One year ago, the Estonian government moved a war memorial honoring Russian-Estonians who died fighting the Nazis, a move that may have triggered what some believe is the first instance of a sustained, international cyberwar.
Now, Gadi Evron, a former Israeli Government CERT manager who was in Estonia at the time of the attacks, has revisited the events with an article in the Georgetown Journal of International Affairs and reprinted here online (PDF).
Evron said what could be described as a "flash mob" created the disturbances in the Estonian Internet during May 2007. "Not only did the cyber riot start almost simultaneously with the actual riots, fresh posts in the Russian-language blogosphere continuously appeared with new targets and instructions. These details suggest that the cyberattackers reacted to Estonian defenses," he wrote.
On the subject of who was orchestrating the events, Evron doesn't blame Russia, but he doesn't shy away from mentioning the country either. He writes: "Once bloggers started reporting their small-scale attacks, more experienced players became involved. Before long, botnets were being used. The involvement of the Russian government in the affair cannot be confirmed. What raised speculation, however, is the failure--or unwillingness--of the Russian authorities to stop the cyber riot against Estonia for over three weeks after the initial attack."
The events in Estonia began on April 27, 2007, when Estonian officials relocated the Bronze Soldier, a Soviet-era war memorial, to a park outside the nation's capital. The decision provoked rioting by ethnic Russians, who took to the streets of the capital, Tallinn, in protest. The pro-Russia protesters blockaded the Estonian Embassy in Moscow. And in a rather unique way, a few even took their ire to the Internet.
Evron previously recounted his experience at last summer's Black Hat security conference in Las Vegas.
Not everyone is buying Evron's account. Viktor Larionov, posting on Bugtraq from Tallinn, Estonia, takes issue with Evron's story, not just the political but the technical side of it, calling it one big bluff. "In general," Larionov writes, "a lot of IT experts around here are concerned that no 'cyberwar' has never happened (and) maybe 10 to 20 DDoS attacks which took place" simply caught some sleeping admins off-duty. He adds, "Tell me, how many attacks or...attack attempts does your corporate network suffer during the day?"
This week we've seen two Internet events that are more alike than dissimilar. On Wednesday, an Estonian court convicted a 20-year Russian for his part in last spring's distributed denial-of-service (DDoS) attacks on that nation. On Thursday, word of mounting DDoS attacks on the Church of Scientology spread. Ultimately, both events could have larger repercussions.
The attack on the Estonian Web sites was prompted by an Estonian government plan to move a statue and grave sites honoring Russian-Estonians who died fighting the Nazis. Gadi Evron of Beyond Security said at last year's Black Hat USA that he found only one case of unique code used in the attacks which lasted from April 27 through mid-May. Evron said the attack had the appearance of an Internet flash mob, and now, with the conviction, it appears to have been loosely organized by a group of college kids. Evron cited evidence of at least one e-mail inciting Internet action on a particular date at a particular time during Estonian attacks.
A similar event is happening now. DDoS attacks against the Church of Scientology appear to be coming from a loosely organized group of individuals calling themselves Anonymous or Anon. The attacks, according to Jose Nazario of Arbor Networks, appear to use common code and early attacks originated from one IP address.
As with the events in Estonia, as news spread, more individuals may now be targeting the Church of Scientology in a sort of "me too" frenzy. A Web site called Project Chanology continues to detail present and future actions by Anonymous and others.
The idea that a handful of skilled individuals could decide to "take out" a particular group or company or government for any reason is a very disturbing one indeed.
A 20-year-old Russian has been convicted for organizing some of the attacks on Estonia's government sites during spring 2007, the Agence France-Presse reported on Thursday.
"Dmitri Galushkevich is the first hacker to be sentenced for organizing a massive cyberattack against an Estonian Web page," Gerrit Maesalu, spokesman for the regional prosecutor's office in northeast Estonia, told the AFP. Galushkevich was fined 17,500 krooni (about $1,600). He admitted his guilt, said Maesalu.
The distributed denial of service (DDoS) attacks, which some security experts have alternatively called a flash mob or the first-ever cyberwar, was prompted by an Estonian government plan to move a statue and grave sites honoring Russian-Estonians who died fighting the Nazis. From late April through mid-May 2007, various Internet-based services within Estonia were not accessible.
Estonians rely heavily on the Internet for basic services such as paying for food, water, and gas, said Gadi Evron, security evangelist for Beyond Security. Evron has studied the incident thoroughly. "The more technology there is within a country, the more dependent the country is on technology and therefore, the more vulnerable," he said.
- prev
- 1
- next
