A new report by the U.S. Cyber Consequences Unit (USCCU) finds that citizens quickly became cyber warriors when the Russians started attacking Georgia. Our friends at AvWeek have a neat piece that includes an interview with one of the report's authors, who says that the attacks "were carried out by civilians with little or no direct involvement by the Russian government or military, the researchers found. Most of those launching the attacks were Russians, but sympathizers from the Ukraine and Latvia also participated."
The other notable fact in this report: social networking sites such as Twitter and Facebook were important tools in the struggle.
This article first appeared in Aviation Week & Space Technology. The 2008 Russia/Georgia conflict has become a defining event in network warfare, with a new report released this week revealing even more details.
For example, altered Microsoft Corp. software was fashioned into cyberweaponry and hackers collaborated on U.S.-based Twitter, Facebook, and other social-networking sites to coordinate the attack on Georgian digital-based targets, according to the report by the U.S. Cyber Consequences Unit (USCCU).
The new paper -- only parts of which are available to the public -- was put together by John Bumgarner, research director for security technology and Scott Borg, director and chief economist for the USCCU. Analyses of the attack began simultaneously with the warÂ’s start in the late summer of 2008.
The researchers were able to monitor attack activity over the Internet as it was taking place. They also collected data after the conflict from Web caches, companies hosting Web sites and the forums used by attackers. Information included extensive network traffic and security logs.
While the attack itself is interesting because of its scale and military impact, Bumgarner (a former CIA and FBI employee) cautions readers to look at the larger implications.
"ItÂ’s the sort of cyber campaign that we can now expect to accompany most future international conflicts," he says in an interview with Aviation Week. "This is what makes some of the details about the way the Georgia campaign was managed pretty interesting. Russia is likely to run this playbook again with minor adjustments."
A striking revelation for the researchers was "how quickly a common citizen can be transformed into a foot soldier in a cyber conflict," Bumgarner says. The cyber attacks were carried out by civilians with little or no direct involvement by the Russian government or military, the researchers found. Most of those launching the attacks were Russians, but sympathizers from the Ukraine and Latvia also participated.
Bumgarner tracked the attacks to 10 Web sites registered in Russia and Turkey. Nine were registered using identification and credit card information stolen from Americans; one site was registered with information stolen from a person in France. They were used to coordinate "botnet" attacks, which co-opted thousands of computers around the world to disable the Georgian government, banks and media outlets. Computer servers used in the attacks had been previously used by cybercriminal organizations, according to the USCCU.
"The Russians conducted a cyberattack that was well coordinated with what Russian troops were doing on the ground," a longtime specialist in military information operations told Aviation Week in May. "It was obvious that someone conducting the cyberwar was talking to those controlling the ground forces. They knew where the cyber talent was, how to use it, and how to coordinate it. That sophisticated planning at different levels of cyberwarfare surprised a lot of people in the Defense Department.
"What is obvious [in the Georgia attacks] is the level of sophistication in integrating multiple layers of the network is increasing," the specialist continued. "It appears that some paramilitary organizations are trying out any and all social networking tools to determine