SMALL WARS COUNCIL
Go Back   Small Wars Council > Small Wars Participants & Stakeholders > Media, Information & Cyber Warriors

Media, Information & Cyber Warriors Getting the story, dealing with those who do, and operating in the information & cyber domains. Not the news itself, that's here.

Closed Thread
 
Thread Tools Display Modes
Old 05-05-2007   #1
kaur
Council Member
 
Join Date: Aug 2006
Posts: 1,007
Default Is Cyber a new warfare? Debate (catch all)

marct, you are correct. This was DDoS (Distributed Denial of Service) attack. If I remember correctly couple months ago there was info that US military established some kind of cyberroom protection command. I hope that NATO transformation command will keep eye on this issue. I thought yesterday morning that it's just internet that is not working, my gsm is ok. Then I remebered that 1 or 2 years ago there was mobile phone virus attack during Helsinki sports competition. 1 criminal just launched signal that spred like virus among people that had internet connection in their phones. This is the way we are going now. You don't have to bomb your enemy's infrastructure to influence his will. Maybe I'm underestimateing people and in the end we all like to live like Tyler dremt in "Fight Club", we all need just pair of leather pants to walk in this life

PS. Estonian ambassador left Moscow. This was just postive move by Estonia to help Russian elite to save their face after EU and NATO told them back off. You just can't tell kids, "Hey, this is enough. Go home!" Instead they said "Good job. You accomplished your mission!" Interesting is also this that Russian Duma delegation that visited Estonia were satisfied wiht things they saw in Estonia (statue was ok, police acted according to law etc). They couldn't say this after arriving to Moscow on Tuesday. Thay said this only after Kremlin told youth movements "Go home." on Thursday afternoon.

Here is BBC story about Nashi with Surkov's comment.
Quote:
"But of course we contact and support those who support us."
http://news.bbc.co.uk/2/hi/europe/6624549.stm

Last edited by kaur; 05-05-2007 at 01:38 PM.
kaur is offline  
Old 05-05-2007   #2
Stan
Council Member
 
Stan's Avatar
 
Join Date: Dec 2006
Location: Estonia
Posts: 3,817
Default

Thanks for the detailed post, Kaur !

Quote:
A good case in point is the script kiddies cyber attack - am I right in assuming it was a Denial Of Service (DOS) attack? If so, the scripts for that type of attack are readily available to any 10 year old - you don't even have to go to the dark net to get them . The question now is how are the service providers (and government) responding? What sort of IO campaign is Estonia going to put together for the international community? What sort of help are they asking for from NATO and the EU?
Hi Marc ! I translated the questionable link from last night and pasted it on the post. Sorry 'bout that ! You know, there are approx. 15,000 Estonians in Canada. Would it be fair to say you don't know any of them ?

Anyway, my 2 cents:

The Ministry gurus and some local providers commented that DDoS attacks are very easy to employ, but not that easy to nail down. The perpetrators often find links to regenerate disruptions and these are taken out or blocked one at a time. Most of our Ministry servers have merely created blanket blocking of outside connections until such time as they can get a handle on the disruptions. Last night, I couldn't get the SWJ site back, but most of the Estonian sites came up quickly.

We would all like to think that recent US and NATO grievances were key to halting disturbances in front of Estonia's Embassy in Moscow and I think Kaur hit it on the head, we can't simply slap them without a means of saving face. Sounds very African or tribal, but that always seems to be the case. Ambassador Kaljulaid's departure allowed them that face saving and gave them a way out. Well, that's what they say

The Rossiya Molodaya (Young Russia) youth movement said the departure of the Estonian ambassador from Moscow was a "significant victory."

Quote:
The only hint of a positive development in recent days came on May 3 when the pro-Kremlin youth groups, whose members had been blockading the Estonian embassy in Moscow, ended their seige, citing the reason that Estonian ambassador Marina Kaljulaid had left the country.
With the exception of the Prime Minister calling on the EU to speak, I don't know that Estonia openly asked for much assistance. The calls from NATO and the USA to Estonia's President and Prime Minister expressing support were key. The other former east bloc countries certainly played a role, but they don't have the 'bang' like NATO, the US Senate and Canada's Parliament.

