TC, My military buds in Norway remind us of the following:
BTW did anyone of you know that Hotmail, Skype, and Kazaa are Estonian inventions. Report to US Congress on Cyberterrorism
Column from last Economist "Cyberwarfare update."
http://edwardlucas.blogspot.com/2007...re-update.htmlCalled a “distributed denial of service” (DDOS) attack, this at its peak involved more than 1m computers, creating traffic equivalent to 5,000 clicks per second on some targets. Some parts were highly co-ordinated—stopping precisely at midnight, for example. Frank Cilluffo, an expert formerly at the White House, says that the attack's signature suggests that more than one group was at work, with small-time hackers following the initial huge sorties.
TC, My military buds in Norway remind us of the following:
BTW did anyone of you know that Hotmail, Skype, and Kazaa are Estonian inventions. Report to US Congress on Cyberterrorism
29 May NY Times - In Estonia, War Fears Turn to Cyberspace by Mark Lander and John Markoff.
When Estonian authorities began removing a bronze statue of a World War II-era Soviet soldier from a park in this bustling Baltic seaport last month, they expected violent street protests by Estonians of Russian descent.
They also knew from experience that “if there are fights on the street, there are going to be fights on the Internet,” said Hillar Aarelaid, the director of Estonia’s Computer Emergency Response Team. After all, for people here the Internet is almost as vital as running water; it is used routinely to vote, file their taxes, and, with their cellphones, to shop or pay for parking.
What followed was what some here describe as the first war in cyberspace, a monthlong campaign that has forced Estonian authorities to defend their pint-size Baltic nation from a data flood that they say was set off by orders from Russia or ethnic Russian sources in retaliation for the removal of the statue...
Konstantin Goloskokov, Commisaar of the pro Kremilin youth movement and self described Cyber Terrorist said he and a few friends were responsible for one of the attacks against Estonia's internet infrastructure.
In an interview with a Russian newspaper (non-specific), Goloskokov said he had initiated one attack from the separatist Moldovan region of Transnistria and employed botneted computers high jacked in Germany, Hungary and South Korea.
Goloskokov said he could brag abpout his misdeeds because cyber terrorism will not be punished in Transnistria.
http://asert.arbornetworks.com/2007/...-considerable/To put this in perspective, the most crippling of the Estonian attacks had peak rates averaged over a 24 hour period of about 4 Mpps. 4 Mpps is a very large attack, and while less than 1% of the attacks we see exceed the Mpps mark, these attacks are nothing to ignore, pretty much regardless of who you are or what’s motivating an attacker.
http://asert.arbornetworks.com/2007/...mmary-to-date/
Here is 1 essay about nature of cyber war
http://www.schneier.com/blog/archive.../cyberwar.html
Last edited by kaur; 06-05-2007 at 08:40 AM.
On Tuesday evening, the Minister of Defence, Mr. Jaak Aaviksoo, met with his Polish counterpart, Mr. Aleksander Szczygło, in Warsaw. The ministers discussed international operations, air policing and cyber defence during a very friendly and open meeting.
After the meeting, the Polish Defence Minister, who rendered unwavering support to Estonia during the disturbances in April and the subsequent cyber attacks, said, “Estonia is the first example of a situation where the threat was real, not imagined.” He continued by saying that, “ we cannot pretend nothing happened, and NATO must take it very seriously.”More here...Both ministers were of the opinion that the withdrawal of forces from Iraq would be unacceptable in light of the current situation.
While it's important to recognize the importance of defending one's cyber-infrastructure, these attacks were basically anything a 15-year-old with a botnet could put together. From where did the 'state-sponsored' ball get rolling?
Hi AFlynn,
This situation was far more than one expected (at least here). While most would agree that anyone with a botnet could put this together, the situation was much more than just a few teens with botnets.
This link in kaur's post above gets a tad technical, but does a good job of explaining what really took place and to what extent.
Largest attacks we measured: 10 attacks measured at 90 Mbps, lasting upwards of 10 hours. All in all, someone is very, very deliberate in putting the hurt on Estonia, and this kind of thing is only going to get more severe in the coming years.
Links around the net to more information about the attacks:
* Russia accused of unleashing cyberwar to disable Estonia, The Guardian, May 17, 2007.
* Estonian and Russia: A cyber-riot, The Economist, May 10, 2007.
* Massive DDoS attacks target Estonia; Russia accused, Ars Technica, May 14, 2007.
* 9th of May on the F-Secure Weblog. Additional news from them: Update on the Estonian DDoS attacks on April 30, and Unrest in Estonia, published on April 28, 2007.We’ve seen 128 unique DDoS attacks on Estonian websites in the past two weeks through ATLAS. Of these, 115 were ICMP floods, 4 were TCP SYN floods, and 9 were generic traffic floods. Attacks were not distributed uniformly, with some sites seeing more attacks than others
SECDEF Gates Urges NATO Ministers To Defend Against Cyber Attacks
BRUSSELS -- At a meeting of allied defense ministers, U.S. Defense Secretary Robert Gates urged Western nations to begin planning how they would respond to a cyber attack, said a senior defense official. His call to action, issued to his colleagues at a session Thursday, followed an unprecedented cyber assault on Estonia that briefly shut down its electronic banking system earlier this spring.
