Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Real Impact of the Estonian Cyberattack

Posted by Zonk on from the mad-world-it's-a-mad-world dept.

An anonymous reader writes "News.com offers up an interview with Arbor Networks' senior security researcher Jose Nazario. He takes stock of the denial-of-service attack against the Baltic nation of Estonia, and considers the somewhat disturbing wider implications from the event. 'You look around the globe, and there's basically no limit to the amount of skirmishes between well-connected countries that could get incredibly emotional for the population at large. In this case, it has disrupted the Estonian government's ability to work online, it has disrupted a lot of its resources and attention. In that respect, it's been effective. It hasn't brought the government to a crippling halt, but has essentially been effective as a protest tool. People will probably look at this and say, That works. I think we're going to continue to do this kind of thing. Depending on the target within the government, it could be very visible, or it could not be very visible.'"

10 of 172 comments (clear)

  1. Re:Backbone QOS? by packetmon · · Score: 4, Insightful

    What would QoS do at this level except overwhelm your processor? Unicast Reverse Path Forwarding would be the better solution nowadays. Cat 6500 info... If networks were built correctly from the ground up, these attacks wouldn't even happen as much. If three networks were connected and all had uRPF or filtering in place, no three networks would be able to spoof addresses and cause attacks. They'd be forced to attack using a valid address on their network which would make tracking easier...

    --
    Infiltrated dot Net
  2. Possible Outcomes by Nymz · · Score: 3, Insightful

    Unless some magical solution presents itself, then cyber-warfare will most likely continue. The difference will be in how we respond. Should starting up your own cyber-attacks be an acceptable form of retaliation? or will more cyber-attacks only lead us down the path to a conventional-attack?

    1. Re:Possible Outcomes by cosinezero · · Score: 3, Insightful

      If impact is merely economic - how then does it differ from other games countries play to crush economic interests? I mean, where you see "Denial of Service", I see "Sanctions" and wonder, in the grand scheme of things, what's the difference?

    2. Re:Possible Outcomes by DerekLyons · · Score: 3, Insightful

      The key difference is that sanctions and traditional methods are (generally) open and aboveboard - you know who is doing what to who, as it is announced widely beforehand and very visible in operation. DoS attacks however, are none of these things. In addition, while Country X may impose various forms of sanctions/tariffs/etc... on Country Y - that does not effect (directly) either the internal operation of Country Y, or it's intercourse with Country Z. DoS atacks can, and do - as well as have an immediate and direct impact on individuals.

  3. that's the biggest problem with this warfare by circletimessquare · · Score: 3, Insightful

    say you had two countries simmering over some stupid feud: land or machismo or even a soccer game. in such a situation, any cross border incursions or launched missiles can get back to a matter of accountabilty: what comes from your territory is your responsibility, and the fact that something came from your territory or not is pretty straightforward. the side where the incursions came from can even make excuses, but the other side can still say: "look, these guys came from your territory. clean it up yourself or we'll clean it up for you." that provides some straightforward safeguards right there

    however, things are too nebulous on the web. no accountability. the russians that attacked estonia can not be found by russia and suppressed easily, because no one knows who they are. well, obviously there can be some intelligent detective work done (who purchased the botnets for rent, for example), but my point is, any group of teenage assholes can do this sort of thing, from any botnet in the world, and so it renders obvious lines of accountability all nebulous and unresolved

    and so it is sort of like terrorism, in that there is no one easy and big to blame. no state or governmental entity. it's vague and undefined. and in the end, therefore, these sorts of wars/ crimes are really the defining characteristic of conflicts in the 21st century. for the most part, wars of nation against nation and obvious straightforward battlefields seem to be a dead era. today's conflicts are all about shadowy organizations ready to do nefarious things in the name of nebulous agendas, and finding and stopping who or what or how is simply a task without any clear goals or clear yardsticks of progress

    some people would use this fact to say that therefore there is no war or conflict at all, that say, the "war on terrorism" isn't real. no, wrong. the threat is still very real. something like 9/11 is not a phantasm of a neocon's imagination

    it's just that the enemy is opaque and made of fog. but because the enemy is hard to pin down, does not mean there isn't nefarious intent out there you need to protect yourself from. yes, that vagueness can be used to amp up fear and provoke overreaction. but, in a way, doing nothing is still worse than overreaction (unless overreaction consists of taking the war to targets that should not be targets)

    we live in a difficult era folks. do nothing, you're damned. do something, you can be damned worse. you need to be clever and constant and precise in your efforts, and you'll still screw up and get blowback anyways, and you must still soldier on nonplussed nonetheless, against cyberenemies, against terrorism, with no real yardstick of progress, with no real verification of success or failure, with nothing but the fog for miles and for years, and then a plane in a skyscraper, or a bomb in a disco, or a flood of emails, or a DoS for seemingly no rhyme or reason... and then gone again like a fart in the wind, until the next mass murder. it's psychologically debilitating, and yet constitution and fortitude are your best character qualities needed in order to beat back these shadowy enemies

