Slashdot Mirror

← Back to Stories (view on slashdot.org)

Expert Dissects Estonian Cyber-War

Posted by Soulskill on from the political-tube-cloggers dept.

Stony Stevenson points out an iTnews summary of a security researcher's account of the cyber-attacks on Estonia last year. The full report [PDF] is also available. We've discussed this internet-based conflict in the past. From the report: "In the days leading up to the attack, numerous clues pointed to a large-scale operation that was being planned online. Russian-language Internet discussion forums were abuzz with preparations for an online attack. Three days before the expected onslaught, Estonia planned to release the news of the coming strike in hopes that European media attention would oblige the EU to pressure the Kremlin to intervene, whether or not the attacks emanated from the Russian authorities."

35 of 172 comments (clear)

  1. Estonia planned to release the news by LameAssTheMity · · Score: 2, Funny

    And the mass media scores big again!

  2. Defcon Talk was better by yamamushi · · Score: 3, Informative

    This talk at Defcon 15 was much better: http://video.google.com/videoplay?docid=-5362349666961901582

    --
    - Aetheral Research -
    1. Re:Defcon Talk was better by DetrimentalFiend · · Score: 3, Insightful

      I'm 5 minutes into the talk and he still hasn't said anything even close to interesting but has made a complete ass of himself. I didn't RTFA, but it must be pretty bad if this is "much better".

  3. Yes, yes, and... by jd · · Score: 4, Insightful
    What are nations going to do about it? Many networks are spanning-tree, not mesh, and far too many countries have far too few cross-border gateways that are independent. The cyberattack could have been shut down within 5-10 seconds, with minimal loss of connectivity, if the network had been designed correctly. DDoS attacks aren't limited to governments - the DoS attacks that led to changes in TCP/IP to limit/block such attacks were the effort of some cybercriminal-wannabe, and that was mid 90s. Today, we have inline proactive intrusion detection systems, congestion blocking for UDP and unresponsive flows, routing algorithms that eliminate single points of failure, and the such. What excuse does anyone have, today, for being vulnerable to this? People are vaccinated against common deadly diseases, networks are (or should be) innoculated against common (and potentially deadly) cyberattacks.

    Estonia I can almost forgive, as they're relatively poor and didn't have much time to go from Soviet-era attitudes to something saner. They should still have done more. What bothers me much more is that the scorecards for US departments make it clear that the US is even less prepared for a cyberwar than even Balkan castoffs.

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
    1. Re:Yes, yes, and... by antirelic · · Score: 5, Insightful

      Ah yes, mark it up as it calls out the US for being less prepared than a post cold war soviet satellite when this is in fact, completely incorrect. The US government uses networks completely disconnected from the internet to conduct its real business, as posted repeatedly on slashdot. The fact that people still believe that US governments public websites and points of presence are anything more than public relations has not been keeping pace. But go ahead, mod "insightful" and "interesting" because the post makes a "jab" at the US.

      For the rest of the world who isnt so spun up in anti-US fervor to see what the real problem is.... Vladamirs Putins political party is heavily involved in supporting "youth" organizations which can act for the state, without the state getting any stains on its hands. This may be one of those instances of ultra-nationalists, who have been backed by the state, who act "independently" for the interests of the home nation. While it is irresponsible of the Russian government to allow this type of activity to go on, it is certainly not against their best interests.

      --
      20th century Marxism is not progress...
    2. Re:Yes, yes, and... by Anonymous Coward · · Score: 4, Insightful

      You mean the NIPRNet and SIPRNet? Those are for the Department of Defense.

      As for the regular US government, almost all of their work involves the Internet. Losing access to email and the web would cripple the US government. Including the Department of Defense, since while all classified information goes over the aforementioned secure networks, a lot of the actual work occurs over the regular Internet since it's easier to actually use. Sure, the soldiers in the field would be able to continue dieing for a vague war on terror without the Internet, but the generals and civilian leadership back in the US would be unable to do anything except send email to soldiers.

      And, of course, everything that isn't related to killing people runs over the regular Internet and would be crippled.

    3. Re:Yes, yes, and... by Cassius+Corodes · · Score: 3, Informative

      Baltic, not Balkan champ.