"but I am sure we will see many more digital skirmishes."
BH Consulting’s Security Watch Blog reports on Botnets - Digital Weapons of Mass Destruction?
What is interesting to note in Estonia’s case is that the Internet itself is their critical infrastructure. Therefore the attackers did not need to target the traditional SCADA systems in order to create havoc to Estonia’s critical infrastructure and its economy.
Despite some claims that these attacks are the first case of Cyber Warfare, this is not necessarily the case;
1. The United States has admitted to using Cyber Warfare in the Kosovo conflict
2. China has been accused of concerted attacks against US government systems, otherwise known as Titan Rain
3. In 2005 the UK NISCC stated that foreign powers are the main cyber threat to the UK’s critical network infrastructure.
4. Regional conflicts such as those between India and Pakistan and the Israeli-Palistinian conflict have also led to online attacks against each other.
Whether or not the attacks were state sponsored or the work of activists, they highlight that Botnets are moving up the food chain from being spam distribution agents and may now be considered Cyber Weapons of Mass Destruction. Will these Botnets become the equivalent of the nuclear deterrent from the Cold War?
Russia 'hired botnets' for Estonia cyber-war
The Russian authorities have been accused of buying time on illegal botnets to launch a denial-of-service attack against Estonia.
The Asymmetric Threats Contingency Alliance (ATCA), which comprises arms groups and financial services companies, claims to have uncovered evidence of alleged collusion between Russia and the botnet owners.
ATCA said that the botnets were rented for only a short period to boost the number of attacking computers to over a million.
'In a sign of their financial resources, there is evidence that [Russia] rented time from trans-national criminal syndicates on botnets', it added.
With both eyes open, something else may be seen behind the veiled curtain, pretending to investigate NASHI and Young Guard.
Security Officials Mull over Censorship on the Net
Authorities must have a legal control over the Internet “to step efforts to fight with extremism,” Russian Deputy Prosecutor General Ivan Sydoruk said Thursday in yet another piece of criticism from the silovikis of slack oversight of the net. Human rights activities say that any state control over the Internet will create persecuted “cyberdissidents.” IT specialists argue that censorship in the Internet is next to impossible.
“The Internet is often a place for circulating extremist leaning information,” Ivan Sydoruk told a police conference in Rostov-on-Don on Thursday. “We need to work out an effective system to control the data released there in line with law.”
In another recent anti-Internet statement, Federal Security Service Director Nikolay Partushev called for strict control over the net. “There are currently 5,000 web-site run by extremist organizations and movements,” he said on June 5.
From the Moscow Times regarding Estonian President Ilves's visit with President Bush in Washington
WASHINGTON -- U.S. President George W. Bush, acknowledging he could stand to "learn a lot" about cyber-security, expressed concern Monday over the high-tech hacking that crippled computer systems in Estonia.
Bush praised Estonia's president, Toomas Hendrik Ilves, for sharing information on how to deal with such security breaches.
Estonia suffered cyber attacks against its government and corporate web sites at the hands of Russian hackers last month, in what it says was retribution in a dispute with Moscow over the relocation of a Red Army statue in downtown Tallinn.
The Russian government has denied involvement.
Bush stayed away from the touchy matter, instead focusing on the lesson of vulnerability for the United States.
"Thank you for your clear understanding of the dangers that imposes not only on your country, but mine and others as well," Bush told Ilves after a meeting at the White House.
Bush praised Estonia for contributing troops to the U.S.-led wars in Iraq and Afghanistan. He briefly noted the latest suicide bombing in Baghdad on Monday, which killed at least 12 people, including a U.S.-allied tribal sheik.
"All the more reason, Mr. President, for us to remain firm and strong as we stand for this young democracy," Bush told Ilves.
Ilves thanked the United States for standing by his country's quest for independence "even in the darkest of times."
A very interesting article regarding Estonia's cyber wars and potential to Establish a NATO center for excellence, recently approved by the POTUS and SECDEF Gates.
Tallinn - For a top-secret military base, Estonia's centre for cyber-defence looks remarkably like a genteel university. Chairs stand in neat rows in the classrooms, facing blackboards covered in arcane symbols. Vast orange armchairs ring the common room, and in one corner a coffee machine splutters belligerently.
The scene is as far from any fictional secret bunker as could be imagined, but it is a battlefield nonetheless - and one where Estonia (population 1.34 million) punches well above its weight.
"Today, Estonia is an opinion leader. People are looking for answers to cyber threats, and they have started to ask for our advice; we now have to do a lot of work to move from being an opinion leader to being a leader in the field," Tammet said.