Regards, Stan

Last edited by Stan; 05-05-2007 at 12:22 PM.
Stan is offline  
Old 05-06-2007   #3
Stan
Council Member
 
Stan's Avatar
 
Join Date: Dec 2006
Location: Estonia
Posts: 3,817
Default Estonia holds suspect over 'cyber-attacks'

An inside man no less. Can't the Kremlin surf Google anymore ?

Quote:
Police arrested Saturday a 19-year-old Tallinn resident who is suspected of involvement in a wave of attacks against Estonian computer servers.

"The criminal police have detained the first person who stands accused in involvement in the recent cyber-attacks against Estonian servers," Kristiina Herodes, spokeswoman for the Estonian prosecutor's office, told AFP.

"Dmitri was posting on Internet forums calls to organise mass attacks against Estonian servers, called the DdoS attacks," Herodes said.

"He collected addresses of crucial Internet sites in Estonia and passed them in various Internet forums, instructing users to attack servers in Estonia," she said.

"Dmitri is the first person detained, but the investigation continues, as many of the attacks came from abroad, including from Russia," she said.

Many government web sites in Estonia have been forced to shut down during the past week because of the attacks.
Stan is offline  
Old 05-08-2007   #4
Stan
Council Member
 
Stan's Avatar
 
Join Date: Dec 2006
Location: Estonia
Posts: 3,817
Default First cyber attacker arrested

Well, Dmitri was not so innocent afterall

Quote:
Dmitri, a 19-year old resident of Tallinn and a student of higher technical education, was taken into custody today by the Central Criminal Police in connection with the recent cyber attacks against Estonia.

Dmitri is suspected of computer sabotage and of damaging connections to the computer network (Penal Code §206 and § 207). He actively participated on various Internet forums helping to organise cyber attacks, announced the spokesperson of the Public Prosecutor’s Office.

Dmitri independently volunteered and supervised other forum users in organizing the so-called DDoS attacks against several Estonian servers. As an Estonian resident, Dmitri had a good overview of the local Internet landscape and had the know-how for choosing targets. He instigated attacks against the web pages of local authorities as well as various political parties.
Stan is offline  
Old 05-08-2007   #5
marct
Council Member
 
marct's Avatar
 
Join Date: Aug 2006
Location: Ottawa, Canada
Posts: 3,682
Default More on Dmitri?

Hi Stan,

Okay, I'll bite - can we get more information on him? Seriously, this is ringing off all sorts of pattern recognition bells in my mind. In particular, what forums was he posting on and who else goes there. Is this a parallel to how AQ recruits?

Marc
__________________
Sic Bisquitus Disintegrat...
Marc W.D. Tyrrell, Ph.D.
Institute of Interdisciplinary Studies,
Senior Research Fellow,
The Canadian Centre for Intelligence and Security Studies, NPSIA
Carleton University
http://marctyrrell.com/
marct is offline  
Old 05-10-2007   #6
Stan
Council Member
 
Stan's Avatar
 
Join Date: Dec 2006
Location: Estonia
Posts: 3,817
Default Cyber Wars ? "You are owned, Monkeys !

Hmmm, anyone wondering what Putin woke up to this morning on his server

The Estonian National Anthem has reportedly been 'cybered into' several Russian servers. Upon launching the site (I just tried it here), the Estonian's famous sinimustvalge begins

Along with the nice music pops the Estonian flag with this underneath:



Quote:
Estonia forever!


маскальским и сибирским л0хам превед из Таллина!

Unfortunately, Estonia's IT experts feel the three sites are the work of the Russian youth and not patriotic Estonians. The links have been up too long and the Windows version used is Russian.
Stan is offline  
Old 05-14-2007   #7
Stan
Council Member
 
Stan's Avatar
 
Join Date: Dec 2006
Location: Estonia
Posts: 3,817
Default More on Dmitri - Just for you Marc !

