The attacks against the nation of Georgia, which took place a year ago, were conducted entirely by civilians, although the attackers had close contact with the Russian military, concluded a report published by the U.S. Cyber Consequences Unit on Monday.
Evidence collected by the group, which uses open-source intelligence techniques to analyze cyber events and advise the U.S. government, suggests that civilians were recruited through Russian social networks and that the attackers were aided by Russian organized crime. The military's involvement was likely limited to selecting the targets, the US-CCU stated in the report.
"When the cyber attacks began, they did not involve any reconnaissance or mapping stage, but jumped directly to the sort of packets that were best suited to jamming the Web sites under attack," the report stated. "This indicates that the necessary reconnaissance and the writing of attacks scripts had to have been done in advance."
The report arrives as the United States and other nations attempt to figure out their policy regarding cyber conflict and what constitutes cyber warfare. In 2007, cyber attacks against Estonia wreaked havoc among that nation's network. A year later, attackers disrupted Georgian networks just as Russia conducted military operations against the former Soviet state.
Yet, whether these attacks are cyber warfare is debatable: One researcher argued earlier this year that all recent cyber attacks have been informational, focusing on censorship rather than achieving some functional aim.
The initial wave of cyber attacks against Georgia involved botnets and command-and-control servers that appear to have been previously used by Russian organized crime.
"It appears that Russian criminal organizations made no effort to conceal their involvement in the cyber campaign against Georgia, because they wanted to claim credit for it," the report stated.
Following that, patriotic civilians were actively recruited using Web postings to expand the attack. While the total number of attackers in the Georgian campaign eclipsed the number of participants in the Estonian attack, a greater number of computer systems took part in the denial-of-service attacks against Estonia.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos