DoS Attacks on Estonia Were Launched by Student

As_I_Please alerts us to the fact that a 20-year-old Estonian student has been fined for participating in DoS attacks against various Estonian political and governmental websites last May. The situation was notable because it escalated tensions between Estonia and Russia when the latter was accused of initiating the 'cyber-attack'. Quoting: "The fact that a single student was able to trigger such events is particularly ominous when you consider just how many potential flashpoints exist between various countries all over the world. The DoS attack against Estonia is an excellent example of how a cyberattack carried out by a 20-year-old student in response to real-life events further exacerbated an existing problem between two nations."

In Soviet Estonia...

Computers launch students... into space like great hero cosmonauts!

Much worse article at News.com

[Whiney+Mac+Fanboy]

I read this article at news.com earlier & am now a little bit stupider. Check out this line:

The distributed denial of service (DDoS) attacks, which some security experts have alternatively called a flash mob or the first-ever cyberwar,

WTF? A DDOS is a flash mob?

Re:Much worse article at News.com

[ScrewMaster]

Sure ... when everybody on a crowded highway suddenly decide to get off at the same exit to go lynch somebody.

Re:Much worse article at News.com

[bladesjester]

I've always thought a flash mob would be interesting, but I would think the cops would be suspicious of a large group of people in trench coats suddenly starting to gather... :P

In other news...

it was found that the recent DoS attempt against arstechnica was launched by slashdot users everywhere

An exellent example... of what?

[gnud]

The DoS attack against Estonia is an excellent example of how a cyberattack carried out by a 20-year-old student in response to real-life events further exacerbated an existing problem between two nations.

Eh. How about the _only_ example?

Russia accused...

[unbug]

So on what basis did Estonia accuse Russia of staging those attacks? This story was picked up all over the world and nobody bothered to check if they actually had anything resembling a proof?

Re:Russia accused...

[tehbunneh]

Maybe if you would knew a bit of that situation you wouldn't say that. Because the one who got caught was also an ethnic Russian. Born in Estonia to Russian parents. And he said he got the idea from various blogs and forum posts which called people to attack Estonian servers. These blogs and forums were in Russian servers. Besides the IP addresses showed the majority of the attacks to be from Russia. The guy in Estonia was just easier to arrest.

Re:Russia accused...

[unbug]

Maybe if you would knew a bit of that situation you wouldn't say that. Because the one who got caught was also an ethnic Russian. Born in Estonia to Russian parents. Ah, I see. This, of course, proves beyond any doubt that he was a sleeper agent planted in Estonia by the KGB. Also, it is a well-known fact that every ethnic Russian is directly controlled by the Russian government anyway.

And he said he got the idea from various blogs and forum posts which called people to attack Estonian servers. These blogs and forums were in Russian servers. Right. It is safe to assume that this entirely non-obvious idea was planted on those blogs by Russian secret services. Only their weird minds could have conceived of something like that.

Besides the IP addresses showed the majority of the attacks to be from Russia. The guy in Estonia was just easier to arrest. I sincerely hope that the valiant Estonian government will ultimately manage to get them all. As a first step, I'd suggest arresting the Estonian prosecutors who are obviously just Russian puppets. Why else would they say that "they have no other suspects" and that "the attacks were botnet-driven and launched from servers all over the globe"?

Re:Russia accused...

I am an Estonian living in Tallinn so take this as you want.

Although there is no proof that it was a Kremlin sanctioned attack (see: Politkovskaya) there is little doubt here that it was. But the thing is that when we say it was the Russians who did it, we don't always mean the Kremlin. What we mean is the Russian people, the people who are a bit crazy in their interpretation of history saying that Estonia was "liberated" by the Russians and other nonsense. These are the people who rioted in April. These are the people who think Estonia should still be part of Russia and hate the idea of an independent Baltic State. These people are Russians. They are the Russians that conducted the cyber attacks and although a IP trace will not be able to distinguish a users nationality, are you seriously going to believe they where not Russians?

disclaimer: I don't hate Russians, just these people. In Estonia, we call them "tiblad". I love my Russian girlfriend and have a good time hanging out with my Russian friends.

Re:Russia accused...

[tehbunneh]

Maybe I could explain this with a Mass Effect analogy. Let's imagine that the Russian media is the Fox Network. Like the Fox Network it has its target demographic which in this case are the Russians, but in Estonia the ethnic Russians follow the Russian media to and almost (i said almost) exclusively. So when someone in Russian media makes a false statement (like the one made by the Fox Network against Mass Effect) the ethnic Russians are more likely to listen to that information. For instance, the protesting began because someone made a claim that Estonian authorities are trying to move the statue without proper ceremonies and they are doing it right now, which was completely false(the decision to move the statue quickly came later when the riots had already started). Now when the Russian media claims that this was the plan all along Russian people who felt that their national pride had been insulted took action, which didn't require any interference from the secret service or Kreml (but it doesn't rule their involvement out, especially in publishing the false information in the first place).

The idea was to distribute enough FUD for people to act, which was like the with the Mass Effect discussion. Even though this was for different reasons, and it is likely that the Fox Network made the false claims unknowingly and for the sake of having a news article.

If you still think that I need my tinfoil hat, then please tell me so.

Yes, I know, this analogy needs more cars.

Not Acting Alone

[mandelbr0t]

While they may not have found evidence of any other people involved, it's unlikely that a single person could establish a botnet large enough to overwhelm anything on his own. The only answer I can think of is education - botnets exist because the owners of the zombie PCs simply don't recognize that it's a zombie. There is certainly an overall lack of regulation, too. As a domain owner, I see lots of abusive traffic and have absolutely no legal recourse to punish a perpetrator. Responsible network owners often help, but there's so few networks that are responsible that I usually assume they're not, forcing me to do what little I can at my own site to prevent further abuse.

For the student's part, he was only fined (I couldn't find how much in TFA). Not much deterrent to prevent him from doing it again. No leverage to find out who he was working with. The lack of clear laws in any country makes prosecution of such actions impossible. As a domain owner, I'd like to see civilized countries show some direction toward making prosecution of such activities a reality. Until then, it's "you hack me, I hack you" which is completely counterproductive.

Re:Not Acting Alone

While they may not have found evidence of any other people involved, it's unlikely that a single person could establish a botnet large enough to overwhelm anything on his own.

I disagree. He wouldn't necessarily have to do anything to build a botnet himself, just have access to a C&C network built by someone else. He could gain access by renting the network, or even stumbling on an unprotected C&C server. There's a few out there, believe it or not. So yeah, other people may have created the botnet, but he still could have been acting alone when launching his attack.

Re:Not Acting Alone

[dissy]

You mean to tell me there is no way for a network admin to tell when a computer on their network is an infected botnet drone? I claim poppycock on that. Comcast and others for example detect BT networks enough to disrupt them why can't they do the same for the botnets? Oh, their isn't a threat of lawsuit in botnets....I see... I, and anyone familiar with the BT protocol, can describe how to detect the BT protocol.
Would you mind sharing with us the 'botnet' protocol?
I realize there is no botnet protocol, but actually hundreds (or thousands) of them, each different, for one type of botnet drone software. These also change, in that new ones are introduced, and old ones updated. I realize that, and hope you see it now too.

What exact type of traffic are you claiming can be detected?
The 10 or 20 packets sent once that went towards the DoS attack? You realize you made more http requests than that just to load the main slashdot page?

A few packets that look like any other coming from one machine, that after added with the traffic from the other millions of drones becomes signifigant.. I still fail to see how you claim these are detectable?
Concidering the only traffic a drone has to make can be hidden with the real network traffic of that computer, so that it is not possible to tell the difference between it and the computer users own actions.

There might be certain patterns right now that are detectable, but any of them would be trivial to hide if that was the botnet admins desire (which seems a logical one to assume, as a detected infection is less useful than an undetected one)

I'd be willing to bet that most likely your PC right now performs actions over the network that will make it appear to be part of a botnet. Checking a server at regular times (system and app updates) over an SSL connection, check. Sends out a few http requests now and then, check.
Yup, detection shows your a drone.

