Project Grey Goose Phase I Report Published.

Last Updated on Sunday, 21 December 2008 01:42 Written by admin Thursday, 16 October 2008 05:54

5 Comments

1. Project Grey Goose report released | refractal   |  Thursday, 16 October 2008 at 6:22 pm

   [...] 56 days of investigation the group has published its findings [pdf] [intelfusion blog]. The [...]
2. TPile » Blog Archive » Russian Coder: I Hacked Georgia’s Sites in Cyberwar   |  Thursday, 23 October 2008 at 5:45 pm

   [...] from the Russian government to a defunct, Moscow-based criminal consortium was blamed. A recent, preliminary report from the "Grey Goose" collection of online sleuths alleged that nationalistic Russian [...]
3. Hvem gjorde Saakasjvili til Hitler? « Astrid Meland   |  Sunday, 30 November 2008 at 5:37 am

   [...] Også de mener det er russiske hackere som har operert stort sett på egen hånd, som har en stor del av skylda for det som skjedde. [...]
4. Georgie: récit d’une cyber-attaque : ø Carnet Web de Thibaut Maquet ø   |  Thursday, 11 December 2008 at 1:54 pm

   [...] du gouvernement. Ceci a été démenti par un rapport d’experts indépendants appelé Grey Goose que réfutent toujours les autorités Géorgiennes. Maintenant, encore une fois l’ombre de la [...]
5. Dmitri Minaev   |  Monday, 12 January 2009 at 5:42 am

   It was not easy to trace the origin of this document . You should have included an URL in the text.

   Someone posted a link to the report at our forum, simaqianstudio.com, so, if you don’t mind, I will quote my own reply from that discussion:

   The team needed someone with good command in spoken Russian. The first screenshot at page 12, both screenshots at page 13, the screenshot at page 22 do not contain any information directly referring to the attacks on Georgian resources. So, the text at page 22 simply describes a way to hide your physical location when using GPRS to hack a computer (which is still a crime even in Russia). Screenshots at page 13 include the text of articles discussing the methods of breaking popular Russian social networks, vkontakte.ru and odnoklassniki.ru.

   OPSOS is not exactly a “system that records and stores call connection information”, but just a cell phone service provider.

   xakep.ru is the web-site of a popular Russian magazine for wannabe hackorz, and that the access not blocked for the visitors with US-based IP-addresses may be explained by the commercial nature of the web-site, which is often visited by Russians living in other countries. Xakep.ru is not specifically patriotic or nationalist resource.

   The texts with instructions on attacking Georgian resources are quite primitive. Using ‘ping’ or some trivial tools like DoSHTTP doesn’t really seem to be what government-sponsored cyber-soldiers might use.

   Some time ago we discussed similar attacks of Russian hackers on Estonian resources: Eu Says Russia Must Honor Contracts With Estonia. In that thread, I gave links to some posts in LiveJournal with the instructions to use ‘ping’ to run DDoS attacks.

   Here’s a couple of articles on the attacks on Estonian resources:
   Cyberattack in Estonia–what it really means
   Student behind DoS attack that rekindled bad Soviet memories

   PS: But I find it very probable that some political parties (specifically, LDPR) played a role in organizing these attacks. I’m not sure, though, if such involvement may be classified as the government sponsorship.