Is Cyber a new warfare? Debate (catch all)

[marct]

Not directly Estonian, but definitely related.

Malware from Russia with Love on Its Way to You

Security vendors think 400 pieces of malware residing on Russian
servers may be headed here as part of a concerted attack. Of course,
just as this attack is sighted, people are talking about ways to render
the firewall useless while others are saying it's time to rethink the whole
firewall concept. And if that's not enough to tie your stomach in knots,
Consumer Reports says cybercrime has cost more than $7 billion over
the past two years.

http://ct.enews.eweek.com/rd/cts?d=1...771819-0-0-0-1

The Good, the Bad, the Net Neutrality Detector
http://ct.enews.eweek.com/rd/cts?d=1...771822-0-0-0-1

Now Might be a Good Time to Fire Your Firewall
http://ct.enews.eweek.com/rd/cts?d=1...772008-0-0-0-1

Survey: Cost of CyberCrime Reaches $7B
http://ct.enews.eweek.com/rd/cts?d=1...771828-0-0-0-1

[Stan]

Hey Marc,
In fact, what you posted is indeed Estonia related. I've lost count, but managed to capture some of the IPs for our IT wizards.

The F Secure and Norton anti-virus programs we use indicate the same Russian-based IPs nearly every day, even on my home PC.

Security professionals and analysts said they were not surprised by the figures.

"Recent statistics indicate that one in every 10 Web sites is infected with malware," said Forrester Research analyst Chenxi Wang. "Therefore it is highly likely that an unsuspecting Web consumer—one that does not have adequate protection in place—would encounter a malware hosting Web site browsing the Internet."

[kaur]

Wired magazine writes about cyber attacks.

http://www.wired.com/politics/securi...-09/ff_estonia
http://blog.wired.com/27bstroke6/200...war-and-e.html

[Stan]

TALLINN (AFP) — "Tech-savvy Baltic state Estonia is to open an embassy in the Internet fantasy world Second Life, joining the likes of Sweden and the Maldives, the foreign ministry said Friday."

embassy will be located in the Second Life website, that has nearly 10 million registered users and already hosts a virtual site of Sweden," Marten Kokk, deputy chancellor at the ministry, told AFP.

Second Life is a commercial online virtual world in which people -- and animals -- are represented by animated avatars and can do everything from social activities to shopping.

It has pulled in more than 9.2 million users since it was set up in 2003 by San Francisco-based Linden Labs.

Second Life and other virtual worlds are drawing a growing number of shops and companies that use them as a marketing vehicle, and professionals such as architects.

"The virtual embassy will not offer services like visa granting via the Internet, it's technically too complicated," said Kokk.

"But we will include the links to the sites of the foreign ministry where all relevant info for visa applicants and other consular services will be located, as well as a vast list of info about political, economic and cultural life."

The virtual embassy will be launched on November 11, marking the anniversary of the foreign ministry's establishment in 1918 when Estonia became fully independent.

The creation of the embassy will cost around 6,000 euros (8,200 dollars) and the ministry has already purchased some virtual land on Second Life for the project.

Kokk said that despite being a virtual embassy, "very real diplomats behind their desks" would be involved.

With relatively limited resources for its 29 missions around the world, the ministry hopes the virtual embassy will provide information on Estonia to countries where it has no diplomatic representation.

"The virtual embassy of Estonia will also have rooms, where we will arrange press conferences, lectures and exhibitions," Kokk explained.

Estonia, which is among the smallest EU countries with a population of 1.3 million, has been a pioneer of new technologies since it regained its independence from the former Soviet Union in 1991.

In March, it held the world's first parliamentary election in which voters could cast ballots online.

[Stan]

TALLINN - With 'cyber attacks' becoming an increasingly common phenomenon, Estonian lawmakers are considering amendments to the penal code that would put such online offenses on a par with terrorism.

A computer attack would become an act of terrorism when committed with the same aims as a conventional act of terrorism. Under existing law, crimes of terror are crimes whose goal is to seriously upset or destroy the country's political, constitutional, economic or social order.

Crimes of terrorism are punishable by between 5 years and life (25 years) in jail.

The Estonian Ministry of Justice began drafting the amendments after the cyber attacks that targeted Estonia's government agencies, major banks and newspapers in April and May. The current laws deal with computer crime as something that has personal or financial gain as the final aim, which was not the case with the spring attacks against Estonia's IT infrastructure.