      --
      Control is an illusion, order our comforting lie. From chaos, through chaos, into chaos we fly
    4. Re:Yes, yes, and... by polymeris · · Score: 2, Informative

      Estonia I can almost forgive, as they're relatively poor and didn't have much time to go from Soviet-era attitudes to something saner. They should still have done more.

      Estonia is doing some interesting things online. They seem to have progressed from that Soviet era attitude you mention.

    5. Re:Yes, yes, and... by emilper · · Score: 3, Insightful

      While it is irresponsible of the Russian government to allow this type of activity to go on, it is certainly not against their best interests.

      well, if the high-tech and web savvy Estonians were not able to block the attacks, or, according to the pdf report, even accurately pinpoint the origin of the attack, how could Putin's government do that, except by cutting Russia off the internet or implementing over night a clone of the Chinese FireWall?

      How about some Russians being angry about the whole monument business, and some wise guys taking advantage of that anger to help foster a "nation under siege" and do some nation-building at home ? The government of Russia itself is not innocent of this kind of tactics, proof being the last spate of "patriotic" movies, or the "Brat" series, all of them quite nauseously xenophobic ...

      If the argument used is: the Russians were responsible because the attacks came from Russia, how about dropping all packets arriving from the network blocks assigned to Russia? Not the ideal situation, but at least it will allow your citizen use their online banking accounts or pay their taxes. Or maybe not all attacks originated from Russia, in which case you don't really know who did it.

      How would it be in the interest of the Russian government to appear to the world as a bully? If they wanted to harm any of the Baltic states they could have arranged an "accident" on the pipes that supply them with gas ... They did not hesitate to cut the gas supply of Ukraine, with whom they have much closer and friendly ties.

      This whole Russia-bashing is quite annoying. First, the cold war ended 18 years ago, and hands were shaken, cheeks were kissed, TV shows with USA and SU children holding hands were aired, promises were made that it's a peace without winners or losers, Russia let everybody go their way without much opposition and I personally saw Moskva 1 TV channel (was able to watch it because I lived just across the SU border at that time) arranging to show hot female teens saying stuff that would be unimaginable in USA or any nice Western European country, namely "For me Russia means those that want to stay".

      Second, the cold war did not end because the economy of SU was in collapse or anything like this, the way those political analysts, who in 1989 were predicting the survival of the SU for the next 100 years and inventing terms such as "otomanization", are now clamoring. SU economy was in quite a poor shape, but that was the shape the SU economy was ever since 1917. The collapse began about 1991-1992, when a economy that previously functioned as a single company suddenly was split into a myriad of smaller companies that used to function under central command with their resources directed by the central planning offices and calculated to the milligram, and now did not have the staff, the know-how and the resource buffer to compete against each other. The cold war ended because the Brejnevites and the other leaders of the party wanted to legalize their privileged status, and this happened not only in SU, but in all of the Eastern Europe: just take the Top 500 list of "captains of industry" from any country you like and tabulate it against former "Foreign Trade" officials, local party leaders, diplomats etc. The match would not be perfect, fortunately, but you'll be surprised how many positives you'll find, and how few of the former members of the state apparatus in the Communist governments were left outside. If anybody still imagines that a handful of dissidents that in July 1989 were in prison or home arrest managed to topple the Communist regimes, that person is rather naive, since s/he believes that a state apparatus with complete control over the life of its citizen managed fell to the anger of the righteous.

      Third, what happens right now is that Russia is pushed towards a "Weimar" scenario, with native entrepreneurs of violence doi

    6. Re:Yes, yes, and... by Cyberax · · Score: 4, Insightful

      I know several people who participated in the attack - I'm not connected to hacker underground but they are. They say that almost all people they know that participated in this attack also dislike Putin and his regime.

      It doesn't take an 'ultranationalist' in Russia to protest against the destruction of war memorials - Russia lost 30 million people in WWII (that's about 50 times more than USA lost in WWII).

      Personally, I see this as an evidence of how easy is to wage electronic 'guerrilla warfare'.

    7. Re:Yes, yes, and... by Pedrito · · Score: 5, Informative

      Estonia I can almost forgive, as they're relatively poor and didn't have much time to go from Soviet-era attitudes to something saner. They should still have done more. What bothers me much more is that the scorecards for US departments make it clear that the US is even less prepared for a cyberwar than even Balkan castoffs.

