Cyber war in Estonia

Warning: disturbing a war memorial can provoke all out cyber war--at least in Estonia. On April 27, 2007, Estonia officials relocated the "Bronze Soldier," a Soviet-era war memorial commemorating an unknown Russian who died fighting the Nazis, a move that incited rioting by ethnic Russians and the blockading of the Estonian Embassy in Moscow. It also started a large and sustained distributed denial-of-service attack on several Estonian Web sites, including those of government ministries and the prime minister's Reform Party. A denial-of-service attack (DoS) occurs when someone directs a large number of requests to a target URL; the requests occur so quickly that the Web server can't respond and the site becomes inaccessible to everyone. A distributed denial-of-service attack (DDoS) occurs when hundreds or thousands of compromised computers are enlisted. Within the last week, the intensity of the attacks diminished.

Arbor Networks' Jose Nazario has now blogged his analysis of the Estonian DDos attacks. He reports that Arbor Networks recorded 128 unique DDoS attacks on Estonian-based URLs. Most lasted less than one hour, with the longest lasting 10 hours and 30 minutes. As for the strength, measured in how many packets of information flooded the given URL to make it inaccessible, the attacks were relatively light, with only ten of the attacks measuring 90-plus Mbps, including one of the 10-hour attacks. At its peak on May 9, the attack shut down up to 58 sites at once.

That's a lot of fire power, and it suggests the use of "botnets"--collections of compromised home and office computers worldwide. In this scenario, a "botherder" directs thousands of compromised computers to request simultaneous access to a single URL, effectively shutting down that site. Computer Security Incident Response Teams (CSIRTs) in several countries, as well as NATO, have assisted the Estonian government in handling the attacks. Early analysis suggests the attacks may have originated in Russia.