CyberwarfareRussia's cyber warfare strategies, I

The U.S. Cyber-Consequences Unit, a non-profit research institute affiliated with the Fletcher School of Law and Diplomacy at Tufts University, has recently issued a report documenting how Russia supplemented its conventional war against Georgia last August with a sustained, well-integrated, and pre-planned information warfare campaign against Georgia’s Internet structure. Richard Weitz writes that the techniques were so successful that the unit has restricted distribution of the full report to U.S. government and certain other Internet security professionals. Only the executive summary (pdf) has been made available to the public.

The report’s main author, John Bumgarner, directs research at the unit. He and his team conducted a year-long investigation of the Russian campaign using a variety of sources, including monitored Internet traffic, Web site caches, and debriefings of Georgian victims.

According to the report, from 7 August to 16 August 2008, Russian citizens and their sympathizers launched a coordinated offensive that disabled dozens of important Georgian websites, including those of the country’s president and defense minister, as well as the National Bank of Georgia and major news outlets. Initially, the main targets were the Internet pages of the country’s main government institutions and new media, which would have played a central role in informing the Georgian public and the international community of the Russian attack. The target list subsequently expanded to include other government and media sites as well as Georgian business, education, and financial institutions. The combined effect of these attacks was to degrade the effectiveness of Georgia’s national response to the Russian attack.

Weitz writes that the techniques used by the Russian attackers suggest they had developed a detailed campaign plan against the Georgian sites well before the conflict. The attackers did not conduct any preliminary surveying or mapping of sites, but instead immediately employed specially designed software to attack them. The graphic art used to deface one Georgian Web site was created in March 2006 but saved for use until the August 2008 campaign. The attackers also rapidly registered new domain names and established new Internet sites, further indicating they had already analyzed the target, written attack scripts, and perhaps even rehearsed the information warfare campaign in advance.

Weitz notes that the fighting that broke out on 7 August of last year appears to have caught the parties by surprise, but Russian cyber planners were undoubtedly aware that a war between Russia and Georgia was a viable option given protracted bilateral tensions. “When the fighting did begin, this core group was able to use Russian-language social networking sites and other virtual mechanisms to recruit additional hackers as well as to supply them with malicious code and other tools,” he writes. For example, they posted suggested targets and means of attack on public websites that could be employed even by people with limited computer knowledge. Social networking companies such as Facebook and Twitter typically do not monitor communications on their sites unless they receive complaints from users.

The most common attack techniques employed malign modifications of publicly available commercial software designed for administrators of computer networks. For example, the attackers amplified the intensity of certain “stress tests” designed to assess the capacity of servers to handle waves of HTTP packets. They also modified one program intended to add functions to Web sites so that the affected sites would request nonexistent Internet addresses chosen at random.

The report concludes that the timing of the Russian attacks and the nature of the targets indicate that the hackers, even if civilians, probably coordinated their operations with the Russian military even if no conclusive evidence exists of such collaboration. For example, the campaign began before the media had reported the start of the Russian offensive into Georgia.

Tomorrow: Who was behind Russia’s cyberattack on Georgia?