Under Attack? Call (844) END.DDoS

Groups Release More Analysis on the Georgia-Russia Cyber Attacks

It’s been a couple of months since this summer’s Russia-Georgia cyberattacks. Briefly, these attacks started in mid-July with denial of service attacks on the Georgian president’s website. When Russian forces entered Georgia and warfare broke out in early August, more attacks began. We tracked some of the denial of service attacks and botnet activity, and we’ve looked into the some of the routing changes during the attacks, as well.

Now, more than a couple of months later, we see that two groups have released independent reports on the attacks. The first is the Russia/Georgia Cyber War –
Findings and Analysis
from IntelFusion, aka the Grey Goose project. This is a team of intel and cyber-intel folks who reviewed openly available data and produced their take on things. The report is only available via direct request, so I can’t share a copy with you. However, I suggest you look at the summary from Brian Krebbs at the Washington Post. Briefly, the report coincides with a number of things we’ve concluded, but they also looked at a number of website defacements and dove a lot deeper into the forums than we did. Their findings can be summarized as:

  • The Russian government will continue to distance itself from the Russian nationalistic hacker community while passively supporting the community, and of course reaping any benefits from their activities.
  • Russian nationalist hackers display that they’ve been adapting and taking advantage of new technologies.
  • Russian hackers continue to mentor interested parties and share their skills.
  • Forums will continue to be used to develop politically motivated hackers for future efforts.
  • Increasingly, counter-intel techniques are being used by the forums to block US IPs.

The report is based on some very detailed, long term analysis and suggests that the attacks were well prepared for. The level of coordination in this year’s major attacks were much higher than we saw in Estonia in 2007. If you can get a hold of the attack, it’s worth looking at and covers some very under-reported aspects of the attacks.

The second report on the subject is from the RBN Exploit folks. Their report, entitled Russian Invasion of Georgia – Russian Cyberwar on Georgia looks at the attacks over time and provides a nice summary of the information that’s been shared on various forums. The report also works hard to tie the attacks to the RBN group, something which we’ve been reluctant to do on our team.

Both reports are worth reading. Note that more reports are surely in the works.