Wednesday, August 19, 2009

Hackers Stole IDs for Attacks

Russian hackers hijacked American identities and U.S. software tools and used them in an attack on Georgian government Web sites

Russian hackers stole U.S. identities and software tools for use in a cyberattack against Georgian government Web sites during the war between Russia and Georgia in 2008, according to a new report by the U.S. Cyber Consequences Unit. The report says that Russian hackers converted Microsoft software into a cyberweapon and collaborated on popular U.S.-based social-networking sites, including Facebook and Twitter, to coordinate attacks against Georgian sites. Although the cyberattacks were closely examined following the war, the connections to the United States had remained hidden until this year.

Personal and credit card information stolen from U.S. citizens was used to register Web sites that launched the botnet attacks, and once the attacks started, Facebook and Twitter were used to exchange attack code and encourage others to join the attack. Experts say the study shows how cyberwarfare has outpaced military and international agreements, which do not account for the possibility of using U.S. resources and civilian technology as weapons.

Identity theft, social networking, and modifying commercial software are all common attack strategies, but combining these strategies raises the attack to a new level, says former U.S. Department of Homeland Security cybersecurity chief Amit Yoran. White House officials are now studying how laws of war and international obligations need to be adjusted to account for cyberattacks. The U.S. Cyber Consequences Unit says the Georgian attacks were perpetrated by Russian criminal groups, and had no clear link to the Russian government, but the time of attacks, which started only hours after the military invasion started, suggests the Russian government may have at least indirectly coordinated with the cyberattackers.

Refer here to read more details about this research.

No comments: