Slashdot Mirror

← Back to Stories (view on slashdot.org)

Expert Dissects Estonian Cyber-War

Posted by Soulskill on from the political-tube-cloggers dept.

Stony Stevenson points out an iTnews summary of a security researcher's account of the cyber-attacks on Estonia last year. The full report [PDF] is also available. We've discussed this internet-based conflict in the past. From the report: "In the days leading up to the attack, numerous clues pointed to a large-scale operation that was being planned online. Russian-language Internet discussion forums were abuzz with preparations for an online attack. Three days before the expected onslaught, Estonia planned to release the news of the coming strike in hopes that European media attention would oblige the EU to pressure the Kremlin to intervene, whether or not the attacks emanated from the Russian authorities."

12 of 172 comments (clear)

  1. Yes, yes, and... by jd · · Score: 4, Insightful
    What are nations going to do about it? Many networks are spanning-tree, not mesh, and far too many countries have far too few cross-border gateways that are independent. The cyberattack could have been shut down within 5-10 seconds, with minimal loss of connectivity, if the network had been designed correctly. DDoS attacks aren't limited to governments - the DoS attacks that led to changes in TCP/IP to limit/block such attacks were the effort of some cybercriminal-wannabe, and that was mid 90s. Today, we have inline proactive intrusion detection systems, congestion blocking for UDP and unresponsive flows, routing algorithms that eliminate single points of failure, and the such. What excuse does anyone have, today, for being vulnerable to this? People are vaccinated against common deadly diseases, networks are (or should be) innoculated against common (and potentially deadly) cyberattacks.

    Estonia I can almost forgive, as they're relatively poor and didn't have much time to go from Soviet-era attitudes to something saner. They should still have done more. What bothers me much more is that the scorecards for US departments make it clear that the US is even less prepared for a cyberwar than even Balkan castoffs.

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
    1. Re:Yes, yes, and... by antirelic · · Score: 5, Insightful

      Ah yes, mark it up as it calls out the US for being less prepared than a post cold war soviet satellite when this is in fact, completely incorrect. The US government uses networks completely disconnected from the internet to conduct its real business, as posted repeatedly on slashdot. The fact that people still believe that US governments public websites and points of presence are anything more than public relations has not been keeping pace. But go ahead, mod "insightful" and "interesting" because the post makes a "jab" at the US.

      For the rest of the world who isnt so spun up in anti-US fervor to see what the real problem is.... Vladamirs Putins political party is heavily involved in supporting "youth" organizations which can act for the state, without the state getting any stains on its hands. This may be one of those instances of ultra-nationalists, who have been backed by the state, who act "independently" for the interests of the home nation. While it is irresponsible of the Russian government to allow this type of activity to go on, it is certainly not against their best interests.

      --
      20th century Marxism is not progress...
    2. Re:Yes, yes, and... by Anonymous Coward · · Score: 4, Insightful

      You mean the NIPRNet and SIPRNet? Those are for the Department of Defense.

      As for the regular US government, almost all of their work involves the Internet. Losing access to email and the web would cripple the US government. Including the Department of Defense, since while all classified information goes over the aforementioned secure networks, a lot of the actual work occurs over the regular Internet since it's easier to actually use. Sure, the soldiers in the field would be able to continue dieing for a vague war on terror without the Internet, but the generals and civilian leadership back in the US would be unable to do anything except send email to soldiers.

      And, of course, everything that isn't related to killing people runs over the regular Internet and would be crippled.

    3. Re:Yes, yes, and... by Cyberax · · Score: 4, Insightful

      I know several people who participated in the attack - I'm not connected to hacker underground but they are. They say that almost all people they know that participated in this attack also dislike Putin and his regime.

      It doesn't take an 'ultranationalist' in Russia to protest against the destruction of war memorials - Russia lost 30 million people in WWII (that's about 50 times more than USA lost in WWII).

      Personally, I see this as an evidence of how easy is to wage electronic 'guerrilla warfare'.

    4. Re:Yes, yes, and... by Pedrito · · Score: 5, Informative

      Estonia I can almost forgive, as they're relatively poor and didn't have much time to go from Soviet-era attitudes to something saner. They should still have done more. What bothers me much more is that the scorecards for US departments make it clear that the US is even less prepared for a cyberwar than even Balkan castoffs.

      Actually, Estonia isn't very poor. They're a member of the E.U. They're the wealthiest of the Baltic States and their market economy has "one of the highest per capita income levels of Central Europe" (CIA World Factbook). Their unemployment is comparable to the U.S., at just 5.2%. They're actually quite modern. Most of their population files tax returns online. Does that sound like a poverty-struck backwards nation to you?

      There's nothing very Soviet about them, really. They speak their own language, Estonian, which is quite similar to Finnish. Estonia and Finland have very close ties, culturally and financially.

      You're clearly thinking of some other Estonia.

