CyberwarfareRussia's cyber warfare strategies, II

The specific people involved in a cyber attack are typically difficult to identify since the Internet makes its easy to conceal identities through the use of proxy Web addresses and other means. The groups of computers attacking the Georgian sites in August 2008 were typically directed to do so from a computer at another location, creating malicious “botnets.” Richard Weitz writes, though, that a report by The U.S. Cyber-Consequences Unit, a non-profit research institute affiliated with the Fletcher School of Law and Diplomacy at Tufts University, nevertheless concludes that, while some of the hijacked computers and virtual recruiting networks were hosted in the United States and other countries, the main servers that directed the attacks throughout the campaign consisted of ten Web sites registered in Russia and Turkey. These sites are also heavily used (and presumably controlled) by Russian organized crime groups. According to the Wall Street Journal identification and credit-card information stolen from Americans were used to register nine of these sites, while one site was established using information stolen from a French citizen. It is possible that the cyber criminals, who typically attempt to extort payments from the commercial targets they attack, were seeking to advertise their contribution to the war to gain the gratitude (and ideally protection) of Russian government and military leaders.

Weitz notes that, interestingly, the report concludes that some central controller probably instructed the attackers to limit the damage they inflicted. The attacks aimed merely to disable the Web sites through denial-of-service and Web site defacement attacks. They did not attempt to inflict physical damage, which might have occurred if they had, for instance, attempted to instruct the target’s computers to take destructive actions such as erasing key data or overriding safety mechanisms protecting power, energy, or transportation systems. Yet, the effectiveness of the attacks that did occur indicates that some of the attackers probably could have conducted such destructive attacks. Ironically, the ability of the Russian attackers to disable important Georgian institutions through cyber attacks may have spared them from being destroyed by bombs and missiles, as the United States and allies did with Iraq’s and Serbia’s critical infrastructure to disrupt those countries’ defenses in earlier wars.

Weitz writes that, nonetheless, the moderation might have sought to demonstrate that Russia, if provoked, could destroy much of Georgia’s critical civilian infrastructure. “The Russian military might have aimed to convey that point as well by, for