      Actually, Estonia isn't very poor. They're a member of the E.U. They're the wealthiest of the Baltic States and their market economy has "one of the highest per capita income levels of Central Europe" (CIA World Factbook). Their unemployment is comparable to the U.S., at just 5.2%. They're actually quite modern. Most of their population files tax returns online. Does that sound like a poverty-struck backwards nation to you?

      There's nothing very Soviet about them, really. They speak their own language, Estonian, which is quite similar to Finnish. Estonia and Finland have very close ties, culturally and financially.

      You're clearly thinking of some other Estonia.

    8. Re:Yes, yes, and... by niiler · · Score: 4, Insightful

      The war memorial was moved to a Russian cemetery, not destroyed. This was far more appropriate considering that most Estonians felt that Stalin was FAR worse than Hitler. Sheesh, 10% of the Estonian adult population was deported to gulags and death camps by the Russians. Under the Nazis, if you weren't Roma, gay, or Jewish, you were OK. [I'm not saying that the Nazis were nice folks. On the contrary, they were horrid too.]

      So the bear rescued the rabbit from the falcon, the bear still tried eating the rabbit. It's either disingenuous or ignorant to claim that the rabbit ought to be thanking the bear.

    9. Re:Yes, yes, and... by Chabil+Ha' · · Score: 2, Informative

      DoE uses those networks as well. I did an internship with a DoE contractor and as part of my gig, created an internal informational site for the government contractors there consisting mostly of stuff pulled off of Wikipedia and other public sources to 'create awareness'. Fact of the matter is, the same 'tubes' used as the infrastructure for the public side and SIPRNet arethe same, just that everything is heavily encrypted.

      --
      We're all hypocrites. We all have hidden parts, it's the contrast between them that make us more a hypocrite than others
    10. Re:Yes, yes, and... by bob.appleyard · · Score: 4, Insightful

      In the US, it was all about "mercury based preservatives" causing untold woe and suffering.

      In the UK, it was all "oh it'll give you autism."

      Both claims were basically specious, and they were both cut from the same cloth -- luddism. There is, and has been since pretty much their inception, a staunch group of idiots that want to do away with vaccines, God only knows why.

      I'm beyond cynical when it comes to the behaviour of pharmaceutical companies ("social anxiety," anyone?), but you're basically invoking a conspiracy theory in an attempt to discredit epidemiology. If you're going to attack a fundamentally sound discipline, you're going to have to do better than misunderstandings of chemistry and "oh, that nasty Big Pharma wants to kill you" rhetoric.

      --
      How dare you be so modest!! You conceited bastard!!
    11. Re:Yes, yes, and... by Mesa+MIke · · Score: 3, Funny

      > You're clearly thinking of some other Estonia.

      He must've been thinking of Elbonia.

    12. Re:Yes, yes, and... by iminplaya · · Score: 3, Funny

      ..."oh, that nasty Big Pharma wants to kill you" rhetoric.

      Well chaaa... dead people make lousy customers. Sick people on the other hand...

      --
      What?
    13. Re:Yes, yes, and... by shutdown+-p+now · · Score: 3, Interesting

      For the rest of the world who isnt so spun up in anti-US fervor to see what the real problem is.... Vladamirs Putins political party is heavily involved in supporting "youth" organizations which can act for the state, without the state getting any stains on its hands.
      You're not keeping up with the news. The "youth organizations" had one sole purpose - their members were supposed to clash on the streets with opposition supporters after the elections, if their results would be disputed so much that the people would go out to the streets (as it happened in Ukraine and Georgia earlier). Now that elections are past (and were relatively quiet), Kremlin has little use for all the skinheads they've hired, so most "youth orgs" have been basically told to go screw themselves.

      Oh, and you really do not need any sort of government backing to mount a pretty massive cyber-attack on Estonia here. Most Russians hate the Baltic countries (thanks to all the Russian TV propaganda about suppressing the Russian minority and glorious marches of SS veterans that happen there), there are plenty of semi-serious jokes about "our tanks in Riga (/Vilnius/Tallinn)" etc. All that was needed was a spark, and the events in Estonia gave it. I would be surprised if the "youth org" members didn't heavily participate (for one, because they are strongly brainwashed), or that there was tacit government support for that. But it's hardly organized by the Russian state as a whole.

