[AfrICANN-discuss] Cyber Assaults -- a new battle tactic- How
prepared are we?
Dr Yassin Mshana
ymshana2003 at gmail.com
Mon May 21 13:01:20 SAST 2007
Oh No! Now the hidden weapon for a long time has come out!! I remember
about a discussing I had with someone during AF* Abuja, asking him about the
integrity, security clearance and the importance of the reliability of ISPs
and other Operators. Who vets who and how is a big question in many
countries - any Tom-Dick and Harry can provide the service yes BUT there is
more to that.
Eagerly waiting to see how this problem will be solved .......sad eh?
Good day
Yassin
On 21/05/07, Anne-Rachel Inné <annerachel at gmail.com> wrote:
>
> *Cyber Assaults on Estonia Typify a New Battle Tactic*
>
> By Peter Finn
> Washington Post Foreign Service
> Saturday, May 19, 2007; A01
>
> http://www.washingtonpost.com/wp-dyn/content/article/2007/05/18/AR2007051802122_pf.html
>
>
> TALLINN, Estonia, May 18 -- This small Baltic country, one of the most
> wired societies in Europe<http://www.washingtonpost.com/wp-srv/related-topics.html/Europe?tid=informline>,
> has been subject in recent weeks to massive and coordinated cyber attacks on
> Web sites of the government, banks, telecommunications companies, Internet
> service providers and news organizations, according to Estonian and foreign
> officials here.
>
> Computer security specialists here call it an unprecedented assault on the
> public and private electronic infrastructure of a state. They say it is
> originating in Russia<http://www.washingtonpost.com/wp-srv/related-topics.html/Russia?tid=informline>,
> which is angry over Estonia<http://www.washingtonpost.com/wp-srv/related-topics.html/Estonia?tid=informline>'s
> recent relocation of a Soviet war memorial. Russian officials deny any
> government involvement.
>
> The NATO
> <http://www.washingtonpost.com/wp-srv/related-topics.html/NATO?tid=informline>alliance
> and the European Union<http://www.washingtonpost.com/wp-srv/related-topics.html/European+Union?tid=informline>have rushed information technology specialists to Estonia to observe and
> assist during the attacks, which have disrupted government e-mail and led
> financial institutions to shut down online banking.
>
> As societies become increasingly dependent on computer networks that cross
> national borders, security experts worry that in wartime, enemies will
> attempt to cripple those networks with electronic attacks. The Department
> of Homeland Security
> <http://www.washingtonpost.com/wp-srv/related-topics.html/U.S.+Department+of+Homeland+Security?tid=informline>has
> warned that U.S. networks should be secured against al-Qaeda<http://www.washingtonpost.com/wp-srv/related-topics.html/Al+Qaeda?tid=informline>hackers. Estonia's experience provides a rare chance to observe how such
> assaults proceed.
>
> "These attacks were massive, well targeted and well organized," Jaak
> Aaviksoo, Estonia's minister of defense, said in an interview. They can't be
> viewed, he said, "as the spontaneous response of public discontent worldwide
> with the actions of the Estonian authorities" concerning the memorial.
> "Rather, we have to speak of organized attacks on basic modern
> infrastructures."
>
> The Estonian government stops short of accusing the Russian government of
> orchestrating the assaults, but alleges that authorities in Moscow<http://www.washingtonpost.com/wp-srv/related-topics.html/Moscow?tid=informline>have shown no interest in helping to end them or investigating evidence that
> Russian state employees have taken part. One Estonian citizen has been
> arrested, and officials here say they also have identified Russians involved
> in the attacks.
>
> "They won't even pick up the phone," Rein Lang, Estonia's minister of
> justice, said in an interview.
>
> Estonian officials said they traced some attackers to Internet protocol
> (IP) addresses that belong to the Russian presidential administration and
> other state agencies in Russia.
>
> "There are strong indications of Russian state involvement," said Silver
> Meikar, a member of Parliament in the governing coalition who follows
> information technology issues in Estonia. "I can say that based on a wide
> range of conversations with people in the security agencies."
>
> Russian officials deny that claim. In a recent interview, Kremlin<http://www.washingtonpost.com/wp-srv/related-topics.html/Moscow+Kremlin?tid=informline>spokesman Dmitri Peskov called it "out of the question." Reached Friday at a
> Russia-E.U. summit, he reiterated the denial, saying there was nothing to
> add.
>
> A Russian official who the Estonians say took part in the attacks said in
> an interview Friday that the assertion was groundless. "We know about the
> allegations, of course, and we checked our IP addresses," said Andrei Sosov,
> who works at the agency that handles information technology for the Russian
> government. His IP address was identified by the Estonians as having
> participated, according to documents obtained by The Washington Post<http://www.washingtonpost.com/wp-srv/related-topics.html/The+Washington+Post+Company?tid=informline>
> .
