Network News

X My Profile
View More Activity

Report: Russian Hacker Forums Fueled Georgia Cyber Attacks

An exhaustive inquiry into August's cyber attacks on the former Soviet bloc nation of Georgia finds no smoking gun in the hands of the Russian government. But experts say evidence suggests that Russian officials did little to discourage the online assault, which was coordinated through a Russian online forum that appeared to have been prepped with target lists and details about Georgian Web site vulnerabilities well before the two countries engaged in a brief but deadly ground, sea and air war.

The findings come from an open source investigation launched by Project Grey Goose, a volunteer effort by more than 100 security experts from tech giants like Microsoft and Oracle, as well as former members of the Defense Intelligence Agency, Lexis-Nexis, the Department of Homeland Security and defense contractor SAIC, among others.


The group began its inquiry shortly after the cyber war disabled a large number of Georgia government Web sites. Starting with the Russian hacker forum (, investigators found a posting encouraging would-be cyber militia members to enlist at a private, password-protected online forum called Grey Goose principal investigator Jeff Carr said the administrators of the hacker forum were keenly aware that American cyber sleuths were poking around: Within hours after discovering the link to the StopGeorgia site, administrators deleted the link and banned all access from U.S.-based Internet addresses.

At, project members unearthed a top-down hierarchy of expert hackers who doled out target lists of Georgian government Web sites to relative novices, complete with instructions on how to exploit vulnerabilities in the sites in order to render them inaccessible. Following a July defacement of the Georgian president's Web site that was blamed on Russian hackers, the Georgian government blocked Russian Internet users from visiting government Web sites.


But Carr said StopGeorgia administrators also equipped recruits with directions on evading those digital roadblocks, by routing their attacks through Internet addresses in other Eastern European nations. The level of advance preparation and reconnaissance strongly suggests that Russian hackers were primed for the assault by officials within the Russian government and or military, Carr said.

"The fact that the site was up and running within hours of the ground assault -- with full target lists already vetted and with a large member population -- was evidence that this effort did not just spring up out of nowhere," said Carr, speaking at a forum in Tysons Corner, Va., sponsored by Palantir Technologies, an In-Q-Tel funded company in Palo Alto, Calif., whose data analysis software helped Grey Goose investigators track the origins and foot soldiers involved in the cyber attack. "If they were planning ahead of the invasion, how did they know the invasion was going to occur? The only way they could have known that is if they were told."

Initially, security experts assumed that the sites were felled via "distributed denial of service" (DDoS) attacks, a well-known method of assault that uses hundreds or thousands of compromised personal computers to flood a targeted site with so much junk traffic that it can no longer accommodate legitimate visitors. But investigators soon learned that attackers were instructed in the ways of a far more simple but equally effective attack strategy capable of throttling a targeted Web site using a single computer.

Security researcher and Grey Goose investigator Billy Rios said attackers disabled the sites using a built-in feature of MySQL, a software suite widely used by Web sites to manage back-end databases. The "benchmark" feature in MySQL allows site administrators to test the efficiency of database queries, but last year hackers posted online instructions for exploiting the benchmark feature to inject millions of junk queries into a targeted database, such that the Web servers behind the site become so tied up with bogus instructions that they effectively cease to function.

"Not only can a small number of users bring down the back end databases, it indicates that there was some form of planning, reconnaissance, and some technical sophistication by some of the members," Rios said. "It also indicates that all the information from the attacked systems was most likely already compromised and pilfered before the injection point was posted."

While Grey Goose members could find no direct link between Russian government officials and the forum administrators, they claim it is unreasonable to conclude that no such connection exists.

"The historical record shows clear support by members of the Russian government and implied consent in its refusal to intervene or stop the hacker attacks," the report states, naming at least three Russian politicians and military officials who have previously endorsed coordinated cyber attacks against other nations as a show of nationalistic pride.

Oleg Gordievsky, a former colonel in the Russian KGB who defected to the British intelligence wing MI6 in 1985, spoke in 1998 at an international conference on crime and discussed how Russian hackers convicted of cyber crime are sometimes offered an alternative to prison -- working for the FSB" (the federal security service of the Russian Federation and a successor to the KGB).

