Quote Originally Posted by marct View Post
Hi Stan,

Okay, I'll bite - can we get more information on him? Seriously, this is ringing off all sorts of pattern recognition bells in my mind. In particular, what forums was he posting on and who else goes there. Is this a parallel to how AQ recruits?

Marc
I have no idea if this is how the AQ recruits. Estonian LE are calling him a criminal and little more. This is about all I could find from various info sources and the translations were 'quick and dirty'

Summation:
The attacks entailed a broad array of techniques, which started with mere spamming posts to later well-coordinated DDoS attacks against the government’s IT systems. The cyber attacks were coordinated in Russian over the internet from computer networks and servers in Russia. Detailed instructions on how to act included topics about the nature and execution of attacks, as well as information about potential targets and attack timing.

Very basic instructions were disseminated on websites, in forums, and in chat spaces, precluding the user’s need for any knowledge or skills. The first attack took place on 27 April following the first night of rioting and was fairly simple. The portrait of the Prime Minister was defaced on the home page of the Reform Party (the PM with Hitler’s mustache) and initial DDoS attacks against Estonian government organizations. Some were successful, but normal operations were quickly restored.

Dmitri’s Role:
On the 28th however, serious attacks were being urged to forum members living in Estonia against Estonian web pages from addresses http://2ch.ru and http://forum.xaker.ru. Discussions were also taking place about how to finance the rental of server farms and botnets for a massive attack - A Trojan Horse application - needed to hijack computers. More than 1,500 users logged onto their chat lines and awaited instructions from the botnet. It is widely believed that, a Russian criminal gang rented the botnet in order to launch these attacks against Estonia.

Simultaneous orders to attack were being disseminated via the internet. Although the vast majority were primitive, they were effective for the purposes of creating chaos and confusion. The attacks were also discussed and coordinated in IRC environments. Consequently, there was a large incremental increase in spontaneous attacks carried out by individuals. On the 30th a number of very complex and sophisticated attacks were launched.

The attackers were able to dedicate substantial resources indicative of a well organized and financed enemy. By this time, the Estonian authorities had blocked the majority of internet traffic from ‘dot RU’ IP address extensions, as well as from many other foreign IPs. Somewhat later in the day the brunt of the attack shifted to the DNS system. Now seemingly human-friendly website names were utilized with the obvious intent of putting the entire DNS system out of commission, and cripple Estonia’s internet.

During the first week of May, some of these attacks were able to achieve temporary success against telecommunications companies providing internet services and Estonian media publications. The attackers covered their tracks by using global bot networks (not all located in Russia), proxy servers in third countries, and by distorting their IP addresses.
At least they're seeking help !


Estonia to discuss cyber-attacks with NATO, EU

Estonia is to raise the issue of how to handle cyber-attacks against state computer systems in meetings with partner member states of the NATO military alliance and European Union, officials said Friday.

"If the ports of a NATO member country are under attack, it is considered an attack against the whole of NATO, and the military alliance comes to help," Defence Minister Jaak Aaviksoo said.
Regards, Stan