Politics on the Wire
<p>On April 27, 2007, various Internet resources from the <a href="http://en.wikipedia.org/wiki/Estonia">Republic of Estonia</a> came under a series of <a href="http://www.securityfocus.com/infocus/1647">DDOS</a> or distributed denial of service <a href="http://news.com.com/Cyberattack+in+Estonia-what+it+really+means/2008-7349_3-6186751.html?tag=cd.lede">attacks</a>. According to claims by Estonian government officials and media, the attacks originated in Russia and followed a dispute between the government and ethnic Russians over the relocation of a Soviet war memorial from the Estonian capital of Tallinn. The attacks targeted websites belonging to government ministries, banks, media, political parties and businesses.</p>
<p>Though DDOS attacks against various networks have taken place on numerous occasions in the past, the particularly interesting aspect of these attacks was that they appear to be politically motivated and may fall under the concept of cyber-warfare. The term “cyber-warfare” refers to a branch of <a href="http://en.wikipedia.org/wiki/Information_warfare">information warfare</a> that uses computers and the network infrastructure to carry out targeted attacks and warfare for military, political, and strategic objectives. There are various active and passive methods of cyber-warfare including vandalism and website defacement, denial-of-service attacks, propaganda, information theft and disruption of services.</p>
<p>The <a href="http://en.wikipedia.org/wiki/Estonian_Cyberwar">attacks against Estonia</a> appeared to be only the third known instance of a well funded and organized campaign of cyber-warfare between two countries. The other two instances were alleged attacks against the United States from China and Russia referred to as <a href="http://en.wikipedia.org/wiki/Titan_Rain">Titan Rain</a> and <a href="http://en.wikipedia.org/wiki/Moonlight_Maze">Moonlight Maze</a>. The source of computer network attacks is typically near impossible to attribute and would be particularly difficult when involving state sponsored network warfare. It is also possible that obfuscation of source that causes intentional political or public strife may be one of the core objectives. False flag operations or other forms of subterfuge could represent another reason for source obfuscation and misrepresentation.</p>
<p>On May 17, 2007, Jose Nazario of Arbor SERT <a href="http://asert.arbornetworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/">reported</a> seeing 128 distinct DDOS attacks against websites from Estonia. The <a href="http://asert.arbornetworks.com/2007/05/ddos-de-da-internet-attacks-still-considerable/">data</a> from Arbor also suggests that the number of attacks consistently increased and peaked on May 9, 2007. The length of the attacks ranged anywhere from less than one minute to more than 10 hours. Arbor also measured bandwidth of the attacks which reached upwards of 90 Mbps in some cases. The prolonged nature and persistence of the attacks combined with the enormous number of packets sent to the targets suggests that a large <a href="http://www.securityfocus.com/columnists/398">botnet</a> was targeting the victims.</p>
<p>In response to the attacks, NATO sent experts to help Estonia investigate the attacks and improve network security. The government of Estonia responded to the attacks by blocking access to the targeted resources from sources that were outside the country, and also asked NATO to develop a strategy to combat ‘cyber-terrorists’. <a href="http://news.bbc.co.uk/2/hi/europe/6665195.stm">Allegations</a> by the Estonian government and the release of a list of attacking source IP addresses from Russia led to a diplomatic row between the countries. It is unclear as to how the Estonian government reached the conclusion that the Russian government was behind the attacks as the source of an attack can be easily misrepresented by attackers. The question also arises as to whether an attacking state would be naïve enough to launch a sophisticated targeted attack using their networks, and thus be open to accusations with ease. Though considering the vast budgets available to military and defense organizations, one would expect a cyber war-fighting group run by a nation-state to be well funded, and staffed with some of the best technical analysts in the world. Such a group would be more than capable of effectively obfuscating the apparent origins of real attack traffic. </p>
<p>Subsequent <a href="http://www.heise-security.co.uk/news/90461">reports</a> suggest that the attacks were not orchestrated by a single organization or government as it was previously thought. They seem to have been carried out by a group of attackers from around the world. The questions still remain as to why Estonia of all countries was targeted and why the attacks followed the specific political row. It is possible that these attacks were part of a growing trend of politically-motivated targeted attacks and may represent the beginning of an era of cyber-warfare. It is also very likely this was a one-time event that was misinterpreted and blown out of proportion.<br />
</p>
http://www.symantec.com/enterprise/security_response/weblog/2007/06/politics_on_the_wire.html
http://www.symantec.com/enterprise/security_response/weblog/2007/06/politics_on_the_wire.html
Wed, 13 Jun 2007 05:00:00 -0800
Linear Mode
