[AfrICANN-discuss] Cyber Assaults -- a new battle tactic- How
prepared are we?
Anne-Rachel Inné
annerachel at gmail.com
Mon May 21 10:39:05 SAST 2007
*Cyber Assaults on Estonia Typify a New Battle Tactic*
By Peter Finn
Washington Post Foreign Service
Saturday, May 19, 2007; A01
http://www.washingtonpost.com/wp-dyn/content/article/2007/05/18/AR2007051802122_pf.html
TALLINN, Estonia, May 18 -- This small Baltic country, one of the most wired
societies in Europe<http://www.washingtonpost.com/wp-srv/related-topics.html/Europe?tid=informline>,
has been subject in recent weeks to massive and coordinated cyber attacks on
Web sites of the government, banks, telecommunications companies, Internet
service providers and news organizations, according to Estonian and foreign
officials here.
Computer security specialists here call it an unprecedented assault on the
public and private electronic infrastructure of a state. They say it is
originating in Russia<http://www.washingtonpost.com/wp-srv/related-topics.html/Russia?tid=informline>,
which is angry over
Estonia<http://www.washingtonpost.com/wp-srv/related-topics.html/Estonia?tid=informline>'s
recent relocation of a Soviet war memorial. Russian officials deny any
government involvement.
The NATO
<http://www.washingtonpost.com/wp-srv/related-topics.html/NATO?tid=informline>alliance
and the European
Union<http://www.washingtonpost.com/wp-srv/related-topics.html/European+Union?tid=informline>have
rushed information technology specialists to Estonia to observe and
assist during the attacks, which have disrupted government e-mail and led
financial institutions to shut down online banking.
As societies become increasingly dependent on computer networks that cross
national borders, security experts worry that in wartime, enemies will
attempt to cripple those networks with electronic attacks. The Department of
Homeland Security
<http://www.washingtonpost.com/wp-srv/related-topics.html/U.S.+Department+of+Homeland+Security?tid=informline>has
warned that U.S. networks should be secured against
al-Qaeda<http://www.washingtonpost.com/wp-srv/related-topics.html/Al+Qaeda?tid=informline>hackers.
Estonia's experience provides a rare chance to observe how such
assaults proceed.
"These attacks were massive, well targeted and well organized," Jaak
Aaviksoo, Estonia's minister of defense, said in an interview. They can't be
viewed, he said, "as the spontaneous response of public discontent worldwide
with the actions of the Estonian authorities" concerning the memorial.
"Rather, we have to speak of organized attacks on basic modern
infrastructures."
The Estonian government stops short of accusing the Russian government of
orchestrating the assaults, but alleges that authorities in
Moscow<http://www.washingtonpost.com/wp-srv/related-topics.html/Moscow?tid=informline>have
shown no interest in helping to end them or investigating evidence
that
Russian state employees have taken part. One Estonian citizen has been
arrested, and officials here say they also have identified Russians involved
in the attacks.
"They won't even pick up the phone," Rein Lang, Estonia's minister of
justice, said in an interview.
Estonian officials said they traced some attackers to Internet protocol (IP)
addresses that belong to the Russian presidential administration and other
state agencies in Russia.
"There are strong indications of Russian state involvement," said Silver
Meikar, a member of Parliament in the governing coalition who follows
information technology issues in Estonia. "I can say that based on a wide
range of conversations with people in the security agencies."
Russian officials deny that claim. In a recent interview,
Kremlin<http://www.washingtonpost.com/wp-srv/related-topics.html/Moscow+Kremlin?tid=informline>spokesman
Dmitri Peskov called it "out of the question." Reached Friday at a
Russia-E.U. summit, he reiterated the denial, saying there was nothing to
add.
A Russian official who the Estonians say took part in the attacks said in an
interview Friday that the assertion was groundless. "We know about the
allegations, of course, and we checked our IP addresses," said Andrei Sosov,
who works at the agency that handles information technology for the Russian
government. His IP address was identified by the Estonians as having
participated, according to documents obtained by The Washington
Post<http://www.washingtonpost.com/wp-srv/related-topics.html/The+Washington+Post+Company?tid=informline>
.