>
> "Our names and contact numbers are open resources. I am just saying that
> professional hackers could easily have used our IP addresses to spoil
> relations between Estonia and Russia."
>
> Estonia has a large number of potential targets. The economic success of
> the tiny former Soviet republic is built largely on its status as an
> "e-society," with paperless government and electronic voting. Many common
> transactions, including the signing of legal documents, can be done via the
> Internet.
>
> The attacks began on April 27, a Friday, within hours of the war
> memorial's relocation. On Russian-language Internet forums, Estonian
> officials say, instructions were posted on how to disable government Web
> sites by overwhelming them with traffic, a tactic known as a denial of
> service attack.
>
> The Web sites of the Estonian president, the prime minister, Parliament
> and government ministries were quickly swamped with traffic, shutting them
> down. Hackers defaced other sites, putting, for instance, a Hitler<http://www.washingtonpost.com/wp-srv/related-topics.html/Adolf+Hitler?tid=informline>mustache on the picture of Prime Minister Andrus Ansip on his political
> party's Web site.
>
> The assault continued through the weekend. "It was like an Internet riot,"
> said Hillar Aarelaid, a lead specialist on Estonia's Computer Emergency
> Response Team, which headed the government's defense.
>
> The Estonian government began blocking Internet traffic from Russia on
> April 30 by filtering out all Web addresses that ended in .ru.
>
> By April 30, Aarelaid said, security experts noticed an increasing level
> of sophistication. Government Web sites and new targets, including media Web
> sites, came under attack from electronic cudgels known as botnets. Bots are
> computers that can be remotely commanded to participate in an attack. They
> can be business or home computers, and are known as zombie computers.
>
> When bots were turned loose on Estonia, Aaviksoo said, roughly 1 million
> unwitting computers worldwide were employed. Officials said they traced bots
> to countries as dissimilar as the United States<http://www.washingtonpost.com/wp-srv/related-topics.html/United+States?tid=informline>,
> China<http://www.washingtonpost.com/wp-srv/related-topics.html/China?tid=informline>,
> Vietnam<http://www.washingtonpost.com/wp-srv/related-topics.html/Vietnam?tid=informline>,
> Egypt<http://www.washingtonpost.com/wp-srv/related-topics.html/Egypt?tid=informline>and
> Peru<http://www.washingtonpost.com/wp-srv/related-topics.html/Peru?tid=informline>
> .
>
> By May 1, Estonian Internet service providers had come under sustained
> attack. System administrators were forced to disconnect all customers for 20
> seconds to reboot their networks.
>
> Newspapers in Estonia responded by closing access to their Web sites to
> everyone outside the country, as did the government. The sites of
> universities and nongovernmental organizations were overwhelmed.
> Parliament's e-mail service was shut for 12 hours because of the strain on
> servers.
>
> Foreign governments began to take notice. NATO, the United States and the
> E.U. sent information technology experts. "It was a concerted,
> well-organized attack, and that's why Estonia has taken it so seriously and
> so have we," said Robert Pszczel, a NATO spokesman. Estonia is a new member
> of NATO and the E.U.
>
> The FBI<http://www.washingtonpost.com/wp-srv/related-topics.html/Federal+Bureau+of+Investigation?tid=informline>also provided assistance, according to Estonian officials. The bureau
> referred a reporter's calls to the U.S. Embassy in Estonia, which said
> there was no one available to discuss American assistance to the Baltic
> State.
>
> On May 9, the day Russia celebrates victory in World War II, a new wave of
> attacks began at midnight Moscow time.
>
> "It was the Big Bang," Aarelaid said. By his account, 4 million packets of
> data per second, every second for 24 hours, bombarded a host of targets that
> day.
>
> "Everyone from 10-year-old boys to very experienced professionals was
> attacking," he said. "It was like a forest fire. It kept spreading."
>
> By May 10, bots were probing for weaknesses in Estonian banks. They forced
> Estonia's largest bank to shut down online services for all customers for an
> hour and a half. Online banking remains closed to all customers outside the Baltic
> States<http://www.washingtonpost.com/wp-srv/related-topics.html/Baltic+States?tid=informline>and
> Scandinavia<http://www.washingtonpost.com/wp-srv/related-topics.html/Scandinavia?tid=informline>,
> according to Jaan Priisalu, head of the IT risk management group at
> Hansabank, a major Baltic bank.
>
> "The nature of the latest attacks is very different," said Linnar Viik, a
> government IT consultant, "and it's no longer a bunch of zombie computers,
> but things you can't buy from the black market," he said. "This is something
> that will be very deeply analyzed, because it's a new level of risk. In the
> 21st century, the understanding of a state is no longer only its territory
> and its airspace, but it's also its electronic infrastructure.