Sentences for other computer-related crimes are already being extended. After the amendments take effect it will be possible to punish hackers with a maximum three years in jail instead of the present one year. For computer fraud and spreading computer viruses caught on a repeat offense or after causing extensive damage the maximum punishment will be five years.

The ministry wishes to add to the penal code an article dealing with the preparation to commit a cyber offense, which would deal with cases when hackers make, use or disseminate a computer network element, program, password or code for the purpose of committing a cyber offense.

The bill is based on the Council of Europe convention against cyber crimes.

[Stan]

During his D.C.and NY visits, Estonian President Ilves addressed the UN emphasizing the need for a comprehensive cyberspace law.

From the U.N. News Centre

“Cyber attacks are a clear example of contemporary asymmetrical threats to security,” he said at the annual high-level debate. “They make it possible to paralyze a society, with limited means, and at a distance. In the future, cyber attacks may in the hands of criminals or terrorists become a considerably more widespread and dangerous weapon than they are at present.”

The President said the threat posed by cyber attacks was often underestimated because they have so far not resulted in the loss of any lives and many attacks are not publicized for security reasons.

He called for cyber crimes to be defined internationally and generally condemned in the way that terrorism or human trafficking is denounced.

“Fighting against cyber warfare is in the interests of us all without exception,” Mr. Ilves said, calling on all countries to accede to the Convention on Cyber Crime of the Council of Europe. The pact is also open for accession to non-members of the Council of Europe.

The President welcomed the launch of the Global Cybersecurity Agenda of the International Telecommunication Union (ITU), and said the UN should serve as the “neutral and legitimate forum” for the eventual creation of a globally negotiated and comprehensive law of cyberspace.

[kaur]

Countries must, however, do more than recognize cyberspace as a new battleground. They also need to know when and how they can deploy weapons. What are the rules of cyberwar?

For more than a century, nations have devised rules of international law, such as the Geneva Convention, which seek to avoid war or minimize human suffering when conflicts occur. And as new technologies emerge, nations have weighed whether to draft new rules, such as treaties restricting biological, chemical and laser weapons.

http://www.latimes.com/news/printedi...a-news-comment

[kaur]

The first attacks coincided with the removal of a bronze statue of a World-War II era Soviet soldier from the town square in the capital city of Tallin. Estonia blamed the computer attacks on the Russian government.

The “worldwide community helped to protect them” and contain the situation, Ritchey says. The Defense Department sent a team of officials from DHS, FBI and the Secret Service to assist, says Dixson. The team is still analyzing the vast amount of information and will “try to learn something from this.”

http://www.nationaldefensemagazine.o...berAttacks.htm

[Stan]

Speaking to ZDNet at the RSA Conference Europe 2007 in London, Mikhel Tammet, director of the Estonian communication and information technology department, said he believes forces within the Russian government may have initiated and sponsored attacks against his country's critical national infrastructure earlier this year.

Tammet added that, while it was not possible to put a face to the attackers nor to prove any direct connection to the Russian authorities, all previous attacks with a political aim emanating from Russia had their roots in government action.

"It's been that way in Russia for centuries," said Tammet. "The attack was 50 percent emotions, 50 percent something else, but we can't define what that something is. There was an organisation behind it, but we can't [definitively] say if it's the government or criminals, or both."

[Stan]

From Defense World and the Estonian Embassy in DC:

The United States of America has expressed its intention to participate in the work of the proposed NATO Centre of Excellence on Cooperative Cyber Defence, to be established in Estonia.

The Deputy Undersecretary of the US Navy, Marshall Billingslea, informed the Ministry of Defence of the Republic of Estonia in a letter that the USA considers it important to work with Estonia on cyber issues. Marshall Billingslea's letter stated that the US Navy would send one of its top cyber defence experts to the NATO Centre of Excellence on Cooperative Cyber Defence in Estonia. Marshall Billingslea also mentioned that he was exceedingly pleased to tell that the Department of the Navy would like to work with Estonia on cyber issues.

In the view of the Minister of Defence of the Republic of Estonia, Mr. Jaak Aaviksoo, the only way to combat new security threats such as cyber attacks is through close co-operation. Together with Germany and Spain, which have joined Estonia with the NATO Centre of Excellence on Cooperative Cyber Defence, the support of the USA is not only proof of the strong alliance between our countries but also a crystal clear message of divided threat awareness.