According to a cyber warfare analysis by researchers at Dartmouth College, Moscow has a track record of offensive hacking into Chechen Web sites. The researchers provide this account of incidents in 2002, when Russian hackers used cyber warfare in to supplement the ongoing military conflict with Chechnya.

"In 2002, Chechen rebels claimed that two of their Web sites, and, crashed under hack attacks by the Russian FSB security service. The website crashes were reportedly timed to occur concurrently or shortly after Russian Special Forces troops stormed the Moscow Theater in which the rebels had taken hostages. "On October 26 ... our Web Site was attacked by a group of hackers," said a spokesman for the Chechen rebel site run by Movladi Udugov. Following the attack on the site, which is based in the United States, Udugov said that he was "amazed Russia's special services can operate so freely on U.S. territory." The attacks on one site,, fell under the category of brute-force denial of service (DoS) attacks, while on the other site,, the attacks appeared much more sophisticated.

According to Chechen sources, the Web site was hijacked by hackers from the FSB. The FSB hackers reportedly accomplished this by changing the domain registration of the site and then eliminating the data for the site from the hosting server. Upon learning of these attacks, the rebels moved the information on the sites to However, that site was attacked just a week later, also apparently the work of FSB hackers.

In July, Russian hackers were blamed for a similar assault on Lithuanian government Web sites. In Security Fix's account of that attack, I posted a copy of a congratulatory letter sent to nationalist Russian hackers by Nikolai Kuryanovich, a former member of the Russian Duma. The missive is dated March 2006, and addresses the hacker group Slavic Union after the group had just completed a series of successful attacks against Israeli Web sites.

"In the very near future many conflicts will not take place on the open field of battle, but rather in spaces on the Internet, fought with the aid of information soldiers, that is hackers," Kuryanovich wrote. "This means that a small force of hackers is stronger than the multi-thousand force of the current armed forces."

The Grey Goose report concludes that the journeyman-apprentice relationship observed in the StopGeorgia forum will continue to be the training model used by nationalistic Russian hackers, and that those hackers are actively engaged in finding more efficient ways to disable networks.

In the meantime, Carr said, the Russian government will continue to deny any involvement in any nation-level cyber attacks.

"The Russian government has adopted this hands-off and satisfying position of deniability while enjoying the rewards achieved by the Russian hacker community," Carr said.

By Brian Krebs  |  October 16, 2008; 3:15 PM ET
Categories:  Fraud , From the Bunker  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Microsoft's Patch Tuesday Includes New Rating Index
Next: Atrivo Shutdown Hastened Demise of Storm Worm


So they found it was simple Russian citizens, volunteers with no proven Govt connections? Why the rest of the story blaming the Russian Govt for things no-one proved they committed? Gordievsky spoke of cyber terrorism when? In 1998? This is like 100 Internet years ago... And the Lithuanian attacks never proved to be from Russia. What is this?

Posted by: What a bunch of bull | October 16, 2008 7:40 PM | Report abuse

The readers should not be surprised. Do not under or overestimate Russian KGB/FSB and its leader Putin. These people will do anything to achieve their goals. They will kill, torture, rape, steal, and harm every time they can. With a deadly dose of dioxin, they poisoned Viktor Yushchenko, then Ukrainian presidential candidate. The goal was to kill. Although Yushchenko miraculously survived, his face was badly disfigured.
They also tried to kill Alexander Litvinenko many times and each time they failed until the very last time, when they poisoned the man with highly radioactive polonium. Not surprisingly, the prime murder suspect, a Russian “former” KGB officer, Andrei Lugovoi lives in Russia. Russian authorities refuse to extradite him to Britain. Before Alexander Litvinenko died, he was asked "how far will Putin go to win?" Litvinenko's response was "as far as it takes."
I would say Putin will go as far as he can, before he is stopped.
They will DO anything they can. However, this does not mean that they CAN do anything they want.

Posted by: Zviad | October 16, 2008 9:25 PM | Report abuse

Russia to Hacker: "Take out this computer"
Hacker: "Gimme a second... spamming commenced"
Server: "Pant! Wheeze!"
Technician: "Hmmmm... strange"

Russia to Military: "Take out this computer"
Military: "Gimme a second... Bomb away"
Server: "ka-BOOOM!...."
Technician: "...gurgle...."