The War on Cyber-Warfare

[T-Bone_142]

Is it just me or have there been a lot of stories about "cyber wars", "cyber-attack"... lately (especially on slashdot). Is this going to become the next big thing, "The War on Cyber-Warfare" with new laws contently coming in place to help protect everyone from evil "hacker" teenagers bent on destroying the world, which no doubt will take away even more of the dwindling freedoms the american people still have left?

Obligatory Soviet Russia Jokes Thread

[Gazzonyx]

I hereby declare a single thread dedicated to "In Soviet Russia..." jokes; we might as well keep them all together, as there's too much material for them in this story. I'll kick it off.

In Soviet Russia, you attack Estonia!

What do you guys got?

Re:Obligatory Soviet Russia Jokes Thread

[tokul]

What do you guys got?

In Russia you always fight people that are not in your weight category.

In Russia you are the bully.

Estonia is not fighting Soviet Russia. It is fighting imperial ambitions of Russian Federation. These ambitions are continuously fueled in Russian media. How many jokes Russians have about conflicts with Georgia or Estonia? If you know Russian, find Zadornov new year's show for 2008. Russians occupied independent countries for more than half of century and expect people of those countries to like them.

Re:Obligatory Soviet Russia Jokes Thread

[amirulbahr]

In Soviet Russia denial services you!

Not the first time

[r_jensen11]

How was it that the United States got involved in Iraq, exactly?

Re:Not the first time

[schnikies79]

By Saddam Hussein invading Kuwait.

Say what you want. Thats where it all started.

Re:Not the first time

[ScentCone]

By Saddam Hussein invading Kuwait.

Say what you want. Thats where it all started.

I'm sorry, this is slashdot. Please keep the facts out it, would you? Next you're going to cite the fact that it was Bill Clinton's stated policy to see Saddam removed from power, too.

Re:Not the first time

If you're going to go that far back, just go back a little further when we got involved with entangling alliances in the region and meddling in the affairs of foreign governments. Had we not armed Saddam Hussein, for example, he might not have been strong enough to invade Kuwait. But we had to arm him, because the Shah of Iran, whom we propped up, got toppled by the Ayatollah who came to power by exploiting the dissatisfaction with the corruption of the US backed Shah, and we feared him spreading his power and influence.

People seldom dig deeper into events than is necessary to support their programmed partisan viewpoints.

Re:Not the first time

[ptbarnett]

Next you're going to cite the fact that it was Bill Clinton's stated policy to see Saddam removed from power, too.

Along with just about everyone else on both sides of the political aisle.

I've noticed that now there's a "study" about all the lies that the Bush administration told about Iraq, back when almost everyone else was apparently telling the same lies, or at least believing them.

There's an excerpt on Yahoo News of an interesting interview from "60 Minutes", with the guy that interrogated Saddam after he was captured. According to this interrogator, Saddam said he didn't believe that Bush would actually order the invasion -- he thought that there would be a few days of air strikes, and it would be over. Saddam survived it when Clinton tried that, and Saddam thought he could survive it again. And he admitted that's why he continued to let everyone believe that he had various weapons of mass destruction.

I always wondered why Saddam behaved like he had something to hide, when he really didn't. I guess he thought the WMD threat would discourage his enemies -- which included most of the Middle East, various Western democracies, and a large percentage of the people in his OWN country.

Re:Not the first time

[blirp]

I've noticed that now there's a "study" about all the lies that the Bush administration told about Iraq, back when almost everyone else was apparently telling the same lies, or at least believing them.

'Everybody'? I don't know what planet you where on back then, but most people in Europe didn't buy the theory of a link to Al-Qaeda. Most governments of Europe also wanted the weapons inspections to continue instead of invading.
Personally, I expected an invasion to become the quagmire the current Vice President of USA predicted. And I, along with a lot of people, expected it to only enrich certain oil companies. I even participated in a protest march for this.

M.

Re:Not the first time

[chthon]

I have a read an explanation over at The Strategy Page. For him, it was a bluffing to win at two fronts. Iraq and everything west of it is Arab, at the east you have Iran. Arabs live in fear of the Persians. This dates back more than three thousand year.