"Our names and contact numbers are open resources. I am just saying that
professional hackers could easily have used our IP addresses to spoil
relations between Estonia and Russia."
Estonia has a large number of potential targets. The economic success of the
tiny former Soviet republic is built largely on its status as an
"e-society," with paperless government and electronic voting. Many common
transactions, including the signing of legal documents, can be done via the
Internet.
The attacks began on April 27, a Friday, within hours of the war memorial's
relocation. On Russian-language Internet forums, Estonian officials say,
instructions were posted on how to disable government Web sites by
overwhelming them with traffic, a tactic known as a denial of service
attack.
The Web sites of the Estonian president, the prime minister, Parliament and
government ministries were quickly swamped with traffic, shutting them down.
Hackers defaced other sites, putting, for instance, a
Hitler<http://www.washingtonpost.com/wp-srv/related-topics.html/Adolf+Hitler?tid=informline>mustache
on the picture of Prime Minister Andrus Ansip on his political
party's Web site.
The assault continued through the weekend. "It was like an Internet riot,"
said Hillar Aarelaid, a lead specialist on Estonia's Computer Emergency
Response Team, which headed the government's defense.
The Estonian government began blocking Internet traffic from Russia on April
30 by filtering out all Web addresses that ended in .ru.
By April 30, Aarelaid said, security experts noticed an increasing level of
sophistication. Government Web sites and new targets, including media Web
sites, came under attack from electronic cudgels known as botnets. Bots are
computers that can be remotely commanded to participate in an attack. They
can be business or home computers, and are known as zombie computers.
When bots were turned loose on Estonia, Aaviksoo said, roughly 1 million
unwitting computers worldwide were employed. Officials said they traced bots
to countries as dissimilar as the United
States<http://www.washingtonpost.com/wp-srv/related-topics.html/United+States?tid=informline>,
China<http://www.washingtonpost.com/wp-srv/related-topics.html/China?tid=informline>,
Vietnam<http://www.washingtonpost.com/wp-srv/related-topics.html/Vietnam?tid=informline>,
Egypt<http://www.washingtonpost.com/wp-srv/related-topics.html/Egypt?tid=informline>and
Peru<http://www.washingtonpost.com/wp-srv/related-topics.html/Peru?tid=informline>
.
By May 1, Estonian Internet service providers had come under sustained
attack. System administrators were forced to disconnect all customers for 20
seconds to reboot their networks.
Newspapers in Estonia responded by closing access to their Web sites to
everyone outside the country, as did the government. The sites of
universities and nongovernmental organizations were overwhelmed.
Parliament's e-mail service was shut for 12 hours because of the strain on
servers.
Foreign governments began to take notice. NATO, the United States and the
E.U. sent information technology experts. "It was a concerted,
well-organized attack, and that's why Estonia has taken it so seriously and
so have we," said Robert Pszczel, a NATO spokesman. Estonia is a new member
of NATO and the E.U.
The FBI<http://www.washingtonpost.com/wp-srv/related-topics.html/Federal+Bureau+of+Investigation?tid=informline>also
provided assistance, according to Estonian officials. The bureau
referred a reporter's calls to the U.S. Embassy in Estonia, which said there
was no one available to discuss American assistance to the Baltic State.
On May 9, the day Russia celebrates victory in World War II, a new wave of
attacks began at midnight Moscow time.
"It was the Big Bang," Aarelaid said. By his account, 4 million packets of
data per second, every second for 24 hours, bombarded a host of targets that
day.
"Everyone from 10-year-old boys to very experienced professionals was
attacking," he said. "It was like a forest fire. It kept spreading."
By May 10, bots were probing for weaknesses in Estonian banks. They forced
Estonia's largest bank to shut down online services for all customers for an
hour and a half. Online banking remains closed to all customers
outside the Baltic
States<http://www.washingtonpost.com/wp-srv/related-topics.html/Baltic+States?tid=informline>and
Scandinavia<http://www.washingtonpost.com/wp-srv/related-topics.html/Scandinavia?tid=informline>,
according to Jaan Priisalu, head of the IT risk management group at
Hansabank, a major Baltic bank.
