian "market" at least two years in advance, the report states.
The report, titled "Overview by the US-UCC of the Cyber Campaign Against Georgia in August of 2008," goes into such close detail that distribution was limited to the U.S. government and certain "cyberprofessionals."
"Most of the cyber-attack tools used in the campaign appear to have been written or customized to some degree specifically for the campaign against Georgia," the report states. Tools employed for denial of service included three different software applications designed for "stress tests" in which Web servers are flooded with HTTP packets to see how much of this traffic they can handle. A fourth piece of software was originally designed for adding functions to Web sites but was adapted by the attackers so it would request random, nonexistent Web pages.
The latter proved a particularly potent tool, the report found. All in all, these HTTP attacks proved far more effective than ICMP-based attacks hurled from Russia against Estonia in 2007, US-UCC's tests concluded. The Georgians didn't know what hit them apparently.
"Cyberwarfare is a global chess game in which citizens, governments and corporations are the pawns," Bumgarner said. "In the past an enemy came over the ocean to attack; now they come over the Internet."
The report closes by urging governments to conduct response exercises before it's too late.
"In modern warfare the cyber component is just as important as boots on the ground," Bumgarner said.