    14. Re:Yes, yes, and... by shutdown+-p+now · · Score: 2, Interesting

      This whole Russia-bashing is quite annoying. First, the cold war ended 18 years ago, and hands were shaken, cheeks were kissed, TV shows with USA and SU children holding hands were aired, promises were made that it's a peace without winners or losers, Russia let everybody go their way without much opposition and I personally saw Moskva 1 TV channel (was able to watch it because I lived just across the SU border at that time) arranging to show hot female teens saying stuff that would be unimaginable in USA or any nice Western European country, namely "For me Russia means those that want to stay".
      The cold war ended 18 years ago, indeed. A second one began in 2000, with the change of power.

      If anybody still imagines that a handful of dissidents that in July 1989 were in prison or home arrest managed to topple the Communist regimes, that person is rather naive, since s/he believes that a state apparatus with complete control over the life of its citizen managed fell to the anger of the righteous.
      By the time the USSR has collapsed, it didn't have "complete control over the life of its citizens" for a looong time. It started in Brezhnev's time already, Gorbachev and his ilk just sped up the process by giving up the reins completely.

      In 2001 Putin himself was hinting about Russia getting into NATO
      Russia has never, ever, seriously considered joining NATO, even during the more Western-friendly Yeltsin times. "Hinting" is a stretch, and well, Belarus' Lukashenko also "hints" things like that sometimes - usually when he wants something from his friend Putin, and doesn't get it as quickly as he likes. It's hard to take these things seriously.
    15. Re:Yes, yes, and... by capologist · · Score: 2, Insightful

      the Russian government was hghly sympathetic to Nazi aims. Wasn't it a Nazi aim to wipe out Communism? Didn't they see Communism as a giant Jewish conspiracy that posed a great threat to the Aryan race?
    16. Re:Yes, yes, and... by shutdown+-p+now · · Score: 2, Insightful

      It doesn't take an 'ultranationalist' in Russia to protest against the destruction of war memorials
      It does take a rather brainwashed person to see all the lies about "destruction" on the state-owned TV and believe it without double-checking. Russian TV channels were feeding not only propaganda, but outright lies, even showing a picture of the statue's feet standing on the pedestal, the rest apparently torn off (the pic was later found out to be photoshopped). Meanwhile, everyone who had been tracking the events on the Net - and not just RuNet (which is also overwhemingly jingoistic) but elsewhere, knew what was actually going on. Some people were still offended even by the move, of course, but I doubt this would be strong enough reason for such "protests".
    17. Re:Yes, yes, and... by capologist · · Score: 4, Informative

      Hitler was very open about his attitude toward Communism long before Operation Barbarossa. He wrote about it in Mein Kampf.

  4. Expert? by lambent · · Score: 4, Informative

    I'm sorry, but ... wait, no I'm not.

    Gadi Evron, while undeniably prolific, is questionably informed. Take what he has to say with a grain of salt, and don't for a second believe there's anything more involved here than using well-known industry best-practices for evaluating vulnerable infrastructure and dealing with this type of traffic.

    We now return to your regularly scheduled cross-post flame-fest between nanog and full-disclosure.

  5. Too bad. by cdrguru · · Score: 5, Interesting

    The Internet as it stands today is a consequences-free zone. Nations can't "do" anything about such attacks because there are no effective ways to conclusively track them back to individuals or even organizations. Even if there was, how much is some official going to do in China when handed a report of some kind of attack against some other country's computers?

    As continuously pointed out, an IP address does not identify an individual. Today, with today's laws, unless you leave clear tracks to other forms of identification just having an IP address does not connect a deed with an individual. You can threaten, harass, and, yes, DDoS, with impunity. I don't see this changing anytime soon.

    This pretty much means that any real online presence lives or dies by how much they draw attention to themselves and how motivated the attackers are. Estonia sounds like they were particularly vulnerable with little in the way of offline backup for basic services. This is not true in the US today, but it could easily be that way tomorrow. Could a group of disgruntled folks cripple government services in the US? Maybe. Given the current climate with laws, enforcement and international cooperation, there is no way that anyone outside the US would ever be prosecuted unless they bragged about what they did.

