By Brian Krebs
The Washington Post
October 16, 2008
An exhaustive inquiry into August's cyber attacks on the former Soviet
bloc nation of Georgia finds no smoking gun in the hands of the Russian
government. But experts say evidence suggests that Russian officials did
little to discourage the online assault, which was coordinated through a
Russian online forum that appeared to have been prepped with target
lists and details about Georgian Web site vulnerabilities well before
the two countries engaged in a brief but deadly ground, sea and air war.
The findings come from an open source investigation launched by Project
Grey Goose, a volunteer effort by more than 100 security experts from
tech giants like Microsoft and Oracle, as well as former members of the
Defense Intelligence Agency, Lexis-Nexis, the Department of Homeland
Security and defense contractor SAIC, among others.
The group began its inquiry shortly after the cyber war disabled a large
number of Georgia government Web sites. Starting with the Russian hacker
forum Xaker.ru (hacker.ru), investigators found a posting encouraging
would-be cyber militia members to enlist at a private,
password-protected online forum called StopGeorgia.ru. Grey Goose
principal investigator Jeff Carr said the administrators of the hacker
forum were keenly aware that American cyber sleuths were poking around:
Within hours after discovering the link to the StopGeorgia site,
Xaker.ru administrators deleted the link and banned all access from
U.S.-based Internet addresses.
Register now for HITBSecConf2008 - Malaysia! With
a new triple-track conference featuring 4 keynote
speakers and over 35 international experts, this
is the largest network security event in Asia and
the Middle East!