Georgian Cyberattacks Traced to Russian Civilians
A year after Russian troops invaded the former Soviet state of Georgia, a report has concluded that the accompanying cyberattacks were carried out by organized crime and civilians with the aid of the Russian military.
The report, released by the U.S. Cyber Consequences Unit, is the result of an analysis of data collected during and after the attacks, which took place between August 7 and August 16, 2008. The US-CCU is a nonprofit research institute that focuses on analyzing cyber events and advising the U.S. government.
The attacks against Georgia initially targeted news media and government websites, making it hard for Georgians and the outside world to follow the events, the report states. Once the Russian military had established its presence inside Georgia, the list of targets expanded to include financial institutions and other businesses, universities, and more news media and government sites.
“These cyberattacks were designed to make it difficult to organize an effective response to the Russian presence,” the report says. “Many of them were intended to interrupt normal business operations. Others were intended to make the Georgian population uncertain about what to expect and what they should do.”
While the Russian military obviously benefited from the attacks, the US-CCU argues that the evidence indicates only civilians were involved.
“Although, it would, in principle, have been possible for the Russian military to have carried out some of these cyberattacks, disguising their involvement convincingly would have been very difficult and expensive,” the report states.
However, the US-CCU report concludes that the Russian military most likely gave the attackers a list of targets and, potentially the tools to conduct the attacks. Considering that the attacks happened at nearly the same time as the invasion of Georgia–and that there was no reconnaissance done prior to the attacks–the denial-of-service floods were probably preplanned, the report argues. The attacks also involved the cooperation of Russian organized crime, as many of the attacking computers also had software installed for other cybercriminal activities, according to the report.
In defending against the attacks, the Georgian government tapped groups of cybersecurity experts and initially filtered the Russian IP address space. However, the attackers soon used proxies and compromised computers in other nation’s address spaces, making the attacks harder to block.
The Georgians also apparently planted a counterattack tool, disguising it as another script to attack its own computers. Russian sympathizers who downloaded and used the program would instead attack 19 websites in Russia.
“No evidence of damage caused by this attack script came to the US-CCU’s attention, which suggests that any harm it caused was not extensive,” says the report.
Keep Reading
Most Popular
Geoffrey Hinton tells us why he’s now scared of the tech he helped build
“I have suddenly switched my views on whether these things are going to be more intelligent than us.”
ChatGPT is going to change education, not destroy it
The narrative around cheating students doesn’t tell the whole story. Meet the teachers who think generative AI could actually make learning better.
Meet the people who use Notion to plan their whole lives
The workplace tool’s appeal extends far beyond organizing work projects. Many users find it’s just as useful for managing their free time.
Learning to code isn’t enough
Historically, learn-to-code efforts have provided opportunities for the few, but new efforts are aiming to be inclusive.
Stay connected
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.