[ISN] A cyber-riot

From: InfoSec News (alerts@private)
Date: Mon May 14 2007 - 22:39:15 PDT


http://www.economist.com/world/europe/displaystory.cfm?story_id=9163598

The Economist print edition
May 10th 2007

Estonia has faced down Russian rioters. But its websites are still under 
attack

FOR a small, high-tech country such as Estonia, the internet is vital. 
But for the past two weeks Estonia's state websites (and some private 
ones) have been hit by “denial of service” attacks, in which a target 
site is bombarded with so many bogus requests for information that it 
crashes.

The internet warfare broke out on April 27th, amid a furious row between 
Estonia and Russia over the removal of a Soviet war monument from the 
centre of the capital, Tallinn, to a military cemetery (pictured below). 
The move sparked rioting and looting by several thousand protesters from 
Estonia's large population of ethnic Russians, who tend to see the 
statue as a cherished memorial to wartime sacrifice. Estonians mostly 
see it rather as a symbol of a hated foreign occupation.

The unrest, Estonia says, was orchestrated by Russia, which termed the 
relocation “blasphemy” and called for the government's resignation. In 
Moscow, a Kremlin-run youth movement sealed off and attacked Estonia's 
embassy, prompting protests from America, NATO and the European Union. 
Perhaps taken aback by the belated but firm Western support for Estonia, 
Russia has backpedalled. Following a deal brokered by Germany, Estonia's 
ambassador left for a “holiday” and the blockade ended as abruptly as it 
began.

But the internet attacks have continued. Some have involved defacing 
Estonian websites, replacing the pages with Russian propaganda or bogus 
apologies. Most have concentrated on shutting them down. The attacks are 
intensifying. The number on May 9th—the day when Russia and its allies 
commemorate Hitler's defeat in Europe—was the biggest yet, says Hillar 
Aarelaid, who runs Estonia's cyber-warfare defences. At least six sites 
were all but inaccessible, including those of the foreign and justice 
ministries. Such stunts happen at the murkier end of internet commerce: 
for instance, to extort money from an online casino. But no country has 
experienced anything on this scale.

The alarm is sounding well beyond Estonia. NATO has been paying special 
attention. “If a member state's communications centre is attacked with a 
missile, you call it an act of war. So what do you call it if the same 
installation is disabled with a cyber-attack?” asks a senior official in 
Brussels. Estonia's defence ministry goes further: a spokesman compares 
the attacks to those launched against America on September 11th 2001. 
Two of NATO's top specialists in internet warfare, plus an American 
colleague, have hurried to Tallinn to observe the onslaught. But 
international law is of little help, complains Rein Lang, Estonia's 
justice minister.

The crudest attacks come with the culprit's electronic fingerprints. The 
Estonians say that some of the earliest salvoes came from computers 
linked to the Russian government. But most of them come from many 
thousands of ordinary computers, all over the world. Some of these are 
run by private citizens angry with Estonia. Anonymously posted 
instructions on how to launch denial-of-service attacks have been 
sprouting on Russian-language internet sites. Many others come from 
“botnets”—chains of computers that have been hijacked by viruses to take 
part in such raids without their owners knowing. Such botnets can be 
created, or simply rented from cyber-criminals.

To remain open to local users, Estonia has had to cut access to its 
sites from abroad. That is potentially more damaging to the country's 
economy than the limited Russian sanctions announced so far, such as 
cutting passenger rail services between Tallinn and St Petersburg. It 
certainly hampers Estonia's efforts to counter Russian propaganda that 
portrays the country as a fascist hellhole. “We are back to the stone 
age, telling the world what is going on with phone and fax,” says an 
Estonian internet expert. Mikko Hyppönen of F-Secure, a Finnish internet 
security company that has been monitoring the attacks, says the best 
defence is to have strong networks of servers in many countries. That is 
not yet NATO's job. But it may be soon.



_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Mon May 14 2007 - 22:44:54 PDT