Home » Cyber Security » Russkie Civvies Waging Cyberwar

Russkie Civvies Waging Cyberwar

By Colin Clark Friday, August 21st, 2009 3:39 pm
Posted in Cyber Security, International, Policy

A new report by the U.S. Cyber Consequences Unit (USCCU) finds that citizens quickly became cyber warriors when the Russians started attacking Georgia. Our friends at AvWeek have a neat piece that includes an interview with one of the report’s authors, who says that the attacks “were carried out by civilians with little or no direct involvement by the Russian government or military, the researchers found. Most of those launching the attacks were Russians, but sympathizers from the Ukraine and Latvia also participated.”

The other notable fact in this report: social networking sites such as Twitter and Facebook were important tools in the struggle.

This article first appeared in Aviation Week & Space Technology.
The 2008 Russia/Georgia conflict has become a defining event in network warfare, with a new report released this week revealing even more details.

For example, altered Microsoft Corp. software was fashioned into cyberweaponry and hackers collaborated on U.S.-based Twitter, Facebook, and other social-networking sites to coordinate the attack on Georgian digital-based targets, according to the report by the U.S. Cyber Consequences Unit (USCCU).

The new paper — only parts of which are available to the public — was put together by John Bumgarner, research director for security technology and Scott Borg, director and chief economist for the USCCU. Analyses of the attack began simultaneously with the warÂ’s start in the late summer of 2008.

The researchers were able to monitor attack activity over the Internet as it was taking place. They also collected data after the conflict from Web caches, companies hosting Web sites and the forums used by attackers. Information included extensive network traffic and security logs.

While the attack itself is interesting because of its scale and military impact, Bumgarner (a former CIA and FBI employee) cautions readers to look at the larger implications.

“ItÂ’s the sort of cyber campaign that we can now expect to accompany most future international conflicts,” he says in an interview with Aviation Week. “This is what makes some of the details about the way the Georgia campaign was managed pretty interesting. Russia is likely to run this playbook again with minor adjustments.”

A striking revelation for the researchers was “how quickly a common citizen can be transformed into a foot soldier in a cyber conflict,” Bumgarner says. The cyber attacks were carried out by civilians with little or no direct involvement by the Russian government or military, the researchers found. Most of those launching the attacks were Russians, but sympathizers from the Ukraine and Latvia also participated.

Bumgarner tracked the attacks to 10 Web sites registered in Russia and Turkey. Nine were registered using identification and credit card information stolen from Americans; one site was registered with information stolen from a person in France. They were used to coordinate “botnet” attacks, which co-opted thousands of computers around the world to disable the Georgian government, banks and media outlets. Computer servers used in the attacks had been previously used by cybercriminal organizations, according to the USCCU.

“The Russians conducted a cyberattack that was well coordinated with what Russian troops were doing on the ground,” a longtime specialist in military information operations told Aviation Week in May. “It was obvious that someone conducting the cyberwar was talking to those controlling the ground forces. They knew where the cyber talent was, how to use it, and how to coordinate it. That sophisticated planning at different levels of cyberwarfare surprised a lot of people in the Defense Department.

“What is obvious [in the Georgia attacks] is the level of sophistication in integrating multiple layers of the network is increasing,” the specialist continued. “It appears that some paramilitary organizations are trying out any and all social networking tools to determine

This website uses IntenseDebate comments, but they are not currently loaded because either your browser doesn't support JavaScript, or they didn't load fast enough.

Join the Conversation

	DensityDuck August 25th, 2009 at 1:22 pm This is one of the problems with assigning internet-infrastructure security to the military; you’re left with a big “lawfare” problem. How can the US military legally conduct operations that target the activities of foreign-national civilians operating in sovereign foreign territory? Indeed, how can they conduct _domestic_ operations, given posse comitatus? Really, the whole thing should be run by the FBI, or maybe the Secret Service.
	chuck in st paul August 27th, 2009 at 9:29 am Oh please… run by the FBI or Secret Service? Not. Cyberwarfare can be fought/controlled by the DoD with laws as-is. I think we need to get our hackers to set up massive botnets ready to bring down the target country’s communications and energy nets at the drop of a hat. We might already have something like this, but we’re not tipping our hand.
	Chris August 27th, 2009 at 12:21 pm Don’t forget, there is a big difference between security and attack. The DoD only provides security for DoD networks, they don’t and are not assigned to do do security of the “internet” or any non DoD infrastructure. Cyberwarfare is another story but that is totally different from security. The FBI and other civilian agencies are involved in the security aspect and when there is some type of crime commited (even if it is against DoD networks) that is turned over to the proper law enforcement agencies.
	Col.Cmdr.Johnson August 31st, 2009 at 11:16 pm The Russian sub-continent resents us for splitting up their continent in the name of Democracy, and then not following through politically with ensuring that Democracy to the extent of keeping the old school hard-liners from being two faced and putting a face of freedom on the same old oppression…so of course they attack us with the technology we essentially afforded them. It’s a case of sour grapes
	Scott October 28th, 2009 at 6:52 am It seems something like you’re suggesting would be a good idea. Have the participants on speed dial and have the targets already hashed out the way that we had targets in the Soviet Union painted and ready to go at a moment’s notice in case of nuclear war. Then in case we are directly involved in a military action where we need to strike back through cyberwarfare or we simply want to impact the conflict by aiding our allies (like Georgia) by hammering the vital computer networks of their enemy we can spin up an attack quickly.