Quote:
Originally Posted by marct View Post
Hi Stan,

Okay, I'll bite - can we get more information on him? Seriously, this is ringing off all sorts of pattern recognition bells in my mind. In particular, what forums was he posting on and who else goes there. Is this a parallel to how AQ recruits?

Marc
I have no idea if this is how the AQ recruits. Estonian LE are calling him a criminal and little more. This is about all I could find from various info sources and the translations were 'quick and dirty'

Quote:
Summation:
The attacks entailed a broad array of techniques, which started with mere spamming posts to later well-coordinated DDoS attacks against the government’s IT systems. The cyber attacks were coordinated in Russian over the internet from computer networks and servers in Russia. Detailed instructions on how to act included topics about the nature and execution of attacks, as well as information about potential targets and attack timing.

Very basic instructions were disseminated on websites, in forums, and in chat spaces, precluding the user’s need for any knowledge or skills. The first attack took place on 27 April following the first night of rioting and was fairly simple. The portrait of the Prime Minister was defaced on the home page of the Reform Party (the PM with Hitler’s mustache) and initial DDoS attacks against Estonian government organizations. Some were successful, but normal operations were quickly restored.

Dmitri’s Role:
On the 28th however, serious attacks were being urged to forum members living in Estonia against Estonian web pages from addresses http://2ch.ru and http://forum.xaker.ru. Discussions were also taking place about how to finance the rental of server farms and botnets for a massive attack - A Trojan Horse application - needed to hijack computers. More than 1,500 users logged onto their chat lines and awaited instructions from the botnet. It is widely believed that, a Russian criminal gang rented the botnet in order to launch these attacks against Estonia.

Simultaneous orders to attack were being disseminated via the internet. Although the vast majority were primitive, they were effective for the purposes of creating chaos and confusion. The attacks were also discussed and coordinated in IRC environments. Consequently, there was a large incremental increase in spontaneous attacks carried out by individuals. On the 30th a number of very complex and sophisticated attacks were launched.

The attackers were able to dedicate substantial resources indicative of a well organized and financed enemy. By this time, the Estonian authorities had blocked the majority of internet traffic from ‘dot RU’ IP address extensions, as well as from many other foreign IPs. Somewhat later in the day the brunt of the attack shifted to the DNS system. Now seemingly human-friendly website names were utilized with the obvious intent of putting the entire DNS system out of commission, and cripple Estonia’s internet.

During the first week of May, some of these attacks were able to achieve temporary success against telecommunications companies providing internet services and Estonian media publications. The attackers covered their tracks by using global bot networks (not all located in Russia), proxy servers in third countries, and by distorting their IP addresses.
At least they're seeking help !


Estonia to discuss cyber-attacks with NATO, EU


Quote:
Estonia is to raise the issue of how to handle cyber-attacks against state computer systems in meetings with partner member states of the NATO military alliance and European Union, officials said Friday.

"If the ports of a NATO member country are under attack, it is considered an attack against the whole of NATO, and the military alliance comes to help," Defence Minister Jaak Aaviksoo said.
Regards, Stan
Stan is offline  
Old 05-17-2007   #8
Stan
Council Member
 
Stan's Avatar
 
Join Date: Dec 2006
Location: Estonia
Posts: 3,817
Default Security incidents in Estonia's Internet domain

"Last Friday, we hoped it was all over but the new massive attack against one of the biggest banks on Tuesday showed we were too optimistic.

"Cyber-attacks also have been launched against banks, newspapers, schools and many other institutions".

Estonia's second-biggest bank, Swedish-owned SEB Eesti Uhispank, was forced Tuesday to block access from abroad to its online banking service after it came under "massive cyber-attack".
Stan is offline  
Old 05-17-2007   #9
kaur
Council Member
 
Join Date: Aug 2006
Posts: 1,007
Default Estonia, Nato and cyber warfare

Quote:
Nato has dispatched some of its top cyber-terrorism experts to Tallinn to investigate and to help the Estonians beef up their electronic defences.
"This is an operational security issue, something we're taking very seriously," said an official at Nato headquarters in Brussels. "It goes to the heart of the alliance's modus operandi."
http://www.guardian.co.uk/russia/art...081438,00.html
kaur is offline  
Old 05-17-2007   #10
marct
Council Member
 
marct's Avatar
 
Join Date: Aug 2006
Location: Ottawa, Canada
Posts: 3,682
Default

Hi Kaur,

Excellent article, thanks for the link.

