As Russian and Georgian troops fight on the ground, there's a parallel war happening in cyberspace. In recent weeks, Georgia's government Web sites have been besieged by denial-of-service attacks and acts of vandalism. Just like in traditional warfare, there's a lot of confusion about what's going on in this technological battle—nobody seems to know whether this is a centralized Russian attack, the work of a loose band of hackers, or something else. Having read so many contradicting accounts, I knew that the only reliable way to find out what was really happening was to enlist in the Russian digital army myself.
Don't get me wrong: My geopolitical sympathies, if anything, lie with Moscow's counterparts. Nor do I see myself as an Internet-savvy Rambo character. I had a much simpler research objective: to test how much damage someone like me, who is quite aloof from the Kremlin physically and politically, could inflict upon Georgia's Web infrastructure, acting entirely on my own and using only a laptop and an Internet connection. If I succeeded, that would somewhat contradict the widely shared assumption—at least in most of the Western media—that the Kremlin is managing this cyberwarfare in a centralized fashion. My mission, if successful, would show that the field is open to anyone with a grudge against Georgia, regardless of their exact relationship with state authorities.
Not knowing exactly how to sign up for a cyberwar, I started with an extensive survey of the Russian blogosphere. My first anonymous mentor, as I learned from this blog post, became frustrated with the complexity of other cyberwarfare techniques used in this campaign and developed a simpler and lighter "for dummies" alternative. All I needed to do was to save a copy of a certain Web page to my hard drive and then open it in my browser. I was warned that the page wouldn't work with Internet Explorer but did well with Firefox and Opera. (Get with the program, Microsoft!) Once accessed, the page would load thumbnailed versions of a dozen key Georgian Web sites in a single window. All I had to do was set the page to automatically update every three to five seconds. Voilà: My browser was now sending thousands of queries to the most important Georgian sites, helping to overload them, and it had taken me only two to three minutes to set up.
But now I knew that there must be other more sophisticated options out there. After some more investigation, I unearthed two alternatives, one creative and one emotional.
The creative option was to write my own simple program. Although my experience with software development is nonexistent, the instructions looked manageable. All I had to do was create a blank text file, copy and paste the URLs of any Web sites that I wanted to attack, specify how many times these sites should be pinged, and copy and paste a few lines of code from the original instructions. The last bit was to rename it with a .BAT extension, instantly converting it into a file that Windows recognizes as an executable program.
My e-Molotov cocktail was ready to go. I just had to double-click the file, and all those sites that I listed would be inundated with requests. The original blog post also encouraged me to run my program at certain times of the day to coincide with attacks launched by others, thus multiplying their effectiveness.