Am I the only one that sees that it doesn't really matter? Russia's military crushed Georgia's infrastructure; these hackers just basically urinated on the remains.

Posted by: Mattsoundworld | October 17, 2008 10:46 AM | Report abuse


Posted by: Pete from Arlington | October 17, 2008 11:47 AM | Report abuse

I don't get involved in other people's affairs. Nor should you.

Posted by: Hans | October 17, 2008 11:59 AM | Report abuse

...but if "other people" happen to be one of your friends, Hans?

Posted by: j-man | October 17, 2008 12:11 PM | Report abuse

I had read that the Georgian web sites were first attacked on Aug. 2nd, 2008.
The argument about when the Russian troops went through the tunnel was either on the 7th or the 8th, supposedly the act that forced Georgia to attack.
I have read nothing since, nor can I find what I did read, about the first attack.

Posted by: SamEllison | October 17, 2008 12:40 PM | Report abuse

I love how even after admitting in the first paragraph that the inquiry found no evidence that Russian officials did anything greater than not stopping a bunch of hackers from messing up Georgian sites, this article goes on to imply that there's no way the government didn't help these hackers get through the necessary barriers...

Also, why was the internet assault at all dependent on the Russian military invasion? And why is it inconceivable to suppose that the hackers didn't need their government to figure out what Georgia's security precautions would amount to? Georgia's not exactly the most technologically advanced country in the world. While it's possible the Kremlin could have been extending aid to these hackers it's also very possible that they did it independently, and it gets us nowhere to assume that every ill done to Georgia is due to an evil Russian government. Especially when there's no hard evidence to support that claim.

Posted by: laiquendi | October 17, 2008 12:43 PM | Report abuse

Good sleuthing!

But we already knew the Kremlin coordinated the hit.

Russian criminals in the Kremlin, Millitary, and civillian economy mafia are always blatantly obvious even when they try to hide.

...They're like an elephant hiding behind a house plant asking "Who? Meeee?" when called out on the obvious. Then they smirk and say "Ok. So what are you going to do about it?"

Posted by: JBE | October 17, 2008 2:09 PM | Report abuse

Actually, there were reports of a test run at the end of September and a full online assualt the day before the Russian "response" (ie: invasion).

Take the cyber attack, the immediate and massive ground response, and even the naval activities which one American naval analyst said would take weeks to coordinate, Russia did it all in hours and days.

To say that it is independant Russian citizens or independant hackers is just cover. The horrible part, due to the crackdown on the press including the assasination of the leading anti-Putin investigative journalist and one Ingush reporter who killed shortly after being arrested after his plane landed. There will be no thorough investigation of this inside Russia, and given the government's recent actions outside investigations can only go so far.

Posted by: Anon | October 17, 2008 2:28 PM | Report abuse

Attn: Brian Krebs: Keep repeating the same old news. When any of your readers needs a new DoS product, one that works with "Science" behind it, call me -917-497-5523 directly. Remember"all software is hackerable!!!" quoted by: Dr. Roger Schell, IEEE. He wrote NSA Book!

Posted by: Bob Pollock | October 17, 2008 3:14 PM | Report abuse

But what if "other people" is one of your friends? Say for instance that a friend was getting divorced from a mutual acquaintance. In the process of that divorce, the acquaintance, who is also the stronger of the couple, began to assault your friend. Would you not get involved on your friend's behalf?

Posted by: j-man | October 17, 2008 3:54 PM | Report abuse

Заранее простите, если не по адресу, но всё же хотела бы получить ваши советы, т.к. я знаю, что здесь очень много отзывчивых и приятных в общении людей.
Проблема в том, что мой сын, его возраст 4 года, последний год стал очень часто и продолжительно болеть, в основном это ОРЗ, но тянущееся достаточно большой срок(10-14 дней). Болеть он может регулярно, от 1-ого, до 3-х раз в квартал. Что я только не пробовала, выполняла все рекомендации врача, бесполезно, не помогает :( В общем несколько разочаровалась я в нашей медицине и поэтому решила спросить тут, может быть кто-нибудь посоветует, что-нибудь дельное?