Based on what has been posted in this thread so far, I wold hazard a guess that this started as an opportunistic attack with the political-symbolic environment being manipulated by the Russians. The Russian State gets plausible deniability and, at the same time, the types of attacks they want - i.e. "non-warfare".

There are some things I want to think through on how this operates but, my current thinking is that this is a form of symbolic warfare that will bite the Russians later one.

Marc
__________________
Sic Bisquitus Disintegrat...
Marc W.D. Tyrrell, Ph.D.
Institute of Interdisciplinary Studies,
Senior Research Fellow,
The Canadian Centre for Intelligence and Security Studies, NPSIA
Carleton University
http://marctyrrell.com/
marct is offline  
Old 05-17-2007   #11
Stan
Council Member
 
Stan's Avatar
 
Join Date: Dec 2006
Location: Estonia
Posts: 3,817
Default

Quote:
Originally Posted by marct View Post
Hi Kaur,

Excellent article, thanks for the link.

Based on what has been posted in this thread so far, I wold hazard a guess that this started as an opportunistic attack with the political-symbolic environment being manipulated by the Russians. The Russian State gets plausible deniability and, at the same time, the types of attacks they want - i.e. "non-warfare".

There are some things I want to think through on how this operates but, my current thinking is that this is a form of symbolic warfare that will bite the Russians later one.

Marc
Hi Marc !
I'll let Kaur answer from his own perspective, but what the Estonian Govt. and LE are saying, this was well planned, executed and financed.

Dmitri is not talking, but based on his 'student' status and relative lack of money, he was living extremely well.

Quote:
Experts from Nato member states and from the alliance's NCSA unit - "Nato's first line of defence against cyber-terrorism", set up five years ago - were meeting in Seattle in the US when the crisis erupted. A couple of them were rushed to Tallinn.

Another Nato official familiar with the experts' work said it was easy for them, with other organisations and internet providers, to track, trace, and identify the attackers.
That said, NATO may be a touch concerned. Me Thinks !
Stan is offline  
Old 05-17-2007   #12
Stan
Council Member
 
Stan's Avatar
 
Join Date: Dec 2006
Location: Estonia
Posts: 3,817
Default Is cyber attack a new form of warfare?

BBC's 'Have Your Say' wants to know

Quote:
Are you in Estonia? Do you think that Russia is responsible for the attacks? How well protected are state websites against this form of harassment?
Stan is offline  
Old 05-17-2007   #13
kaur
Council Member
 
Join Date: Aug 2006
Posts: 1,007
Default

I'd like to use word virtual swarming to describe the activity of opponents that are attacking Estonian servers. At first it looked like volunteer internet riot. Word was spread in internet forums to attack Estonian servers. For people without special knowledge, there were given special instructions how to do this. They did this as volunteers and binding force was the idea that there was huge insult against Russian soul by Estonian government. They attacked from every direction. The sites that were attacked were first not so important. At present they are useing same method, but calibre of their weapon is much bigger (number of hijacked computers is very big). How have they acquired this, it is interesting to know. It is hard to belive that the number of volunteers has grown because it seems that situation is at least here is calm (Estonian ambassador is also back in Russia again and Russian media is quiet) and momentum is gone. Who has such capacity to attack so intensely? Now they are targeting important targets, Estonian banks. e-banking is very popular here, so people are really pissed off.

