Simultaneously with the Russian invasion of Georgia on August 7, 2008, a large-scale cyber attack was launched on the country’s IT infrastructure – shutting down or disturbing most crucial government websites, along with those of major banks, business organizations, educational institutions, and media sites. The attack successfully disrupted the informational capabilities of the Georgian government and prevented it from channelling its version of events domestically, as well as internationally.

While the attack is generally assumed to have been part of the overall Russian war effort – thus more or less directly instigated by the Russian military, the actual design of the attack has remained unclear. The recently released report “Overview by the US-CCU of the Cyber Campaign Against Georgia in August of 2008” by the U.S. Cyber Consequences Unit, an independent, non-profit organization affiliated with the Fletcher School of Law and Diplomacy, helps clear some of the fog surrounding the cyber-attack.

The report concludes that the attacks were carried out by civilians without affiliation to the Russian military or authorities, recruited, coordinated, and supplied with software through Internet social forums. The attackers mostly comprised of residents of Russia, but came to include participants around the world, most prominently from Ukraine and Lithuania. All except one of the forums coordinating the attacks were in Russian. However, the report states that many of the attacks were so tightly coordinated with the Russian military operations that its organizers must have been cooperating with the Russian military, receiving information on the timing of operations. The speed with which the attacks were implemented also suggests that significant preparation, such as reconnaissance for Internet vulnerabilities, production of software, and writing of attack scripts must have been carried out beforehand. Certain material specifically designed for use against Georgia had verifiably been produced as long as two years ahead, indicating that Russian cyber-warfare against Georgia had been on the table for some time.

The report also suggests that the cyber-attacks were supported by Russian organized crime. Several of the servers and addresses utilized for coordinating the attacks were associated with Russian criminal organizations, as were the botnets employed.

According to the report, a coordinated attack of botnets, which had previously utilized for criminal activities, marked the start of the cyber war. The attack was then expanded by a mass recruitment of civilian attackers through postings on websites, providing both the tools for conducting cyber attacks and a list of proposed targets. These were by design so easy to use that very little technical knowledge was required on the part of individual participants.

The immediate targets of the attacks were the most crucial government and media websites. The list of targets was then expanded to include more government and media sites (including BBC and CNN), as well as those of financial institutions, business associations, and educational institutions. The attacks disturbed several channels of communication, including emails, landline phone calls and mobile phone traffic. This had the effect of disrupting Georgian government coordination and communication with the general public, restricting public communication and access to information, and disturbing financial transactions.

Georgia sought to respond to the cyber attacks through requesting assistance from Estonia, which had been subjected to a similar attack during the ‘statue crisis’ the previous year. Attempts to alleviate the effects included the unsuccessful instalment of filters, and later shifting the hosting of websites to servers in Estonia and the U.S., which proved more efficient. Georgia also launched a counter cyber-attack against Russian websites, reportedly with little effect.

The report’s main conclusion is that the objective of the cyber attacks was to support the Russian invasion of Georgia, and that it was tightly coordinated with Russian action on the ground. The attacks started and ended in very close coordination with the military campaign. Almost all targets were such that attacking them would produce military advantages from a Russian point of view. News media and communications facilities, which would otherwise have been likely targets for physical attacks, were left unharmed, since they were already inoperable due to cyber-attacks.

The US-CCU report provides a convincing account of the cyber-war as part of overall Russian military tactics. Even though no concrete evidence is produced of direct communication between the Russian military and the organizers of the cyber attack, the circumstances and timing of these attacks suggest that such coordination must have existed. The fact that the attacks, launched immediately upon the Russian invasion, would have needed long preparation makes convincing the assertion that they were indeed an important component of a pre-planned Russian invasion of its neighbor.