Having his war at the beginning of the eighties with Iran gained him much respect in the Arabic world, because he stood up to them. The bluff with the WMDs was in the same category, it was to scare off the Iranians and give confidence to the Arab world that he would stop them if they would move.

There's another, I think

[Gazzonyx]

What about that guy back in the 80s who got half an inch away from the Pentagon?

He was using a TR(A)S(H)-80 from Radio Shack, IIRC. Probably a 1200 baud modem (not even Hayes compatible!), 64K of RAM and a CLI... He was probably a Real Programmer. Sadly I was born in '84, so I don't really remember it happening.

Re:There's another, I think

[the_cowgod]

There was another kid in the 80s who used an IMSAI 8080 to break into the WOPR over at NORAD... It almost caused a global thermonuclear war.

Re:There's another, I think

[Gazzonyx]

Fortunately, the only winning move was not to play (tic-tac-toe!), and it all ended well!

In Estonia, students hack you!

[freaker_TuC]

in Estonia, students hack you!

flash mob

[M.+Baranczak]

Then, following a pre-agreed signal, they all simultaneously open their trench coats and show everybody a confusing web GUI full of rounded corners and running on top of a proprietary plug-in.

Headline *very* misleading!

[minimum]

Only one kid DDOS'ed goverment and news sites and created that mayhem? Right. So nobody bothers to mention that the student who was arrested had a Russian name - Dmitri Galushkevich ? Sure he may have the citizenship but he's not really Estonian. Just offspring of an immigrant. And he wasn't the only kid around here who helped to DDOS.

Re:Headline *very* misleading!

[Max_W]

Ah yes. National-socialism. A son of an immigrant is not a true citizen. Only particular ethnicity is honored in the National State.

Probably not.

[jd]

Before that, the USA was arming Iraq to fight Iran. Some time prior to that, Iraq went through numerous coups, a British invasion, two monarchies and a partridge in a pear tree. Prior to the pear tree, Iraq was owned by the British. Actually, two distinct regions (Basra and Baghdad) were owned by the British. To save on ink, when drawing maps, they called the group "Iraq". Before that was the Ottoman Empire, who - ultimately - can be blamed quite reasonably for most of the current blood-feuds in Europe and the Middle East. Before that were the Mongols, who can be blamed for just about everything else. Before that, the Islamic forces of Khalid ibn al-Walid decimated the area and took it out of Persian control, who in turn invaded before they even became Persians. Nothing like getting ahead of themselves! Some time before that, Alexander the Great made a royal mess of the area. Before that, there were endless wars between the Assyrians, the Akkadians, the Sumerians (who were largely obliterated), assorted other nomadic and semi-nomadic tribes, and whatever culture lived there first of which there is almost no trace left.

In other words, there is no meaningful "first", unless you want to go back around 10,000 years. Almost everything that happened after that point was in direct retribution to what had happened before. That's one reason it will take a lot of effort to calm the region down - ten thousand years is a long time to build up grdudges and resentments -- and don't think a single one of them has been forgotten.

Getting back to the main topic, just as an aside, this is why societies can't survive for very long on a diet of paranoia, fear and resentment. Sooner or later, you'll get people who hate each other less than they hate some imagined collective enemy, and the shit will hit the fan at a speed approaching mach 2. I'm surprised that this sort of thing doesn't happen more often - students get an even rawer deal than most, even at the best of times, naturally form into groups, and generally have significant combined intellect and skills. This is probably the worst group to infuriate and should really be the first group to focus on getting support from.

Re:Probably not.

[octal666]

Just one thing, Alexander the Great was after the Persians. And I think you forgot Babylon. But yeah, in essence, Iraq is the craddle of civilization, writting was discovered there and probably the first war that deserved that name was also fought there. What a place to invade!

You know what would be funny?

Someone should create a mockumentary where a couple of hackers destroy worldwide economy and bring about the end of civilized life. They should do so using only tools that any hacker would know to be completely inadequate to do the job. Use vim, show screenshots of obfuscated perl scripts (especially variants of "Hello, world!"), and explain the dangerous uses behind commands like `kill|killall`, `dos2unix` (= denial of service 2 US networks integrating x86), mogrify and crash (because they sound menacing), and of course `php` (preferred hacking protocol). Make the whole thing extremely serious, demand that governments do something to protect citizens against these vulnerabilities, and see how much chaos you can cause.