Posted by: Lisochek | October 17, 2008 4:37 PM | Report abuse

Well, there are always hackers online, so it isn't too hard to see how their attack can start just a few hours after the war started.

Posted by: bengtl | October 17, 2008 8:59 PM | Report abuse

Doing some testing

Posted by: KevinDonae | October 17, 2008 9:10 PM | Report abuse

Здрасьте всем!!
Буду на неделе в столице, быть может кто даст совет где можно инфу почитать про досуг в Москве. Может кто пользовался уже каким-либодосугом, хотелось бы в отличное место попасть, расслабиться так сказать на все 100. Очень интересны разные развлечения и моральные ну и физические тоже. А то просто не хочется потом огорчаться, если не оправдает досуг моих надежд.

Posted by: mentyroper | October 18, 2008 9:25 AM | Report abuse

Хочу вот прикупить машинку себе. Но я ваще никогда машину не водил, даже прав нету. Хотел купить нормальнуюмашинку. А вот народ советует купить какую-нить б/у-шную, чтобы на ней опыта набираться, чтобы разбить было не жалко. Типа один хрен разобьешь :). А другие советуют купить новую и застраховать её КАСКО, но блин дорого КАСКО для водил без опыта стоит, мне знакомые говорили, что на фордик за 500к руб в районе 70к КАСКО выйдет. Стоит ли так переплачивать?
Кто что скажет из личного опыта?

Posted by: VelkamoN | October 19, 2008 3:15 AM | Report abuse

Mine is WAY to werid so i shall not say mine unless your VERY open minded about things

Posted by: Abildbind | October 19, 2008 10:33 AM | Report abuse

as apposed to things that are pissing you off, and not specifically a victory.

I have to say I have a great boss - fist time in my life I have been so completly happy with my boss.

yesterday, she decides to impliment a new system for my expense reports that now will save me a huge amount of work - not only a huge amount of work, but the day or two of the month with the least pleasant work I do. a typicall expense report for me has 7-10 currencies, mind you, and maybe 200 seperate recepts. she took 95% of my work away. I've been doing these damn reports for 20 years, and nobody has done this for me before.

I am a very happy puppy.

Posted by: Crervogyalery | October 20, 2008 5:01 AM | Report abuse

Doing some testing

Posted by: KevinDonae | October 21, 2008 10:54 PM | Report abuse

Today though, I decided to start ignoring John.
Although I appreciate his friendship and advice for the past 20 some years, it is not making me rich.
In fact, even though he’s a millionaire, I’m still working hard for a living.
I have most of my life ahead of me, and I cant keep listening to him anymore.,, '

Posted by: RemInjextannoma | October 22, 2008 9:29 AM | Report abuse

Hi sexy girls at this forum! My name is Mike and I want to hook up with you so much.

Please reply!

Posted by: _wowmanjac_ | October 22, 2008 10:49 AM | Report abuse

Today though, I decided to start ignoring John.
Although I appreciate his friendship and advice for the past 20 some years, it is not making me rich.
In fact, even though he’s a millionaire, I’m still working hard for a living.
I have most of my life ahead of me, and I cant keep listening to him anymore. , ,

Posted by: Waxpatexeque | October 22, 2008 11:37 AM | Report abuse

Hi sexy girls at this forum! My name is Mike and I want to hook up with you so much.

Please reply!

Posted by: _wowmanjac_ | October 22, 2008 12:29 PM | Report abuse

Blonde in a Boat

There was a blonde driving down the road one day. She glanced to her right and noticed another blonde sitting in a nearby field, rowing a boat with no water in sight.

The blonde angrily pulled her car over and yelled at the rowing blonde, "What do you think you're doing? It's things like this that give us blondes a bad name. If I could swim, I'd come out there and kick your butt!"