    1. Re:Too bad. by icebike · · Score: 4, Informative

      No, you can't rely on that.

      IPs can be faked, and trying to track down a specific IP across uncooperative ISPs and political borders is a fools errand.

      --
      Sig Battery depleted. Reverting to safe mode.
  6. I was close to participation by RCL · · Score: 3, Insightful

    I remember how I was also enraged upon hearing about Estonian plans and yes, I wanted to join the resistance (or "cyber-war" as they called it immediately in the West). But a bit later when emotions calmed down I changed my mind, because it all was immature and not that effective anyway (and yes, reading about the events from Estonian POV helped me to get calm, too).

    Let God/History/Nature/whatever be the judge for Estonians, not me. If they prefer Nazis over Soviets, so be it. They made their choice.

    --
    Coding etudes
    1. Re:I was close to participation by Darinbob · · Score: 3, Interesting

      I never really understand when someone gets enraged when a different country does something considered an insult by another. These aren't personal insults. They're insults to a government, often a past government. Ie, US "patriots" foaming at the mouth when France won't be a lap dog, or someplace objects to expanding military bases, etc. It makes no sense.

      For Estonia, it's their country, they can do whatever they want with some statue that they never asked for. If moving the statue means anything to the Russians, it should have meant some sort of introspection about why they're not seen as the glorious savior of eastern europe. Why the anger? I honestly don't understand it, except that most people growing up in the Soviet Union were fed propaganda and haven't learned to see things from other viewpoints.

      Such as the viewpoint that this statue was never seen as a "war memorial" to the ethnic Estonians, but was a symbol of occupation and Russification, and had become a flash point for conflicts. If anyone was insulted, it was the Soviet occupation. Do modern Russians still fondly love the Stalinist era? Should Germans become enranged if someone tears down a memorial put up by Nazis? Do Russians still honestly believe Estonia is fascist, that they loved the Nazis? Given a choice between Stalinist brutality and Nazi brutality, why are Russians still pissed off that they weren't the first choice?

      And yes, I am equating Stalinist excesses to Nazi excesses. I don't believe praising the lesser of two evils.

    2. Re:I was close to participation by Darinbob · · Score: 2, Interesting

      There are Russians (ethnic Russians, not Russian Federation citizens) in Estonia, True. The vast majority of ethnic Russians in Estonia though immigrated during the Soviet era, as part of russification and build up of industrialization. Should Estonia be allowed to try and restore a national identity and choose it's own national language?

      So far the best excuse for siding with Nazi the Estonian nationalists presented was along the lines "but Nazi did not kill ethnic Estonians, so they are alright for us". Nazis did kill ethnic Estonians. But the Soviets killed far more. Estonians welcomed the Nazis as liberators because they had been recently forcibly annexed into the USSR and were being repressed. This in no way means they approved of fascism on the whole (though in every nation at the time there were some who did like fascism). Many Estonians, unwilling to side with the Nazis, enlisted in the Finnish army.

      It was only after the war that the Nazis gained the association of being the ultimate evil of all time. The horrors of the holocaust were not very well known at the time, and rumors of it were often dismissed as exaggeration. At the time of the war, the conflict was probably viewed as yet another chapter in an age old tug of war between super powers in Europe.

      There are countries all over Europe who were occupied by the Nazis and who had some population willingly side with the Nazis. Are modern Russians all angry with them also? What are the feelings about Finland, which had a war against the USSR with Nazi support?
    3. Re:I was close to participation by shutdown+-p+now · · Score: 2, Insightful
      Ethnic Russians who have consistently supported the Estonian independence in Soviet time (before it was actually declared) have all received Estonian citizenship according to the new laws regardless of language knowledge. The rest were either apathetic or outright wanted Estonia to remain in the USSR (essentially, to remain occupied). Why does the new state owe anything, much less citizenship, to the latter two categories?

      It's ironic, really... we hear a lot about how Russians are oppressed in Estonia, and the talking heads in TV often liken it to the Nazis. Yet very few Russians actually bother to leave Estonia for Russia - apparently they are still better off there, even as non-citizens...

    4. Re:I was close to participation by frn123 · · Score: 2, Insightful

      Just a bit of clarification:
      There really is NO promoting Nazi organizations or siding with Nazi in Estonia. Can i ask from where does this false information come from?