Just as I said

[saikou]

Just as I said when original discussion happened, Russian government was not responsible. Now, is Pentagon still ready to bomb cyberattackers? If yes, then next student with a grudge will finish off a country or two before we have a chance of intelligent machines or human-made bacteria to kill us all.

What A Crock

[Jane+Q.+Public]

Quote: "The fact that a single student was able to trigger such events is particularly ominous when you consider just how many potential flashpoints exist between various countries..."

What nonsense. If governments put important messages on such "secure" places as roadside billboards, for example, then they should expect "hacks" like moustaches drawn on them, etc.

Others are not to blame if the government is clueless. The fact that it was so easy to do is a great indication that the government was in fact clueless. If they want to put something important somewhere and keep it "secure", then they are responsible for taking at least minimal measures to make sure that it is, in fact, secure.

They are just looking for someone to blame for their own incompetence.

Re:Speaking of Soviet Estonia

[emilper]

doesn't seem to have ever moved beyond plotting and assassinations have any proof ? I mean proof, not allegations.

Re:The guy is Russian

[emilper]

Last time I checked, which was during the early '90s, getting Estonian citizenship depended on passing some sort of language test, and that despite the fact that there are Russians on the territory currently controlled by Estonia ever since the Swedes lost it to Russia 200 years ago.

"this 'proving they're loyal' crap" is exactly what is happening now: you raise up some hell, then have your subjects choose sides. There is no other way anybody can "prove" loyalty to anything. Unfortunately for the Estonians that speak Russian at home even if their family lived in what is now Estonia for 12 generations, and for those whose families lived there only for four generations, too, there is no human being on God's Earth that has only one set of loyalties, and by messing up with the monument for the army that pretty much prevented them from being exterminated as "untermensch" the Estonian government demands of them to renounce a part of their identity and choose sides. Only somebody who does not understand at all, or somebody who understands it perfectly, what did the WWII mean for any Russian (Veliko-, Malo- or Bielo-, or living in any other part of the Europe that was occupied by the Nazi), would mess with a symbol of their survival.

The Estonian government it very lucky indeed not to have faced French-style rioting and mass migration of Russians out of Estonia: that would shoot down the "Baltic tiger" sooner than the currency pegged to the Euro or the export oriented economy would. Right now, I guess Russia would be extremely grateful for an influx of skilled laborers that already speak Russian and have legitimate reasons to have a grudge against their previous homeland.

The historical background.

[CryptoEngineer]

The attacks occured in the aftermath of another Estonian/Russian diplomatic incident. A bit of history:

During WW2, Estonia was annexed by the Soviet Union under the Molotov-Ribbintrop pact, which carved up eastern Europe between Stalin and Hitler. Hitler later reneged, and invaded the area assigned to Stalin, taking over the Baltic States (Estonia, Lativa and Lithuania). The Russians later retook Eastern Europe, and re-occupied the Baltics. They didn't leave until the early 90s. Many Russians resettled in Estonia during the occupation, mostly taking lower level jobs - the standard of living has always been better there than in Russia. They now form about 1/3 of the population.

In central Tallinn (the capital of Estonia) the Soviets set up a war memorial to the Soviet 'liberators' who died driving out the Nazis. To the Estonians, however, the 'Bronze Soldier' just commemorated a second occupation - one that went on for nearly 50 years. In 2007 the now-independent Estonian government decided to move the statue to a Soviet military cemetary in the edge of town. The ethnic Russian Estonians objected, as did Russia, and Putin personally called it a desecration. There were riots, and even one death in Tallinn.

The statue was moved, and it was at this point that the cyberattack was launched.

The kid accused is a Russian Estonian. It remains unclear who ordered the attack - Putin's gang could easily have provoked otherwise uninvolved hackers in the Russian diaspora to act.

The attack certainly served Russia's interests at the time, punishing a tiny, resented upstart for daring to act with sovereignty. That there is plausible deniability doesnt clear Putin and his ex-KGB cronies.