    5. Re:Yes, yes, and... by niiler · · Score: 4, Insightful

      The war memorial was moved to a Russian cemetery, not destroyed. This was far more appropriate considering that most Estonians felt that Stalin was FAR worse than Hitler. Sheesh, 10% of the Estonian adult population was deported to gulags and death camps by the Russians. Under the Nazis, if you weren't Roma, gay, or Jewish, you were OK. [I'm not saying that the Nazis were nice folks. On the contrary, they were horrid too.]

      So the bear rescued the rabbit from the falcon, the bear still tried eating the rabbit. It's either disingenuous or ignorant to claim that the rabbit ought to be thanking the bear.

    6. Re:Yes, yes, and... by bob.appleyard · · Score: 4, Insightful

      In the US, it was all about "mercury based preservatives" causing untold woe and suffering.

      In the UK, it was all "oh it'll give you autism."

      Both claims were basically specious, and they were both cut from the same cloth -- luddism. There is, and has been since pretty much their inception, a staunch group of idiots that want to do away with vaccines, God only knows why.

      I'm beyond cynical when it comes to the behaviour of pharmaceutical companies ("social anxiety," anyone?), but you're basically invoking a conspiracy theory in an attempt to discredit epidemiology. If you're going to attack a fundamentally sound discipline, you're going to have to do better than misunderstandings of chemistry and "oh, that nasty Big Pharma wants to kill you" rhetoric.

      --
      How dare you be so modest!! You conceited bastard!!
    7. Re:Yes, yes, and... by capologist · · Score: 4, Informative

      Hitler was very open about his attitude toward Communism long before Operation Barbarossa. He wrote about it in Mein Kampf.

  2. Expert? by lambent · · Score: 4, Informative

    I'm sorry, but ... wait, no I'm not.

    Gadi Evron, while undeniably prolific, is questionably informed. Take what he has to say with a grain of salt, and don't for a second believe there's anything more involved here than using well-known industry best-practices for evaluating vulnerable infrastructure and dealing with this type of traffic.

    We now return to your regularly scheduled cross-post flame-fest between nanog and full-disclosure.

  3. Too bad. by cdrguru · · Score: 5, Interesting

    The Internet as it stands today is a consequences-free zone. Nations can't "do" anything about such attacks because there are no effective ways to conclusively track them back to individuals or even organizations. Even if there was, how much is some official going to do in China when handed a report of some kind of attack against some other country's computers?

    As continuously pointed out, an IP address does not identify an individual. Today, with today's laws, unless you leave clear tracks to other forms of identification just having an IP address does not connect a deed with an individual. You can threaten, harass, and, yes, DDoS, with impunity. I don't see this changing anytime soon.

    This pretty much means that any real online presence lives or dies by how much they draw attention to themselves and how motivated the attackers are. Estonia sounds like they were particularly vulnerable with little in the way of offline backup for basic services. This is not true in the US today, but it could easily be that way tomorrow. Could a group of disgruntled folks cripple government services in the US? Maybe. Given the current climate with laws, enforcement and international cooperation, there is no way that anyone outside the US would ever be prosecuted unless they bragged about what they did.

    1. Re:Too bad. by icebike · · Score: 4, Informative

      No, you can't rely on that.

      IPs can be faked, and trying to track down a specific IP across uncooperative ISPs and political borders is a fools errand.

      --
      Sig Battery depleted. Reverting to safe mode.
  4. Re:I was close to participation by shiznatix · · Score: 5, Insightful

    If they prefer Nazis over Soviets, so be it. They made their choice.
    Holy shit! You obviously don't understand anything. Nobody liberated Estonia, ever, except for the Estonians themselves linky and linky 2 (granted we got a bit of help from our neighbors). We (I am an Estonian) do NOT prefer Nazis. We just hate both Soviets and Nazis. If there was some crazy Nazi war memorial at the same place it would have been removed as well.

    Also, how in the world is removing a Soviet statue saying "I love Nazis"? Every single year the Russians would gather at the memorial during VE day and get wasted and wave the Soviet flag around. Naturally the Estonians would come by with signs like "During the occupation X amount of people were deported" and whatnot. Then a fight would break out and the cops would have to come stop a small scale riot from breaking out because someone told these idiots the truth. To stop this from escalating we moved the monument. We did not destroy it, we did not desecrate the bodies, we did not cut the statue into pieces as the Durma said, we moved it with full respect for the dead.

    Saying we prefer Nazis is strange. My own family was killed by the Nazis and my grandfather deported to Germany to work in a forced labor camp till the war ended and the guards just disapeard one day. I hate Nazis. I have about 1 or 2 living relatives left in Estonia because of that. But that does not make me a Soviet lover. You don't have to pick a side here, you can hate both.

    Yes, we made our choice. We chose freedom and thats what we have. Don't like it, comrade? Tough.