So far, it looked as if my experiment was succeeding. In less than half an hour, I already had two options that could potentially cause some damage, if I hadn't stopped after the first few seconds of testing. What I found missing in my first two trials, though, was a sense of priorities. If I were truly interested in destabilizing the Georgian sites, how would I know whether to focus on the Ministry of Transportation or the Supreme Court? What if other volunteers like me were attacking one but not the other? Were my resources more vital on other e-fronts?
Faced with these dilemmas, I turned to the site StopGeorgia for help. This was the emotional option. Branding itself as a site by and for the "Russian hack underground," StopGeorgia declared that it wouldn't tolerate "aggression against Russia in cyberspace." In addition to this militaristic rhetoric, the site offered a very convenient list of targets—Web sites that either belonged to Georgian government agencies or to potential friends of the country (including those of the U.K. and U.S. embassies in Tbilisi). This list included plus and minus signs to indicate whether the sites were still accessible from Russia and, for some reason, Lithuania. The sites with the plus signs were, logically, the primary target; there was no point in attacking the sites that were already down.
The administrators of StopGeorgia did not stop there; they also offered visitors a virtual present. The treat was a software utility called DoSHTTP, which the site encouraged all readers to download. DoSHTTP's creators bill it as a program to "test" the so-called "denial-of-service attacks" that have become synonymous with modern cyberwarfare. But if you believe the rhetoric on StopGeorgia, its capabilities extend far beyond mere testing—the site encouraged all visitors to use the program to launch attacks, not test them.
After making sure that I wasn't downloading a virus, I installed DoSHTTP and started playing around with it. Along with offering customizable options to advanced users, there was also a nice option for beginners like me. After entering a URL, I could initiate an attack by clicking something that said "Start Flood." A flood did follow—war at the touch of a button.
In less than an hour, I had become an Internet soldier. I didn't receive any calls from Kremlin operatives; nor did I have to buy a Web server or modify my computer in any significant way. If what I was doing was cyberwarfare, I have some concerns about the number of child soldiers who may just find it too fun and accessible to resist.
My experiment also might shed some light on why the recent cyberwar has been so hard to pin down and why no group in particular has claimed responsibility. Paranoid that the Kremlin's hand is everywhere, we risk underestimating the great patriotic rage of many ordinary Russians, who, having been fed too much government propaganda in the last few days, are convinced that they need to crash Georgian Web sites. Many Russians undoubtedly went online to learn how to make mischief, as I did. Within an hour, they, too, could become cyberwarriors.