Inside Cyber Warfare by Jeffrey Carr

This book exists because of an open source intelligence (OSINT) experiment that I launched on August 22, 2008, named Project Grey Goose (Figure 1). On August 8, 2008, while the world was tuning in to the Beijing Olympics, elements of the Russian Federation (RF) Armed Forces invaded the nation of Georgia in a purported self-defense action against Georgian aggression. What made this interesting to me was the fact that a cyber component preceded the invasion by a few weeks, and then a second, much larger wave of cyber attacks was launched against Georgian government websites within 24 hours of the invasion date. These cyber attacks gave the appearance of being entirely spontaneous, an act of support by Russian “hacktivists” who were not part of the RF military. Other bloggers and press reports supported that view, and pointed to the Estonian cyber attacks in 2007 as an example. In fact, that was not only untrue, but it demonstrated such shallow historical analysis of comparable events that I found myself becoming more and more intrigued by the pattern that was emerging. There were at least four other examples of cyber attacks timed with RF military actions dating back to 2002. Why wasn’t anyone exploring that, I wondered?

Figure 1. The official logo of Project Grey Goose

I began posting what I discovered to my blog IntelFusion.net, and eventually it caught the attention of a forward deployed intelligence analyst working at one of the three-letter agencies. By “forward deployed” I refer to those analysts who are under contract to private firms but working inside the agencies. In this case, his employer was Palantir Technologies. “Adam” (not his real name) had been a long-time subscriber to my blog and was as interested in the goings-on in Georgia as I was. He offered me the free use of the Palantir analytic platform for my analysis.

After several emails and a bunch of questions on my part, along with my growing frustration at the overall coverage of what was being played out in real time in the North Caucasus, I flashed on a solution. What would happen if I could engage some of the best people inside and outside of government to work on this issue without any restrictions, department politics, or bureaucratic red tape? Provide some basic guidance, a collaborate work space, and an analytic platform, and let experienced professionals do what they do best? I loved the idea. Adam loved it. His boss loved it.

On August 22, 2008, I announced via my blog and Twitter an open call for volunteers for an OSINT experiment that I had named Project Grey Goose. Prospective volunteers were asked to show their interest by following a temporary Twitter alias that I had created just for this enrollment. Within 24 hours, I had almost 100 respondents consisting of college students, software engineers, active duty military officers, intelligence analysts, members of law enforcement, hackers, and a small percentage of Internet-created personas who seemed to have been invented just to see if they could get in (they didn’t). It was an astounding display of interest, and it took a week for a few colleagues and I to make the selections. We settled on 15 people, Palantir provided us with some training on their platform, and the project was underway. Our Phase I report was produced about 45 days later. A follow-up report was produced in April 2009. This book pulls from some of the data that we collected and reported on, plus it contains quite a bit of new data that has not been published before.

A lot has happened between April 2009 and September 2009, when the bulk of my writing for this book was done. As more and more data is moved to the Cloud and the popularity of social networks continues to grow, the accompanying risks of espionage and adversary targeting grow as well. While our increasingly connected world does manage to break down barriers and increase cross border friendships and new understandings, the same geopolitical politics and national self interests that breed conflicts and wars remain. Conflict continues to be an extension of political will, and now conflict has a new domain upon which its many forms can engage (espionage, terrorism, attacks, extortion, disruption).

This book attempts to cover a very broad topic with sufficient depth to be informative and interesting without becoming too technically challenging. In fact, there is no shortage of technical books written about hackers, Internet architecture, website vulnerabilities, traffic routing, etc. My goal with this book is to demonstrate how much more there is to know about a cyber attack than simply what comprises its payload.

Welcome to the new world of cyber warfare.

The following typographical conventions are used in this book:

This book is here to help you get your job done. In general, you may use the code in this book in your programs and documentation. You do not need to contact us for permission unless you’re reproducing a significant portion of the code. For example, writing a program that uses several chunks of code from this book does not require permission. Selling or distributing a CD-ROM of examples from O’Reilly books does require permission. Answering a question by citing this book and quoting example code does not require permission. Incorporating a significant amount of example code from this book into your product’s documentation does require permission.

We appreciate, but do not require, attribution. An attribution usually includes the title, author, publisher, and ISBN. For example: “Inside Cyber Warfare, by Jeffrey Carr. Copyright 2010 Jeffrey Carr, 978-0-596-80215-8.”

If you feel your use of code examples falls outside fair use or the permission given here, feel free to contact us at permissions@oreilly.com.

Please address comments and questions concerning this book to the publisher:

We have a web page for this book, where we list errata, examples, and any additional information. You can access this page at:

To comment or ask technical questions about this book, send email to the following, quoting the book’s ISBN number (9780596802158):

To contact the author and obtain information about GreyLogic and Project Grey Goose, visit the website at:

For more information about our books, conferences, Resource Centers, and the O’Reilly Network, see our website at:

With a subscription, you can read any page and watch any video from our library online. Read books on your cell phone and mobile devices. Access new titles before they are available for print, and get exclusive access to manuscripts in development and post feedback for the authors. Copy and paste code samples, organize your favorites, download chapters, bookmark key sections, create notes, print out pages, and benefit from tons of other time-saving features.

O’Reilly Media has uploaded this book to the Safari Books Online service. To have full digital access to this book and others on similar topics from O’Reilly and other publishers, sign up for free at http://my.safaribooksonline.com.

Many people have contributed to moving this book from the idea stage to a finished product and I cannot possibly identify and thank all of them individually so I’d like to take this opportunity to thank all of my colleagues at Project Grey Goose (including Alex, Shyam, Shreyas, and Will at Palantir Technologies), as well as the wonderful production and editing team at O’Reilly Media.

A few individuals have extended themselves beyond the call of duty and deserve special mention: Mike Loukides, Nitesh Dhanjani, Billy Rios, Lt. Col. Mark Coffin (USA), Lt. Cdr. Matt Sklerov (USN), and Lewis Shepherd. Also in this group are a few individuals who prefer to work without acknowledgment and as much as I’d love to thank you publicly, I respect your wishes in this matter.

Finally and most importantly, I want to thank my beautiful and talented wife, Lilly, whose love and support has kept me sane, focused, and happy during the writing of this book and the greater adventure of launching a new consultancy (Greylogic).