      Also the bogus premise of "speaking language x well enough to get citizenship" is needed in the vast majority of European countries (correct me if i'm wrong).

    5. Re:I was close to participation by shiznatix · · Score: 5, Insightful

      If they prefer Nazis over Soviets, so be it. They made their choice.
      Holy shit! You obviously don't understand anything. Nobody liberated Estonia, ever, except for the Estonians themselves linky and linky 2 (granted we got a bit of help from our neighbors). We (I am an Estonian) do NOT prefer Nazis. We just hate both Soviets and Nazis. If there was some crazy Nazi war memorial at the same place it would have been removed as well.

      Also, how in the world is removing a Soviet statue saying "I love Nazis"? Every single year the Russians would gather at the memorial during VE day and get wasted and wave the Soviet flag around. Naturally the Estonians would come by with signs like "During the occupation X amount of people were deported" and whatnot. Then a fight would break out and the cops would have to come stop a small scale riot from breaking out because someone told these idiots the truth. To stop this from escalating we moved the monument. We did not destroy it, we did not desecrate the bodies, we did not cut the statue into pieces as the Durma said, we moved it with full respect for the dead.

      Saying we prefer Nazis is strange. My own family was killed by the Nazis and my grandfather deported to Germany to work in a forced labor camp till the war ended and the guards just disapeard one day. I hate Nazis. I have about 1 or 2 living relatives left in Estonia because of that. But that does not make me a Soviet lover. You don't have to pick a side here, you can hate both.

      Yes, we made our choice. We chose freedom and thats what we have. Don't like it, comrade? Tough.
  7. Short summary of the original by MikePlacid · · Score: 2, Interesting

    Cyber attacks are dangerous (impact on Estonia described). The are too easy to organize (Russian blogs described). We need draconian laws to punish offenders. Russia (and other poorly governed countries) can't be relied upon to establish draconian laws. We must lead the way! (and probably force everyone else to follow).

  8. I wonder when... by Fluffeh · · Score: 3, Informative

    I wonder when the "Usual suspects" in terms of global terrorism and splinter governments realize that this sort of warfare is much cheaper to run than what they are doing, and can cause just as much if not more harm to the target country.

    Lets hope it's later rather than sooner.

    --
    Moved to http://soylentnews.org/. You are invited to join us too!
  9. What did they expect? by Alex+Belits · · Score: 2, Insightful

    A government of a tiny country, that has no achievements other than supporting relatively comfortable life for its microscopic population on subsidies and investments, and acting as US agent in EU (aka member of "New Europe"), imagines itself important and invulnerable, and pisses off hundreds of millions of people.

    An extremely small minority of the pissed off hundreds of millions performs otherwise meaningless juvenile prank, that multiplied by the number of participants causes visible problems.

    What the Hell did Estonian government expect? That the strength of their self-righteousness, or their American overlords, will protect them?

    Learn some international politics beyond "do what sugar daddy says, and everything will be fine".

    --
    Contrary to the popular belief, there indeed is no God.
    1. Re:What did they expect? by Wes+Janson · · Score: 2

      I am neither Estonian nor Russian, and have never visited either country.

      That being said, this attitude that the Estonian government is somehow horribly evil for moving a statue I find to be utterly incomprehensible. If the United States government decided tomorrow to move the Vietnam wall across the Mall and plunk it down over somewhere else, you'd have a few thousand disgruntled veterans. You might see a few angry op-ed letters. The idea that there would be violent rioting in the streets and destruction of public infrastructure is absolutely insane.

      I strongly suspect there are more layers and levels to the nationalism behind this issue than one simply of respect. Population growth and ethnic tensions seem to be what's really at heart. Blaming the Estonian government for the situation, though, is bafflingly illogical.

  10. I actually saw it by Jay+Tarbox · · Score: 3, Interesting

    A customer of mine (small college) reported issues with their (smallish) internet pipe one evening. Something appeared to be hogging a bunch of bandwidth.
    Long story short, a sniffer revealed a huge amount of traffic coming from a particular student machine directed at an IP address ARIN showed as belonging to Estonia's government. We said huh, wierd and shut down his switch port and went to bed.
    Of course we found out a little bit later about the attacks. I don't have the sniffer traces anymore.