Slashdot Mirror

← Back to Stories (view on slashdot.org)

Expert Dissects Estonian Cyber-War

Posted by Soulskill on from the political-tube-cloggers dept.

Stony Stevenson points out an iTnews summary of a security researcher's account of the cyber-attacks on Estonia last year. The full report [PDF] is also available. We've discussed this internet-based conflict in the past. From the report: "In the days leading up to the attack, numerous clues pointed to a large-scale operation that was being planned online. Russian-language Internet discussion forums were abuzz with preparations for an online attack. Three days before the expected onslaught, Estonia planned to release the news of the coming strike in hopes that European media attention would oblige the EU to pressure the Kremlin to intervene, whether or not the attacks emanated from the Russian authorities."

15 of 172 comments (clear)

  1. Yes, yes, and... by jd · · Score: 4, Insightful
    What are nations going to do about it? Many networks are spanning-tree, not mesh, and far too many countries have far too few cross-border gateways that are independent. The cyberattack could have been shut down within 5-10 seconds, with minimal loss of connectivity, if the network had been designed correctly. DDoS attacks aren't limited to governments - the DoS attacks that led to changes in TCP/IP to limit/block such attacks were the effort of some cybercriminal-wannabe, and that was mid 90s. Today, we have inline proactive intrusion detection systems, congestion blocking for UDP and unresponsive flows, routing algorithms that eliminate single points of failure, and the such. What excuse does anyone have, today, for being vulnerable to this? People are vaccinated against common deadly diseases, networks are (or should be) innoculated against common (and potentially deadly) cyberattacks.

    Estonia I can almost forgive, as they're relatively poor and didn't have much time to go from Soviet-era attitudes to something saner. They should still have done more. What bothers me much more is that the scorecards for US departments make it clear that the US is even less prepared for a cyberwar than even Balkan castoffs.

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
    1. Re:Yes, yes, and... by antirelic · · Score: 5, Insightful

      Ah yes, mark it up as it calls out the US for being less prepared than a post cold war soviet satellite when this is in fact, completely incorrect. The US government uses networks completely disconnected from the internet to conduct its real business, as posted repeatedly on slashdot. The fact that people still believe that US governments public websites and points of presence are anything more than public relations has not been keeping pace. But go ahead, mod "insightful" and "interesting" because the post makes a "jab" at the US.

      For the rest of the world who isnt so spun up in anti-US fervor to see what the real problem is.... Vladamirs Putins political party is heavily involved in supporting "youth" organizations which can act for the state, without the state getting any stains on its hands. This may be one of those instances of ultra-nationalists, who have been backed by the state, who act "independently" for the interests of the home nation. While it is irresponsible of the Russian government to allow this type of activity to go on, it is certainly not against their best interests.

      --
      20th century Marxism is not progress...
    2. Re:Yes, yes, and... by Anonymous Coward · · Score: 4, Insightful

      You mean the NIPRNet and SIPRNet? Those are for the Department of Defense.

      As for the regular US government, almost all of their work involves the Internet. Losing access to email and the web would cripple the US government. Including the Department of Defense, since while all classified information goes over the aforementioned secure networks, a lot of the actual work occurs over the regular Internet since it's easier to actually use. Sure, the soldiers in the field would be able to continue dieing for a vague war on terror without the Internet, but the generals and civilian leadership back in the US would be unable to do anything except send email to soldiers.

      And, of course, everything that isn't related to killing people runs over the regular Internet and would be crippled.

    3. Re:Yes, yes, and... by emilper · · Score: 3, Insightful

      While it is irresponsible of the Russian government to allow this type of activity to go on, it is certainly not against their best interests.

      well, if the high-tech and web savvy Estonians were not able to block the attacks, or, according to the pdf report, even accurately pinpoint the origin of the attack, how could Putin's government do that, except by cutting Russia off the internet or implementing over night a clone of the Chinese FireWall?

      How about some Russians being angry about the whole monument business, and some wise guys taking advantage of that anger to help foster a "nation under siege" and do some nation-building at home ? The government of Russia itself is not innocent of this kind of tactics, proof being the last spate of "patriotic" movies, or the "Brat" series, all of them quite nauseously xenophobic ...

      If the argument used is: the Russians were responsible because the attacks came from Russia, how about dropping all packets arriving from the network blocks assigned to Russia? Not the ideal situation, but at least it will allow your citizen use their online banking accounts or pay their taxes. Or maybe not all attacks originated from Russia, in which case you don't really know who did it.