"Cyber Attacks Engulf Kremlin's Critics"
http://www.washingtonpost.com/wp-dyn...070100009.htmlA political battle is raging in Russian cyberspace. Opposition parties and independent media say murky forces have committed vast resources to hacking and crippling their Web sites in attacks similar to those that hit tech-savvy Estonia as the Baltic nation sparred with Russia over a Soviet war memorial.
From International Herald Tribune and AP:
Estonia's government on Thursday called for an international convention on combatting computer-based attacks like those directed against the Baltic state in late April-early May.
Global ratification of the convention would establish "a strong legal basis to fight cyber crimes," the Economic Affairs Ministry said in a statement.
Signatory countries would cooperate in preventing computer-related crimes and tracking down organizers of cyber attacks.
The Estonian government also approved a number of measures to bolster the country's defenses against such cyber attacks in the future. In the words of Estonian ministers, future attacks "could be directed against the confidentiality of information systems and integrity of data."
The European Union and NATO, of which both Estonia is a member since 2004, expressed their concern about the cyber war waged against the Baltic country.
Apparently Estonia's recent bout with DDoS was a much larger problem than most thought.
LAS VEGAS: The threat of online data theft is becoming worse as criminals grow increasingly sophisticated at pilfering information from companies, government agencies and consumers, a former White House security adviser said Wednesday.
Influencing much of the discussion at the Black Hat and Defcon conventions are two major computer attacks this year — a well-coordinated strike on the Baltic state of Estonia that crippled the Web sites of banks, media outlets and government agencies, and a data breach at the parent company of T.J. Maxx and Marshalls stores that exposed at least 45 million credit and debit cards to potential fraud.
Hi Kaur and Stan,
I'm working on a paper right now that is using the cyberwar in Estonia as a case study. I'm having some difficulty finding out which specific sites where attacked and what the exact timeline was. Any information you may have and would be willing to share would be appreciated.
Thanks,
Marc
Sic Bisquitus Disintegrat...
Marc W.D. Tyrrell, Ph.D.
Institute of Interdisciplinary Studies,
Senior Research Fellow,
The Canadian Centre for Intelligence and Security Studies, NPSIA
Carleton University
http://marctyrrell.com/
Hey Marc !
The only list I've seen to date is from Arbornetworks:
Later Estonia's major banks took hits:Attacks Destination Address or owner
35 “195.80.105.107/32″ www.pol.ee
7 “195.80.106.72/32″ www.riigikogu.ee
36 “195.80.109.158/32″ www.riik.ee, www.peaminister.ee, www.valitsus.ee
2 “195.80.124.53/32″ m53.envir.ee
2 “213.184.49.171/32″ www.sm.ee
6 “213.184.49.194/32″ www.agri.ee
4 “213.184.50.6/32″
35 “213.184.50.69/32″ www.fin.ee
1 “62.65.192.24/32″
www.hansa.ee
www.nordea.ee
www.seb.ee
If you need something more, let me know.
Regards, Stan
Computerworld's recent article from Black Hat: "Estonia attacks an example of online rioting. There are lessons for companies that must deal with large-scale Web attacks."
A series of online attacks that seriously disrupted Web sites belonging to several banking and government organizations in Estonia earlier this year may have been perpetrated by a loosely organized, politically motivated online mob, a security researcher suggested today at the Black Hat 2007 conference.
The attacks hold several lessons about how large-scale Internet attacks can unfold and the responses that may be needed to deal with them, said Gadi Evron, security evangelist for Israel-based Beyond Security. "The use of the Internet to create an online mob has proven itself and will likely receive more attention in the future," following the Estonia attacks, said Evron, who wrote a postmortem report on the incident for the Estonian CERT.
Initial media reports suggested that the denial-of-service (DoS) attacks may have been organized by the Russian government in retaliation for Estonia's decision to move the statue. The reality, however, is that the attacks were carried on by an unknown number of Russian individuals with active support from security-savvy people in the Russian blogosphere, Evron said.
Many Russian-language blogs offered simple and detailed instructions to their readers on how to overload Estonian Web sites using "ping" commands, for instance, Evron said. The bloggers also kept updating their advice as Estonian incident responders started defending against the initial attacks.
TALLINN, Estonia: Estonia has issued a European arrest warrant for a Russian citizen accused of calling for the overthrow of the Baltic country's government via the Internet.
A 23-year-old Moscow resident identified only as Aleksei was charged with "inciting the violent disruption of Estonian independence" in late April.
Estonian state prosecution spokeswoman Kristiina Herodes said prosecutors were forced to seek the European arrest warrant, after Russian authorities refused assistance in bringing Aleksei to trial in Estonia.
Authorities allege he spread Internet messages on April 28 calling ethnic Russians living in Estonia to join a violent coup d'etat — under the banner of the "Russian Resistance Army" — and topple Estonia's government.
A joint group of Estonian authorities, including security police and Internet experts, were able to track down the man with the help of IP addresses and his home Web page, Herodes said.
Bookmarks