Here is BBC story "Estonia hit by 'Moscow cyber war'

http://news.bbc.co.uk/2/hi/europe/6665145.stm

It seems that opponent has red this book http://en.wikipedia.org/wiki/Unrestricted_Warfare

Last edited by kaur; 05-17-2007 at 08:52 PM.
kaur is offline  
Old 05-18-2007   #14
Stan
Council Member
 
Stan's Avatar
 
Join Date: Dec 2006
Location: Estonia
Posts: 3,817
Default Denial it is then

"A Kremlin spokesman on May 17 refuted allegations of Moscow's involvement in the recent large-scale cyber attacks on Estonia’s government and private-sector websites that have been continuing since late April.

Deputy press secretary of the Russian president Dmitry Peskov said Russia can in no way be involved in cyber-terrorism and all claims to the contrary are an absolute lie, BBC Russian Service reported.

The official website of the Russian president is the target of hundreds of attacks every day, Peskov countered, and IP addresses of the computers from which they come implicate many countries in all parts of the world."

Meanwhile, Estonia’s national security police have said that the nation’s Constitution Party, which ran but did not win any seats in the March parliamentary elections, is managed and financed by the Russian authorities
Stan is offline  
Old 05-19-2007   #15
SWJED
Small Wars Journal
 
SWJED's Avatar
 
Join Date: Sep 2005
Location: Largo, Florida
Posts: 3,988
Default Cyber Assaults on Estonia Typify a New Battle Tactic

19 May Washington Times - Cyber Assaults on Estonia Typify a New Battle Tactic by Peter Finn.

Quote:
This small Baltic country, one of the most wired societies in Europe, has been subject in recent weeks to massive and coordinated cyber attacks on Web sites of the government, banks, telecommunications companies, Internet service providers and news organizations, according to Estonian and foreign officials here.

Computer security specialists here call it an unprecedented assault on the public and private electronic infrastructure of a state. They say it is originating in Russia, which is angry over Estonia's recent relocation of a Soviet war memorial. Russian officials deny any government involvement

The NATO alliance and the European Union have rushed information technology specialists to Estonia to observe and assist during the attacks, which have disrupted government e-mail and led financial institutions to shut down online banking...
SWJED is offline  
Old 05-21-2007   #16
kaur
Council Member
 
Join Date: Aug 2006
Posts: 1,007
Default

Estonian embassy's attackers' modus operandi.

Quote:
Some 15,000 volunteers donned red jackets, with putin's communicators emblazoned on the back, and spread out across Moscow distributing brochures and 10,000 specially made SIM cards for mobile phones. The cards allowed users to send text messages to the Kremlin—to be answered promptly by Nashi volunteers. Recipients were also instructed to use the cards to report any signs of an incipient Orange revolution. In that event, the cards would instantly relay text-message instructions on what to do and where to rally. "We explained to Muscovites that we should all be prepared for the pro-Western revolution, funded by America," says Nashi activist Tatyana Matiash, 22. "People must know what to do to save their motherland in case their radio and TV stop working."
I'd like to speculate that this is the way to disperse cyber attach methods against enemy via internet among memebers and symphatizers.

Quote:
Not to be outdone by Nashi, the Chelyabinsk chapter of the Young Guards recently staged a training session in how to combat a possible Orange revolution in their city. A hundred volunteers with orange bandannas pretended to storm the local television station; Young Guards mobilized to defend it. The day ended with Guards wielding baseball bats to smash up an "Orange" tent camp, much like that erected on Maidan Square in Kiev two years ago.
Quote:
They are lectured by top bureaucrats and politicians, including Deputy Defense Minister Yury Baluyevsky and the thuggish Chechen President Ramzan Kadyrov—honored as a "Young Politician of the Year" at last year's Nashi congress.
http://www.msnbc.msn.com/id/18753946...wsweek/page/2/
kaur is offline  
Old 05-22-2007   #17
Stan
Council Member
 
Stan's Avatar
 
Join Date: Dec 2006
Location: Estonia
Posts: 3,817
Default Cyber Estonia EU's front line

The recent attacks on Estonia's internet infrastructure have led to speculation that Estonia may become NATO's cyber warfare test bench. A Defense Ministry IT expert said plans for establishing a NATO cyber defense center in Estonia had existed for over a year and suggested that recent attacks should be considered cyber terrorism. "They should be clearly designated as such because they were instigated by political propaganda which is how terrorist groups find new members." There are plans to begin training Estonian cyber sleuths by the end of 2007.
Stan is offline  
Old 05-22-2007   #18
SWJED
Small Wars Journal
 
