Experts: Russian intelligence behind cyber attacks

A follow-up report authored by a group of cyber-security experts says that Russian intelligence agencies were probably involved in the 2008 cyber attacks on Georgia. The report, released Friday, concludes that there is a “strong likelihood” that the Foreign Military Intelligence agency (the GRU) and Federal Security Service (the FSB) directed cyber attacks on Georgian government servers in July and August of 2008, attacks which coincided with a Russian military invasion of Georgia. Called Grey Goose 2, the report is a follow-up to the group’s October 2008 report about the Georgian cyber war. It includes sections on the recent conflict in Gaza and politically motivated attacks against the Eastern India Railway Web site.

IDG News’s Robert McMillan writes that Grey Goose was written by a volunteer group of security experts who have used their technical skills to investigate the cyber incidents. A more detailed version of the report is being made available to government agencies and security researchers. Following a complex web of connections, the report claims that an Internet service provider connected with the Stopgeorgia.ru web site, which coordinated the Georgian attacks, is located next door to a Russian Ministry of Defense Research Institute called the Center for Research of Military Strength of Foreign Countries, and a few doors down from GRU headquarters.

The case for Russia’s involvement in state-sponsored cyber attacks was given a boost recently, when State Duma Deputy Sergei Markov reportedly claimed that one of his assistants had instigated cyber attacks against Estonia in 2007, when the two countries were engaged in a political dispute.

The report’s principal author, Jeff Carr, said that this disclosure, along with the work in the report, helped convince him that the Kremlin was probably involved in cyber-warfare. “There’s just too much planning that went into it,” said Carr, founder of information security consulting firm GreyLogic. Still, it is a “bit of a stretch” to conclude that the Georgia attacks were state-sponsored, according to Paul Ferguson, a researcher with Trend Micro who has reviewed the Grey Goose work. “You can connect dots to infer things, but inferring things does not make them so,” he said.

One other interesting allegation in Grey Goose 2 is that a member of the Whackerz Pakistan hacking group, which claimed responsibility for defacing the Indian Eastern Railway Web site on 24 December 2008, is actually employed by a North American wireless communications company. This person presents an “insider threat” for his employer, the report states. In fact, two of the six Whackerz members work in the IT industry, Carr said. He declined to publicly identify the company, but he said that law enforcement has been notified.