>
> "This is not some virtual world," Viik added. "This is part of our
> independence. And these attacks were an attempt to take one country back to
> the cave, back to the Stone Age."
>
> --------------------------------------------------------------------------------
> >
> >
> > http://news.bbc.co.uk/2/hi/europe/6665145.stm
> > Estonia hit by 'Moscow cyber war'
> > *Estonia says the country's websites have been under heavy attack for
> > the past three weeks, blaming Russia for playing a part in the cyber
> > warfare. *
> >
> > Many of the attacks have come from Russia and are being hosted by
> > Russian state computer servers, Tallinn says. Moscow denies any involvement.
> >
> >
> > Estonia says the attacks began after it moved a Soviet war memorial in
> > Tallinn. The move was condemned by the Kremlin.
> >
> > A Nato spokesman said the organisation was giving Estonia technical
> > help.
> >
> > "In the 21st century it's not just about tanks and artillery," Nato
> > spokesman James Appathurai told BBC News.
> >
> > "We have sent one of our experts at the request of the Estonian
> > authorities to help them in their defence."
> >
> > *'Paperless government' *
> >
> > Estonia wants to put the issue at the top of Friday's EU-Russia summit
> > agenda.
> >
> > The head of IT security at Estonia's defence ministry, Mikhail Tammet,
> > told BBC News that the attacks had affected a range of government websites,
> > including those of the parliament and governmental institutions.
> >
> > He said the country was particularly vulnerable as much of its
> > government was run online.
> >
> > "Estonia depends largely on the internet. We have e-government,
> > government is so-called paperless... all the bank services are on the
> > internet. We even elect our parliament via the internet," Mr Tammet said.
> >
> > The memorial's removal also triggered riots amongst mostly ethnic
> > Russian living in Estonia, during which one person was killed and more than
> > 150 injured.
> >
> > Estonians say the memorial symbolised Soviet occupation of the Baltic
> > state. Russians say it is a tribute to those who fought the Nazis.
> >
> > *Spam avalanche *
> >
> > The Estonian government says its state and commercial websites -
> > including a number of banks - are being bombarded by mass requests for
> > information - overwhelming their computer servers.
> >
> > Targets of the so-called denial-of-service attacks have also included
> > the Estonian foreign and defence ministries and leading newspapers and
> > banks.
> >
> > In some cases, officials have simply blocked access to the servers from
> > outside Estonia, to prevent them from being attacked.
> >
> > "A couple weeks ago when the whole thing started we had some problems in
> > our online services and then our mail server was absolutely inundated with
> > spam e-mails as well," Estonian journalist Aet Suvari told the BBC.
> >
> > "In the past few weeks it has been quite difficult for some government
> > officials to read their e-mails on the web, to get access to the banks."
> >
> > The defence ministry says that the cyber attacks come from all over the
> > world, but some have been hosted by Russian state servers.
> >
> > It says that instructions on how to carry out cyber warfare are
> > circulating in Russian on Russian websites.
> >
> > Estonian Prime Minister Andrus Ansip has directly accused Russia of
> > being responsible, pointing the blame at the Russian government.
> >
> > Nato and EU internet experts are all helping to track down the culprits,
> > but Estonian officials say that they have had no co-operation from Russia.
> >
> > *'Internet pioneer' *
> >
> > While technical experts say that the initial wave of attacks came from
> > official structures in Russia, they now say it might be very difficult to
> > track the perpetrators down, the BBC's Steven Eke says.
> > He says that experts point out that botnets - the term given to the
> > groups of computers that mount denial-of-service attacks - can be located
> > across several countries, or even continents.
> >
> > Russia - which has a large community of hackers and computer
> > virus-writers - has been accused of mounting such attacks before in the US
> > and Ukraine.
> >
> > Moscow denies any involvement in the internet attacks on Estonia.
> >
> > Kremlin spokesman Dmitry Peskov told the BBC that the allegations were
> > "completely untrue".
> > Story from BBC NEWS:
> > http://news.bbc.co.uk/go/pr/fr/-/2/hi/europe/6665145.stm
> >
> > Published: 2007/05/17 15:21:15 GMT
> >
> > (c) BBC MMVII
>
>
> _______________________________________________
> AfrICANN mailing list
> AfrICANN at afrinic.net
> https://lists.afrinic.net/mailman/listinfo.cgi/africann
>
>
--
c/o DFID-Nigeria
No. 10 Bobo Street
Maitama
Abuja
Nigeria
Skype: yassin mshana
Mobile: +234-803 970 5117
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.afrinic.net/pipermail/africann/attachments/20070521/7d22831b/attachment-0001.htm
More information about the AfrICANN
mailing list