SWJED's Avatar
 
Join Date: Sep 2005
Location: Largo, Florida
Posts: 3,988
Default For Estonia and NATO, A New Kind of War

22 May Washington Post commentary - For Estonia and NATO, A New Kind of War by Anne Applebaum.

Quote:
And now for a quick quiz: A European country -- a member in good standing of NATO and the European Union -- has recently suffered multiple attacks on its institutions. Can you (a) name the country, (b) describe the attacks and (c) explain what NATO is doing in response?

If you can't, don't worry: NATO itself doesn't quite know what it is doing about the attacks, despite the alliance's treaty, which declares that an armed attack on one of its members is "an attack against them all." The country is Estonia -- a very small, very recent member of NATO; the attacks are taking place in cyberspace; and while the perpetrators aren't exactly unknown, their identities can't be proved either...
SWJED is offline  
Old 05-24-2007   #19
kaur
Council Member
 
Join Date: Aug 2006
Posts: 1,007
Default The Moscow Times

"Web Sites Under Attack in a Murky War"

Quote:
Estonia has created a stir with its accusations that Kremlin-based hackers targeted government web sites. But it is not alone in grappling with cyber attacks.

Hackers in recent months have targeted outspoken pro-Kremlin youth groups, opposition forces, ultranationalist organizations and media outlets, crashing their web sites with what is known as Distributed Denial of Service, or DDoS, attacks -- the same type of attack that Estonia says was launched against its sites.
http://www.themoscowtimes.com/storie...05/24/003.html

This article is accessible only today, 24.05.2007
kaur is offline  
Old 05-24-2007   #20
Stan
Council Member
 
Stan's Avatar
 
Join Date: Dec 2006
Location: Estonia
Posts: 3,817
Default EU Commissioner supports Estonia

From yesterday's Postimees:

During a discussion of the forthcoming European Parliament resolution on Estonia, EU Commissioner for External Relations Benita Ferrero-Waldner expressed support for the country.

The EU Commissioner called the blockade of the Estonian embassy in Moscow and also the cyber-attacks on the servers of Estonia’s state institutions “unacceptable”, the EC’s press service said.

According to Ferrero-Waldner, there have been no violations of human rights in Tallinn. and the relocation of the Bronze Soldier statue was done with due consideration for all of Estonia’s obligations.

The EU Commissioner said she was aware that the relocation of the statue had become a “sore issue” for Estonia, adding that she regretted the protests in Tallinn had ended in the wrecking of shops and kiosks.

“People have a right to express their views, of course, but not by such means. For example, the blockade of the Estonian embassy in Moscow is unacceptable,” Ferrero-Waldner said.

“I’m concerned about the cyber-attacks on Estonia. We have voiced our concerns to Russia, and will do so in future,” the EU Commissioner added.

According to her, the EU will continue to follow what happens in the sphere of trade between Estonia and Russia.

On Thursday the European Parliament is planning to adopt a resolution on Estonia.
Stan is offline  
Closed Thread

Bookmarks

Tags
cyberwar

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
USAF Cyber Command (catch all) selil Media, Information & Cyber Warriors 150 03-15-2011 10:50 PM
Information Operations SWJED Media, Information & Cyber Warriors 152 08-28-2009 10:47 AM
A Few Cyber Warfare Resources JeffC Media, Information & Cyber Warriors 10 12-18-2007 02:01 PM
Recognizing and Understanding Revolutionary Change in Warfare SWJED Futurists & Theorists 0 03-01-2006 09:59 PM


All times are GMT. The time now is 02:46 AM.


Powered by vBulletin® Version 3.8.9. ©2000 - 2017, Jelsoft Enterprises Ltd.
Registered Users are solely responsible for their messages.
Operated by, and site design © 2005-2009, Small Wars Foundation