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  4. Government-orchestrated? Please by saikou · · Score: 2, Insightful

    Given how "well" Russian Government organizes things it'd be an utter failure. Please remember, there are many people and groups in the whole world that are quite capable of doing it by themselves. What, do you think the government has nothing else to do than to issue covert demands for every dial-up user to ping particular Estonian servers?
    Estonia (and some mass media) simply find it useful to blame everything on Russian government now. Russian companies refuse to buy their products because customers stopped buying them? Blame Kremlin. If a giant meteor were to strike the capital right now, there'd be a couple of experts saying that "Nobody can prove it wasn't a covert Kremlin operation".

    Of course you also have to think about it from the other point of view. If there was a symbol for all US soldiers that died in combat, that marked their graves in another country, and that country would then decided to just move it somewhere else, because they want to put a highway on top of that last resting place... Would Americans grin and bear it? No? Loud screams from politicians asking for sanctions? Regular people doing everything they can to protest it? Net bot herders making statement and then bragging about "squashing the embassy N servers" between themselves?
    Would the US government have to encourage people to do it?

    Now tell me, what's the difference?

    I would think the more important thing would be Pentagon's readiness to bomb the source of cyberattacks, which means that a group of bot herders can decide which country Pentagon will be bombing next.

    --
    Hyperom.com
  5. Re:Russia - cybercrime capital of the world by 99BottlesOfBeerInMyF · · Score: 4, Insightful

    Russia - cybercrime capital of the world

    According to the site mentioned in the article, Russia comes in at #17 in the attacks by country breakdown at the bottom of the page. It covers scanning, fingerprinted attacks, and DDoS attacks (no spam). The number 1 country is the good 'ole USA. We're #1! We're #1!

  6. Re:Multicast theories by AndersOSU · · Score: 2, Insightful

    I wouldn't be surprised at all if the DOD had just such a tactic in place.

    I mean think about it, one of the things a party at war always tries to do is get the civilians of the opposite side reading "subversive" material. One of the first things we did with airplanes in war was pamphleting. We still attach pamphlets with aid drops. Would it be so strange to see the US send email to every Chinese address that looked like this? How about a flood of anti-communist text messages? Doesn't seem very far fetched to me.

  7. Re:Internet Death Sentence by 99BottlesOfBeerInMyF · · Score: 2, Insightful

    Frankly, because of stuff like this, we need to be prepared to use a variation of the old Internet Death Sentence. Hostile nations could be removed from the routing tables (i.e. we don't route traffic to or from them). With international cooperation attacks like this *could* be stopped dead in their tracks, with the side benefit that the offending nation would have a high priority desire to clean up the attacks.

    I don't think that stopping routing from a country would make much practical difference. There are millions of vulnerable and already compromised Windows boxes scattered across the world. You can rent time on them from a Web interface. A big part of the usefulness of DDoS attacks is it is easy to make it impossible to attach them to an individual or country since the actual traffic comes from all countries. Most of the compromised machines known to be attacking as part of a botnet are within the US.

  8. Re:Government-orchestrated and encouraged by antv · · Score: 2, Insightful

    Well, your big mistake is assuming this sort of thing is somehow centrally organized.
    Remember an incident with US spy plane and Chinese fighter jet ?
    It resulted into a hacking contest between US and China without any "official" guidance.

    In case of Estonia an asshole named Anders (Estonian leader - my sincerest apologies to all other assholes for the comparison) referred to buried WWII veterans as "marauders" on public TV, before trying to move the statue. Quite obviously, people got pissed off. Some teenagers wrote graffiti on the streets in Tallin, others threw eggs onto police cars. The more nerdy ones arranged DDOS attacks. Blaming this on Russian government is is kinda like like saying that Tony Blair is responsible for soccer fans fighting each other.

    The only real question here is why the hell Estonian government doesn't have a dedicated network outside of Internet.

    --
    Obama 2012: our incompetent asshole is slightly less of an incompetent asshole than the other incompetent asshole !