"The nature of the latest attacks is very different," said Linnar Viik, a
government IT consultant, "and it's no longer a bunch of zombie computers,
but things you can't buy from the black market," he said. "This is something
that will be very deeply analyzed, because it's a new level of risk. In the
21st century, the understanding of a state is no longer only its territory
and its airspace, but it's also its electronic infrastructure.
"This is not some virtual world," Viik added. "This is part of our
independence. And these attacks were an attempt to take one country back to
the cave, back to the Stone Age."
--------------------------------------------------------------------------------
>
>
> http://news.bbc.co.uk/2/hi/europe/6665145.stm
> Estonia hit by 'Moscow cyber war'
> *Estonia says the country's websites have been under heavy attack for the
> past three weeks, blaming Russia for playing a part in the cyber warfare.
> *
>
> Many of the attacks have come from Russia and are being hosted by Russian
> state computer servers, Tallinn says. Moscow denies any involvement.
>
> Estonia says the attacks began after it moved a Soviet war memorial in
> Tallinn. The move was condemned by the Kremlin.
>
> A Nato spokesman said the organisation was giving Estonia technical help.
>
> "In the 21st century it's not just about tanks and artillery," Nato
> spokesman James Appathurai told BBC News.
>
> "We have sent one of our experts at the request of the Estonian
> authorities to help them in their defence."
>
> *'Paperless government' *
>
> Estonia wants to put the issue at the top of Friday's EU-Russia summit
> agenda.
>
> The head of IT security at Estonia's defence ministry, Mikhail Tammet,
> told BBC News that the attacks had affected a range of government websites,
> including those of the parliament and governmental institutions.
>
> He said the country was particularly vulnerable as much of its government
> was run online.
>
> "Estonia depends largely on the internet. We have e-government, government
> is so-called paperless... all the bank services are on the internet. We even
> elect our parliament via the internet," Mr Tammet said.
>
> The memorial's removal also triggered riots amongst mostly ethnic Russian
> living in Estonia, during which one person was killed and more than 150
> injured.
>
> Estonians say the memorial symbolised Soviet occupation of the Baltic
> state. Russians say it is a tribute to those who fought the Nazis.
>
> *Spam avalanche *
>
> The Estonian government says its state and commercial websites - including
> a number of banks - are being bombarded by mass requests for information -
> overwhelming their computer servers.
>
> Targets of the so-called denial-of-service attacks have also included the
> Estonian foreign and defence ministries and leading newspapers and banks.
>
> In some cases, officials have simply blocked access to the servers from
> outside Estonia, to prevent them from being attacked.
>
> "A couple weeks ago when the whole thing started we had some problems in
> our online services and then our mail server was absolutely inundated with
> spam e-mails as well," Estonian journalist Aet Suvari told the BBC.
>
> "In the past few weeks it has been quite difficult for some government
> officials to read their e-mails on the web, to get access to the banks."
>
> The defence ministry says that the cyber attacks come from all over the
> world, but some have been hosted by Russian state servers.
>
> It says that instructions on how to carry out cyber warfare are
> circulating in Russian on Russian websites.
>
> Estonian Prime Minister Andrus Ansip has directly accused Russia of being
> responsible, pointing the blame at the Russian government.
>
> Nato and EU internet experts are all helping to track down the culprits,
> but Estonian officials say that they have had no co-operation from Russia.
>
> *'Internet pioneer' *
>
> While technical experts say that the initial wave of attacks came from
> official structures in Russia, they now say it might be very difficult to
> track the perpetrators down, the BBC's Steven Eke says.
> He says that experts point out that botnets - the term given to the
> groups of computers that mount denial-of-service attacks - can be located
> across several countries, or even continents.
>
> Russia - which has a large community of hackers and computer virus-writers
> - has been accused of mounting such attacks before in the US and Ukraine.
>
> Moscow denies any involvement in the internet attacks on Estonia.
>
> Kremlin spokesman Dmitry Peskov told the BBC that the allegations were
> "completely untrue".
> Story from BBC NEWS:
> http://news.bbc.co.uk/go/pr/fr/-/2/hi/europe/6665145.stm
>
> Published: 2007/05/17 15:21:15 GMT
>
> (c) BBC MMVII
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.afrinic.net/pipermail/africann/attachments/20070521/c8a02acd/attachment-0001.htm
More information about the AfrICANN
mailing list