Posted by: fuytruiiil | October 22, 2008 12:35 PM | Report abuse

A year and a few weeks, from the moment of diagnosis daughter allergic bronchial asthma mild degree (daughter was 1 year and 10 months).
What I knew came out of pulmootdeleniya on asthma - nothing, absolutely nothing. Here is some information found here -- - allergy and asthma product

Posted by: Redehosselm | October 22, 2008 12:47 PM | Report abuse

"СимСтройСервис" известна на строительном рынке с 2002 года как высокопрофессиональная и надежная строительная компания,
мы также разрабатываем проекты домов и коттеджей в г. Москва и Московской области.
Мы занимаемся комплексно вопросами строительства домов, коттеджей, строительства бань:
от получения разрешения на строительство, архитектурного проекта и дизайна, до строительства под ключ, внутренней отделки и ремонта.
Ремонт квартир и офисов является приоритетной задачей нашей компании, особенно в сезон неактивного дачного строительства загородных домов и коттеджей.

тел., +7 (495) 648-6818

Posted by: niki | October 22, 2008 1:43 PM | Report abuse

Привет! Есть такой игровой сайт с онлайн играми, на нем очень много разных игр, я там зависаю каждый день. Особенно мне нравится играть в реверси, но почему-то в реверси довольно мало игроков, приходится долго сидеть и ждать пока кто-нибудь придет. Вот и хочу пригласить вас туда, может вам тоже нравится эта игра. Мой ник на сайте - Likvedator.

Posted by: Likvedator | October 22, 2008 3:51 PM | Report abuse

[url=]free laptops[/url]

Posted by: ashlanfire | October 22, 2008 5:04 PM | Report abuse

"ПРЕСТИЖ"ЦЕНТР РЕКЛАМНЫХ СУВЕНИРОВ - официальный дистрибьютор письменных принадлежностей LECCE PEN на территории России. Всегда в наличии, на складе в Москве, огромный ассортимент всего модельного ряда продукции LECCE PEN. Собственное производство по нанесению фирменной символики. Рекламным агентствам и посредникам – БОЛЬШИЕ СКИДКИ! Для регионов – бесплатная доставка до транспортной компании.
Свою историю компания LECCE PEN начинает в 1950 году, тогда Фернандо Леччи основал в Милане фирму, специализирующуюся на продаже авторучек. Далее, в 1953 году, штаб-квартира была перенесена в город Сеттимо Торнезе, где компания и открыла собственное производство шариковых ручек. В настоящее время компания LECCE PEN имеет филиалы во всех наиболее стратегических областях Восточной Европы, Ближнего Востока, Америки и Азии. LECCE PEN Polska работает в Польше, завод Sintesi в Словении, LECCE PEN KALEMCILIK в Турции, в Бразилии E.A.C. LECCE PEN. Лицензионные соглашения для массового производства были подписаны в Египте. Офис LECCE PEN АЗИЯ, был открыт в Гонконге, чтобы контролировать обширный Азиатский рынок.
Все виды деловых подарков

“CENTER OF ADVERTISING GIFTS PRESTIGE ”sellall kinds of luxury gifts for any holidays! All kinds of business gifts wholesale. Own printing and engraving facilities.
“CENTER OF ADVERTISING GIFTS PRESTIGE ” Lighters, gift lighters, lighters wholesale, to buy lighter, gas lighters, gas lighter, lighters with logo, Turbolighter, lighter, lighter-key holer,
lighter with pocket torch, expensive lighters, Lighter-bottle opener, plastic lighters, metal lighters, lighters wholesale ADVERTISING COMPANY
“PRESTIGE”. We make and sell wholesale Printing logos on souvenirs and gifts . We put on the gifts various kinds of firm symbolics by method silk screen printing. We sell dekole mugs wholesale , dekole of mugs. Printing offset. We make
laser grafics in optic glass .Gifts frommetall.We have sets of business gifts for different spheres,for example: the Foodstuff, Alcohol you can order gifts from us for even to the president of Russian Federation! Multichannel phone in Moscow: 8(495)729-57-79

Posted by: lechepenlechetg | October 22, 2008 6:21 PM | Report abuse

Хочу вас поздравить - начали приходить квитации о штрафе. :( Пришли две квитанции о превышении скорости.
Хочу купить вот тут этот самый фотоблокер! Читал по иностранным сайтам что спасает, и в англии за его приминение штраф в 1000 фунтов.
Что касается России. Используют они те же камеры или у нас какаое то свое ноу хау. В нашем инете мнения расходятся. Что посоветуете? Пишут что камеры вспышку не используют. Хотя было бы неразумно предположить что камеры могут ночью так номер зафиксировать! Без всыпшки не обойтись! Знакомый меня вроде как чет сказал насчет инфракрасной вспышки! На сайте пишут что от инфракрасный лучей как раз спасает.