Source: Estonian Ministry of Defence, 10/22/2007

[Stan]

During an 8 November meeting between Estonian Minister of Defense Jaak Aaviksoo and Swedish Minister of Defense Sten Tolgfors, cooperation between the European Union and NATO, the future and reforms of the NATO Response Forces (NRF) and current military operations were discussed.

The ministers also dealt with issues of cyber security. Both parties stressed that international co-operation, especially between international information security networks, is very important due to the lack of boundaries between networks. A good example of such co-operation is the assistance of Swedish experts in the successful deterring of co-ordinated cyber attacks aimed at Estonia last spring, and the exchange of experiences with Swedish experts for the development of Estonia’s cyber security strategy.

Mr. Aaviksoo also visited the Swedish Emergency Management Agency (SEMA) as part of his visit; one function of SEMA is to co-ordinate the activities of different institutions in the sphere of cyber security.

[Stan]

Source: Estonian Ministry of Foreign Affairs, Published Monday, 5 November, 2007

The United Nations Disarmament and International Security Committee in New York accepted a resolution on Thursday, 1 November, which addresses developments in the fields of information technology and telecommunication in the context of international security.

The resolution expresses concern that the security of states can be compromised by means of information or telecommunication technology.

The European Union Presidency Portugal made a statement upon the approval of the resolution in which they highlighted potential threats to cyber security, which can originate from organized criminals, terrorists, or co-ordinated attacks by individuals influenced by political propaganda.

According to Estonian ambassador to the UN Tiina Intelmann, the Presidency’s speech was largely motivated by the cyber attacks on Estonian government establishment, media and bank web pages in the spring. “What occurred in Estonia could happen to some other nation at any time,” Intelmann noted.

Intelmann added that one possibility for combating malicious or illegal use of information technology would be to declare such actions criminal. “For this, an international legal framework must be created,” said Intelmann.

Intelmann confirmed that both Estonia and the EU have called upon all UN member nations to join the Council of Europe’s Convention on Cybercrime, which came into effect in 2004 and was initiated by Estonia, among other nations.

On the basis of the resolution, a group of government experts will be formed in 2009. The group will be responsible for researching both existing and potential threats to information safety, and to make proposals as to how preventive measures could be taken.

[kaur]

... a reappraisal of the DDoS attacks on Estonia in May this year is used to support this position. In the immediate aftermath of that incident experts reckoned that the attacks were the cumulative effects of uncoordinated action by small groups of nationalists. However, McAfee now suggests in this report that there are signs that the attacks might indeed have been more organised. In the opinion of Ms Yael Shahar, International Institute for Counter-Terrorism, Israel, “The whole sequence of events (in Estonia) looked a lot like the sort of thing a government would do in order to check how much it could get away with.”

http://www.heise-security.co.uk/news/99767

Estonia has comparatively robust cyber defence systems. A similar attack on the UK might have more serious consequences, says the report, commissioned by McAfee.

http://www.computeractive.co.uk/comp...-cyber-3681820

[Stan]

CYBERSPACE: A NEW SECURITY DIMENSION AT OUR FINGERTIPS

CSIS, 28 NOV 07, Speaker Jaak Aaviksoo, Estonian MOD

...first of all, I’m Stephen Flanagan, senior vice president here at the Center for Strategic and International Studies. ...we’re delighted to welcome the minister of defense of the Republic of Estonia, Mr. Jaak Aaviksoo, to address us on an important and critical issue confronting not only Western, but global security.

It is imminent I think that the future developments will see conflicts, attacks, if you like wars in this newly born cyberspace.

The imaginary cyberspace has essentially no borders. As it was born, it was global. It was not only global in the sense of having no borders, but it introduced also unparalleled anonymity. As by now little legal – both national as well as international – legislation, and it’s an essentially dimension which requires modest financial means to be visible and present in that space. That basically means that it’s fundamentally asymmetric.

[Stan]

Whether it was cyber war or hactivism, the Estonian incident shows the devastation that a politically motivated network attack can have on government and commercial networks.

How close is World War 3.0?

...the targets and the inferred motivation were geo-political rather than economic or a simple grudge. That suggests we have turned a corner.