      How would it be in the interest of the Russian government to appear to the world as a bully? If they wanted to harm any of the Baltic states they could have arranged an "accident" on the pipes that supply them with gas ... They did not hesitate to cut the gas supply of Ukraine, with whom they have much closer and friendly ties.

      This whole Russia-bashing is quite annoying. First, the cold war ended 18 years ago, and hands were shaken, cheeks were kissed, TV shows with USA and SU children holding hands were aired, promises were made that it's a peace without winners or losers, Russia let everybody go their way without much opposition and I personally saw Moskva 1 TV channel (was able to watch it because I lived just across the SU border at that time) arranging to show hot female teens saying stuff that would be unimaginable in USA or any nice Western European country, namely "For me Russia means those that want to stay".

      Second, the cold war did not end because the economy of SU was in collapse or anything like this, the way those political analysts, who in 1989 were predicting the survival of the SU for the next 100 years and inventing terms such as "otomanization", are now clamoring. SU economy was in quite a poor shape, but that was the shape the SU economy was ever since 1917. The collapse began about 1991-1992, when a economy that previously functioned as a single company suddenly was split into a myriad of smaller companies that used to function under central command with their resources directed by the central planning offices and calculated to the milligram, and now did not have the staff, the know-how and the resource buffer to compete against each other. The cold war ended because the Brejnevites and the other leaders of the party wanted to legalize their privileged status, and this happened not only in SU, but in all of the Eastern Europe: just take the Top 500 list of "captains of industry" from any country you like and tabulate it against former "Foreign Trade" officials, local party leaders, diplomats etc. The match would not be perfect, fortunately, but you'll be surprised how many positives you'll find, and how few of the former members of the state apparatus in the Communist governments were left outside. If anybody still imagines that a handful of dissidents that in July 1989 were in prison or home arrest managed to topple the Communist regimes, that person is rather naive, since s/he believes that a state apparatus with complete control over the life of its citizen managed fell to the anger of the righteous.

      Third, what happens right now is that Russia is pushed towards a "Weimar" scenario, with native entrepreneurs of violence doi

    4. Re:Yes, yes, and... by Cyberax · · Score: 4, Insightful

      I know several people who participated in the attack - I'm not connected to hacker underground but they are. They say that almost all people they know that participated in this attack also dislike Putin and his regime.

      It doesn't take an 'ultranationalist' in Russia to protest against the destruction of war memorials - Russia lost 30 million people in WWII (that's about 50 times more than USA lost in WWII).

      Personally, I see this as an evidence of how easy is to wage electronic 'guerrilla warfare'.

    5. Re:Yes, yes, and... by niiler · · Score: 4, Insightful

      The war memorial was moved to a Russian cemetery, not destroyed. This was far more appropriate considering that most Estonians felt that Stalin was FAR worse than Hitler. Sheesh, 10% of the Estonian adult population was deported to gulags and death camps by the Russians. Under the Nazis, if you weren't Roma, gay, or Jewish, you were OK. [I'm not saying that the Nazis were nice folks. On the contrary, they were horrid too.]

      So the bear rescued the rabbit from the falcon, the bear still tried eating the rabbit. It's either disingenuous or ignorant to claim that the rabbit ought to be thanking the bear.

    6. Re:Yes, yes, and... by bob.appleyard · · Score: 4, Insightful

      In the US, it was all about "mercury based preservatives" causing untold woe and suffering.

      In the UK, it was all "oh it'll give you autism."

      Both claims were basically specious, and they were both cut from the same cloth -- luddism. There is, and has been since pretty much their inception, a staunch group of idiots that want to do away with vaccines, God only knows why.

      I'm beyond cynical when it comes to the behaviour of pharmaceutical companies ("social anxiety," anyone?), but you're basically invoking a conspiracy theory in an attempt to discredit epidemiology. If you're going to attack a fundamentally sound discipline, you're going to have to do better than misunderstandings of chemistry and "oh, that nasty Big Pharma wants to kill you" rhetoric.

