Russian hackers co-ordinated with military, claims US report

Attacks originated in Russia

Russian cyber attacks against Georgia a year ago were conducted in close connection with Russian criminal gangs, and used US identities and software tools, according to a technical report released about the attacks.

The attacks were co-ordinated closely with Russia's five-day military campaign in August 2008 that drew international condemnation.

The report from the US Cyber Consequences Unit (USCCU) also found that Microsoft software tools were used and that hackers communicated through Twitter and Facebook as well as dozens of other web forums

Some of the software used to carry out the attacks was a modified version of Microsoft code commonly used by network administrators to test their systems, the report found.

The cyber attacks in August last year rendered 20 Georgian political and news web sites incapable for over a week and used a combination of traditional hacking and denial-of-service techniques.

Many US corporations and citizens may not have had knowledge of their involvement as their systems were part of botnets used in the attack, according to John Bumgarner, chief technical officer at USCCU.

"US corporations and US citizens need to understand that they can become pawns in a global cyber war," he said.

The unit made it clear that the Georgia attacks were perpetrated by organised criminals and had no direct connection to the Russian government. But the timing of the attacks just before the Russian military incursion began suggested some collaboration, the report says.

"Many of the cyber attacks were so close in time to the corresponding military operations that there had to be close co-operation between people in the Russian military and the civilian cyber attackers," says the report.

"Many of the actions the attackers carried out, such as registering new domain names and putting up new web sites, were accomplished so quickly that all of the steps had to be prepared earlier."