How I became a soldier in the Georgia-Russia cyberwar.
Posted Thursday, Aug. 14, 2008, at 5:31 PM ET
As Russian and Georgian troops fight on the ground, there's a parallel war happening in cyberspace. In recent weeks, Georgia's government Web sites have been besieged by denial-of-service attacks and acts of vandalism. Just like in traditional warfare, there's a lot of confusion about what's going on in this technological battle—nobody seems to know whether this is a centralized Russian attack, the work of a loose band of hackers, or something else. Having read so many contradicting accounts, I knew that the only reliable way to find out what was really happening was to enlist in the Russian digital army myself.
Don't get me wrong: My geopolitical sympathies, if anything, lie with Moscow's counterparts. Nor do I see myself as an Internet-savvy Rambo character. I had a much simpler research objective: to test how much damage someone like me, who is quite aloof from the Kremlin physically and politically, could inflict upon Georgia's Web infrastructure, acting entirely on my own and using only a laptop and an Internet connection. If I succeeded, that would somewhat contradict the widely shared assumption—at least in most of the Western media—that the Kremlin is managing this cyberwarfare in a centralized fashion. My mission, if successful, would show that the field is open to anyone with a grudge against Georgia, regardless of their exact relationship with state authorities.
Not knowing exactly how to sign up for a cyberwar, I started with an extensive survey of the Russian blogosphere. My first anonymous mentor, as I learned from this blog post, became frustrated with the complexity of other cyberwarfare techniques used in this campaign and developed a simpler and lighter "for dummies" alternative. All I needed to do was to save a copy of a certain Web page to my hard drive and then open it in my browser. I was warned that the page wouldn't work with Internet Explorer but did well with Firefox and Opera. (Get with the program, Microsoft!) Once accessed, the page would load thumbnailed versions of a dozen key Georgian Web sites in a single window. All I had to do was set the page to automatically update every three to five seconds. Voilà: My browser was now sending thousands of queries to the most important Georgian sites, helping to overload them, and it had taken me only two to three minutes to set up.
But now I knew that there must be other more sophisticated options out there. After some more investigation, I unearthed two alternatives, one creative and one emotional.
The creative option was to write my own simple program. Although my experience with software development is nonexistent, the instructions looked manageable. All I had to do was create a blank text file, copy and paste the URLs of any Web sites that I wanted to attack, specify how many times these sites should be pinged, and copy and paste a few lines of code from the original instructions. The last bit was to rename it with a .BAT extension, instantly converting it into a file that Windows recognizes as an executable program.
My e-Molotov cocktail was ready to go. I just had to double-click the file, and all those sites that I listed would be inundated with requests. The original blog post also encouraged me to run my program at certain times of the day to coincide with attacks launched by others, thus multiplying their effectiveness.
So far, it looked as if my experiment was succeeding. In less than half an hour, I already had two options that could potentially cause some damage, if I hadn't stopped after the first few seconds of testing. What I found missing in my first two trials, though, was a sense of priorities. If I were truly interested in destabilizing the Georgian sites, how would I know whether to focus on the Ministry of Transportation or the Supreme Court? What if other volunteers like me were attacking one but not the other? Were my resources more vital on other e-fronts?
Faced with these dilemmas, I turned to the site StopGeorgia for help. This was the emotional option. Branding itself as a site by and for the "Russian hack underground," StopGeorgia declared that it wouldn't tolerate "aggression against Russia in cyberspace." In addition to this militaristic rhetoric, the site offered a very convenient list of targets—Web sites that either belonged to Georgian government agencies or to potential friends of the country (including those of the U.K. and U.S. embassies in Tbilisi). This list included plus and minus signs to indicate whether the sites were still accessible from Russia and, for some reason, Lithuania. The sites with the plus signs were, logically, the primary target; there was no point in attacking the sites that were already down.
The administrators of StopGeorgia did not stop there; they also offered visitors a virtual present. The treat was a software utility called DoSHTTP, which the site encouraged all readers to download. DoSHTTP's creators bill it as a program to "test" the so-called "denial-of-service attacks" that have become synonymous with modern cyberwarfare. But if you believe the rhetoric on StopGeorgia, its capabilities extend far beyond mere testing—the site encouraged all visitors to use the program to launch attacks, not test them.