      --
      How dare you be so modest!! You conceited bastard!!
    7. Re:Yes, yes, and... by capologist · · Score: 2, Insightful

      the Russian government was hghly sympathetic to Nazi aims. Wasn't it a Nazi aim to wipe out Communism? Didn't they see Communism as a giant Jewish conspiracy that posed a great threat to the Aryan race?
    8. Re:Yes, yes, and... by shutdown+-p+now · · Score: 2, Insightful

      It doesn't take an 'ultranationalist' in Russia to protest against the destruction of war memorials
      It does take a rather brainwashed person to see all the lies about "destruction" on the state-owned TV and believe it without double-checking. Russian TV channels were feeding not only propaganda, but outright lies, even showing a picture of the statue's feet standing on the pedestal, the rest apparently torn off (the pic was later found out to be photoshopped). Meanwhile, everyone who had been tracking the events on the Net - and not just RuNet (which is also overwhemingly jingoistic) but elsewhere, knew what was actually going on. Some people were still offended even by the move, of course, but I doubt this would be strong enough reason for such "protests".
  2. I was close to participation by RCL · · Score: 3, Insightful

    I remember how I was also enraged upon hearing about Estonian plans and yes, I wanted to join the resistance (or "cyber-war" as they called it immediately in the West). But a bit later when emotions calmed down I changed my mind, because it all was immature and not that effective anyway (and yes, reading about the events from Estonian POV helped me to get calm, too).

    Let God/History/Nature/whatever be the judge for Estonians, not me. If they prefer Nazis over Soviets, so be it. They made their choice.

    --
    Coding etudes
    1. Re:I was close to participation by shutdown+-p+now · · Score: 2, Insightful
      Ethnic Russians who have consistently supported the Estonian independence in Soviet time (before it was actually declared) have all received Estonian citizenship according to the new laws regardless of language knowledge. The rest were either apathetic or outright wanted Estonia to remain in the USSR (essentially, to remain occupied). Why does the new state owe anything, much less citizenship, to the latter two categories?

      It's ironic, really... we hear a lot about how Russians are oppressed in Estonia, and the talking heads in TV often liken it to the Nazis. Yet very few Russians actually bother to leave Estonia for Russia - apparently they are still better off there, even as non-citizens...

    2. Re:I was close to participation by frn123 · · Score: 2, Insightful

      Just a bit of clarification:
      There really is NO promoting Nazi organizations or siding with Nazi in Estonia. Can i ask from where does this false information come from?

      Also the bogus premise of "speaking language x well enough to get citizenship" is needed in the vast majority of European countries (correct me if i'm wrong).

    3. Re:I was close to participation by shiznatix · · Score: 5, Insightful

      If they prefer Nazis over Soviets, so be it. They made their choice.
      Holy shit! You obviously don't understand anything. Nobody liberated Estonia, ever, except for the Estonians themselves linky and linky 2 (granted we got a bit of help from our neighbors). We (I am an Estonian) do NOT prefer Nazis. We just hate both Soviets and Nazis. If there was some crazy Nazi war memorial at the same place it would have been removed as well.

      Also, how in the world is removing a Soviet statue saying "I love Nazis"? Every single year the Russians would gather at the memorial during VE day and get wasted and wave the Soviet flag around. Naturally the Estonians would come by with signs like "During the occupation X amount of people were deported" and whatnot. Then a fight would break out and the cops would have to come stop a small scale riot from breaking out because someone told these idiots the truth. To stop this from escalating we moved the monument. We did not destroy it, we did not desecrate the bodies, we did not cut the statue into pieces as the Durma said, we moved it with full respect for the dead.

      Saying we prefer Nazis is strange. My own family was killed by the Nazis and my grandfather deported to Germany to work in a forced labor camp till the war ended and the guards just disapeard one day. I hate Nazis. I have about 1 or 2 living relatives left in Estonia because of that. But that does not make me a Soviet lover. You don't have to pick a side here, you can hate both.

      Yes, we made our choice. We chose freedom and thats what we have. Don't like it, comrade? Tough.
  3. Re:Defcon Talk was better by DetrimentalFiend · · Score: 3, Insightful

    I'm 5 minutes into the talk and he still hasn't said anything even close to interesting but has made a complete ass of himself. I didn't RTFA, but it must be pretty bad if this is "much better".

  4. What did they expect? by Alex+Belits · · Score: 2, Insightful

    A government of a tiny country, that has no achievements other than supporting relatively comfortable life for its microscopic population on subsidies and investments, and acting as US agent in EU (aka member of "New Europe"), imagines itself important and invulnerable, and pisses off hundreds of millions of people.

    An extremely small minority of the pissed off hundreds of millions performs otherwise meaningless juvenile prank, that multiplied by the number of participants causes visible problems.

    What the Hell did Estonian government expect? That the strength of their self-righteousness, or their American overlords, will protect them?

    Learn some international politics beyond "do what sugar daddy says, and everything will be fine".

    --
    Contrary to the popular belief, there indeed is no God.