Friday, October 17, 2008

Recommended Reading: Analysis of Russian Cyber Attacks

Project Grey Goose have released a detailed study of the capabilities and methods used in cyber attacks believed to have originated in Russia. The report gives four high level findings:

  1. "We assess with high confidence that the Russian government will likely continue its practice of distancing itself from the Russian nationalistic hacker community thus gaining deniability while passively supporting and enjoying the strategic benefits of their actions."

  2. "We assess with high confidence that nationalistic Russian hackers are likely adaptive adversaries engaged in aggressively finding more efficient ways to disable networks."

  3. "We judge with moderate confidence that a journeyman-apprentice relationship will continue to be the training model used by nationalistic Russian hackers."

  4. "We estimate with moderate confidence that hacker forums engaged in training Russian cyber warriors will continue to evolve their feedback loop which effectively becomes their Cyber Kill Chain."
In reading this report, it is striking how similar the techniques used today are compared to historical cyber attacks and espionage. While the software tools used by modern cyber criminals have increased their efficiency by orders of magnitude, the basics are still the same.

Of particular interest is finding 3 concerning the "journeyman-apprentice relationship". This is not a new phenomenon and was seen in the earliest days of network intrusions, especially those with political motivation. For example, during the 1987-88 investigations of the cyber espionage case in which West German nationals where working for the Soviet Union, it was discovered that the five West German principals had set up a network of "apprentice hackers" to assist in network mapping and initial intrusions.

Unfortunately, very little information has been published in open sources concerning the investigation of these early intrusions. Clifford Stoll's 1989 book "The Cuckoo's Egg" documented a small portion of the overall activity and investigation. Some very generalized information concerning the techniques and methods used by the West Germans (and other cases) is provided in: International Intrusions: Motives and Patterns.

The full Grey Goose report is available at:

Russia/Georgia Cyber War – Findings and Analysis

A good summary article is also available from the Washington Post:

Report: Russian Hacker Forums Fueled Georgia Cyber Attacks

No comments: