Get Smart about Business Spending
Eighteen months after a denial-of-service attack, the Estonian Ministry of Defense has posted a detailed report (PDF) on the attacks. While focusing on specific steps the nation needs to take to prevent another attack, the report contains global recommendations as well.
In May 2007, the Baltic nation experienced a series of denial-of-service (DoS) attacks as a result of its government's decision to relocate a statue honoring an unknown Russian person killed during World War II. At Black Hat in 2007, security expert Gadi Evron said the attacks were not directed by the Russian Federation, or any government entity; he suggested it was the work of a "flash mob" of individuals from all over the world. In January, a native Russian in Estonia was convicted for his involvement in the event.
The report calls for Estonia to apply a graduated system of security measures, develop high awareness of information security to the highest standard, develop appropriate regulatory and legal framework of information systems, and promote international cooperation toward achieving global cybersecurity.
On the latter topic, Estonia will seek global condemnation of cyberattacks given the impact on individuals' livelihoods. In Estonia, a nation that is well-wired per capita, the DoS attacks shut down local ISPs and prevented people from buying food, getting gas, or completing bank transactions for several days.
The report concludes that Estonia should seek the cooperation of all nations in strengthening local cybersecurity law enforcement by presenting its expertise and experience at global security conferences.
When political tensions flared last month between Georgia and its large neighbor to the north, the country was ready to block Internet traffic from Russia, hoping to avoid the denial-of-service attacks that shut down Internet service in Estonia for several days in 2007. Instead, most of the DoS attacks that were directed against Georgia came from an unlikely place: the United States.
"Russia is one of the most capable countries when it comes to launching system intrusion hacking attempts, distributed denial-of-service attacks, and operation of botnets," said Don Jackson, director of Threat Intelligence for SecureWorks. "Yet you'll notice the number of attacks coming from Russia are very low."
SecureWorks on Monday released a list ranking the countries with the most infected computers enlisted for use with botnets. On that list, Russia ranks 7th, far behind the United States, China, Brazil, South Korea, Poland, and Japan. The reason Russia is so low, Jackson said, is that hackers from Russia don't attack from within Russia.
Instead of attacking using Russian IP addresses, Jackson said, the hackers who wanted to attack Georgia used "computers and control servers located in Turkey while the bots (the infected computers) that they controlled were mostly in the United States."
... Read more
This graphic shows the flow of botnet commands targeting Georgian Web sites.
(Credit: Arbor Networks)Researchers studying botnets have reported an increase in attacks on Georgian Web sites, including that of the country's president, within the last two weeks. While the attacks--Web site defacement and denial-of-service packet floods--are reminiscent of the Internet attacks waged against Estonia in May 2007, Jose Nazario, security researcher for Arbor Networks, told CNET News that he's seeing evidence that Georgia is apparently fighting back, attacking at least one Moscow-based newspaper site.
As to the source, Nazario said that "almost all of the attacks are broadly and globally sourced. One attack appears to be very narrowly focused, possibly someone with some basic ping flood scripts." He said the exact tools being used had not been determined.
In a presentation at July's Usenix conference in San Jose, Calif., Nazario said Internet wars make for a "great, level playing field" because they're inexpensive to mount.
He also pointed out that Internet-based wars did not start last year with Estonia. He cited previous attacks on Kosovo, during its civil war in the late 1990s; Israel-Pakistan hacking peaked in the fall of 2000; and the 2002 winter Olympics, when a South Korean speed skater was ejected from a competition.
More recently, he said, there were attacks on the Ukraine in the fall of 2007; Chinese national attacks on CNN.com in April 2008; and attacks upon the Democratic voice of Burma in July. In July hundreds of Web sites were attacked in Lithuania.
Internet wars do make for plausible deniability; we may never know who's ultimately responsible (governments or agitated nationals) for these attacks.In each of these cases, Nazario said, "I can't go and talk to these people, so I have to infer what their intent was."
- prev
- 1
- next