There are only two other known network attacks that were as devastating as the Estonian incident and have been called cyber warfare. One, dubbed [Titan Rain] by the U.S. government, took place in 2003 and involved Chinese military attacks on networks run by Lockheed Martin, Sandia National Laboratories, Redstone Arsenal and NASA. The other incident, which the U.S. government refers to as [Moonlight Maze], occurred in 1999 and involved Russian attacks on classified military information.

Lessons learned from Estonia

The packet floods used in the Estonian DoS attacks were not new. What was unusual about these attacks was the duration and the disruption they caused, experts say.

"The size and scale of these attacks in terms of the bandwidth and packets per second is in the middle in terms of what we have seen for these kinds of attacks," Nazario says. "But they lasted for weeks, not hours or days, which is much longer than we've seen for most of these attacks in the past."

...what's important for U.S. companies to learn about the Estonian incident is how much damage a small number of people with resources can do.

Sidebar: Five things Estonia did right in battling hacktivism

Here's what worked in Estonia to battle the [recent denial-of-service attacks]:

1. Admitting what's going on. The Estonian government didn't deny or try to hide the attacks. Because the attacks were globally sourced, ISPs that provide transit to Estonia could see that something was wrong. The Estonian government was wise not to try to deny the attack as a sign of weakness or cover it up as an embarrassment.

2. Asking for help. The Estonian Computer Emergency Response Team reached out to its peers in the North Atlantic Treaty Organization (NATO) and the service provider community to help it stop the flood of traffic before it hit their networks.

3. Rapid response. Experts converged upon Estonia to assist government officials and network service providers with attack analysis so they could start blocking traffic farther upstream.

4. ISP cooperation. Service providers worked together to help mitigate the attacks. Using such forums as the North American Network Operators' Group, ISPs have existing relationships that are useful when [denial-of-service] and other attacks occur.

5. State-of-the-art network-filtering techniques. [Vendors] including Arbor Networks and [Cisco] deployed high-speed gear to filter out selective types of traffic at line rates to minimize the DoS attacks. This gear helped keep targeted Web sites running.

[kaur]

While many consider the three week attack on Estonia a non-event, others point to it as a sign of things to come.

http://www.defensetech.org/archives/....html#comments

[Stan]

Good point, Kaur !

I think the Kyrgyz Republic generally knows who hacked their election web site. With over a million Russian troops and Russian control over most of the mass media, this appears to have been an opportune time to take a jab at Estonia and stymie Kyrgyzstan’s election process.

Nice link !

Looking forward to having some brews together this week M1 from Sweden may even join us !
Regards, Stan

[Stan]

Just ask the hackers...

Estonia is getting a reputation for being security savvy.

Not content with being the plucky underdog that punches above its weight, Estonia has been committed for several years to nurturing state-of-the-art online technologies that are used in politics, banking, security, and other sectors.

“Cyber-security is a new measure of security, which must be actively engaged in both on the domestic and international level,” Ansip said in Washington.

So highly regarded is Estonia’s online technology and security savvy that NATO’s new cyber-warfare center will be based there.

So strong now is Estonia’s reputation in the field that some countries already are trying to poach leading figures in cyber-security development. Hillar Aarelaid, head of the national CERT program, said he has received several lures from overseas, including an “exotic” bid from Singapore.

[selil]

I actually wrote an article awhile back about cyber-super-powers. The Canary Islands and other high level banking and financial locations were ripe to become power houses of computer security. And the likely targets. The supposition in the article was that being a fortress was not power. The follow on thesis was when these little tiny countries start projecting that power and using it to decide who gets what or gets done by what. Now that is real power. A friend reading the article said I had come up with the Soup Nazi (Seinfield reference) Theory of cyber warfare.

[Stan]

Hey Sam !

I actually wrote an article awhile back about cyber-super-powers. The Canary Islands and other high level banking and financial locations were ripe to become power houses of computer security. And the likely targets. The supposition in the article was that being a fortress was not power. The follow on thesis was when these little tiny countries start projecting that power and using it to decide who gets what or gets done by what. Now that is real power. A friend reading the article said I had come up with the Soup Nazi (Seinfield reference) Theory of cyber warfare.

I've been spending too much time at your blog reading about biker chicks (ahem) bikers and didn't see the posts on cyber superpowers

During my recent trip to Tenerife there were some Estonian IT guys at our hotel, and I recall one morning hearing them talk about the relatively stone-age state of IT in the Canaries.

Would you shoot me the link to your article please ?

Regards, Stan