Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

A View from Robert Lemos

Georgian Cyberattacks Traced to Russian Civilians

A report concludes that civilians and criminals carried out last year’s attacks with the help of the Russian government.

  • August 18, 2009

A year after Russian troops invaded the former Soviet state of Georgia, a report has concluded that the accompanying cyberattacks were carried out by organized crime and civilians with the aid of the Russian military.

The report, released by the U.S. Cyber Consequences Unit, is the result of an analysis of data collected during and after the attacks, which took place between August 7 and August 16, 2008. The US-CCU is a nonprofit research institute that focuses on analyzing cyber events and advising the U.S. government.

The attacks against Georgia initially targeted news media and government websites, making it hard for Georgians and the outside world to follow the events, the report states. Once the Russian military had established its presence inside Georgia, the list of targets expanded to include financial institutions and other businesses, universities, and more news media and government sites.

“These cyberattacks were designed to make it difficult to organize an effective response to the Russian presence,” the report says. “Many of them were intended to interrupt normal business operations. Others were intended to make the Georgian population uncertain about what to expect and what they should do.”

While the Russian military obviously benefited from the attacks, the US-CCU argues that the evidence indicates only civilians were involved.

“Although, it would, in principle, have been possible for the Russian military to have carried out some of these cyberattacks, disguising their involvement convincingly would have been very difficult and expensive,” the report states.

However, the US-CCU report concludes that the Russian military most likely gave the attackers a list of targets and, potentially the tools to conduct the attacks. Considering that the attacks happened at nearly the same time as the invasion of Georgia–and that there was no reconnaissance done prior to the attacks–the denial-of-service floods were probably preplanned, the report argues. The attacks also involved the cooperation of Russian organized crime, as many of the attacking computers also had software installed for other cybercriminal activities, according to the report.

In defending against the attacks, the Georgian government tapped groups of cybersecurity experts and initially filtered the Russian IP address space. However, the attackers soon used proxies and compromised computers in other nation’s address spaces, making the attacks harder to block.

The Georgians also apparently planted a counterattack tool, disguising it as another script to attack its own computers. Russian sympathizers who downloaded and used the program would instead attack 19 websites in Russia.

“No evidence of damage caused by this attack script came to the US-CCU’s attention, which suggests that any harm it caused was not extensive,” says the report.

Get stories like this before anyone else with First Look.

Subscribe today
Already a Premium subscriber? Log in.
Want more award-winning journalism? Subscribe to Insider Plus.
  • Insider Plus {! insider.prices.plus !}*

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Bimonthly print magazine (6 issues per year)

    Bimonthly digital/PDF edition

    Access to the magazine PDF archive—thousands of articles going back to 1899 at your fingertips

    Special interest publications

    Discount to MIT Technology Review events

    Special discounts to select partner offerings

    Ad-free web experience

/3
You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.