Posted by: Wolfman | October 22, 2008 9:40 PM | Report abuse

Great website. Be good to my pink package I have a good fresh joke for you! Why did the chicken cross the playground? To get to the other slide. I wanna to have a good time, Lets speack!

Posted by: easeliarpaper | October 22, 2008 9:47 PM | Report abuse

Хочу предоставить халявный [url=]хостинг[/url] для участников!

Posted by: adminsys | October 22, 2008 10:39 PM | Report abuse

The website looks pretty different and also has some useful and helpful information to help everyone.

Posted by: Hacker4lease | October 22, 2008 11:04 PM | Report abuse

Хочу дать халявный хостинг для участников!

Posted by: adminsys | October 22, 2008 11:27 PM | Report abuse

Hi sexy girls at this forum! My name is Mike and I want to hook up with you so much.

Please reply!

Posted by: _wowmanjac_ | October 23, 2008 1:29 AM | Report abuse

buy cd full retail AutoCAD Architecture 2008 software

Posted by: MadMark | October 23, 2008 2:37 AM | Report abuse

car insurance for young females
car insurance canada
arizona car insurance laws
penndot pennsylvania car insurance classic antique

Look at great [url=]car insurance in houston[/url]

car insurance quotes in florida
geico car insurance in canada
national bank car insurance
womens car insurance uk
david beckham car insurance
its for me car insurance
car insurance sharon pennsylvania
car insurance costs
linkdomain cheap rate free auto car insurance quote
shopping for car insurance
1 months car insurance
cheap car insurance for modified cars
car insurance ironwood
car insurance in miami
car insurance rate
car insurance quotes in pa
antique car insurance us
bmw car car insurance used

Posted by: GYPEAFTEDGE | October 23, 2008 4:11 AM | Report abuse

Вся сантехника из Японии в Санкт-Петербурге и Северо-Западе
+7 812 9567284 ЗВОНИТЕ!!! для Вас лучшее из Японии. компания NEOTOTO
Лучшая сантехника VIP класса

Posted by: suntespb | October 23, 2008 4:26 AM | Report abuse

car insurance selling car insurance
car insurance lafayette louisiana
classic car insurance quotes online

Look at great loyds tsb car insurance

aic car insurance
car insurance quote in new jersey
hyper performance car insurance
car insurance company canada
car insurance card
car insurance north ridgeville
car insurance lake worth
toyota car insurance
car insurance classic car
economical car insurance
car insurance groups uk
car insurance plpd
arron car insurance ireland
mexico car insurance
car insurance australia
breakdown car insurance mechanical uk
car insurance swissvale
buy rental car insurance

Posted by: liadiawrafe | October 23, 2008 5:36 AM | Report abuse

Мне нужно купить новую помаду себе. Хотела заказать в Орифлейме. Нашла сайт, ввела в поиске помада, и мне показали 14 штук! Цены совершенно разные. Есть по 109 рублей, а есть и по 310. Вот и не знаю какую лучше купить? Которую подороже или которую подешевле? Чем они отличаются?

Posted by: Krestinochka | October 23, 2008 6:25 AM | Report abuse

Хочу услышать ваше мнение, как поднять свою работоспособность. Подскажите какие нить действенные способы(методы), может о чем то таком подумать или представить стимилирующее к работе. Обычно на начальном этапе рвение просто бешенное, могу несколько дней подряд работать, а потом постепенно желание проподает, вроде видишь что нужно сделать, что исправить, но сука лень какая-то :evil: И вот в такие моменты нужно как-то себя заставить, но как? Как настроить себя на работу?

Posted by: zGidz | October 23, 2008 9:27 AM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company