Tag Archives: Estonia

“One Technician Unplugged The Estonian Internet”

In all the hoo-ha about the Arab Revolutions some interesting WikiLeaks cables seem to be slipping through the net. Like this one from 2008 about Estonia’s view of the cyberattack on Georgia. Estonia had learned some tough lessons from Russia’s cyberattack on its defenses the previous year, so was quick to send cyber-defense experts to “help stave off cyber-attacks emanating in Russia”, according to the Baltic Times at the time.

The cable, dated Sept 22 2008, reports on meetings with Estonian officials on both the lessons from its own experience and some candid commentary on Georgia’s preparedness and response. Here are some of the points:

  • Russia’s attack on Georgia was a combination of physical and Internet attack. “[Hillar] Aarelaid [Director of CERT-Estonia] recapped the profile of the cyber attacks on Georgia: the country’s internet satellite or microwave links which could not be shut down (inside Russia) were simply bombed (in southern Georgia).”
  • Russia seemed to have learned some lessons from the Estonia attack, suggesting that Estonia was a sort of dry-run: “the attacks on Georgia were more sophisticated than those against Estonia, and did not repeat the same mistakes. For example, in 2007, the ‘zombie-bots’ flooded Estonian cyberspace with identical messages that were more easily filtered. The August 2008 attacks on Georgia did not carry such a message.”
  • That said, Georgia itself learned some lessons, Aarelaid was quoted as saying. While it failed to keep “archives of collected network flow data, which would have provided material for forensic analysis of the attacks,” the country “wisely did not waste time defending GOG (Government of Georgia) websites, he said, but simply hosted them on Estonian, U.S. and public-domain websites until the attack was over.” This “could not have been taken without the lessons learned from the 2007 attacks against Estonia.”
  • Estonia felt it got off lightly, in that it would have made more sense to have tried to trigger a bank-run. (This is not as clear as it could be). “Aarelaid felt that another cyber attack on Estonia ‘…won’t happen again the same way…’ but could be triggered by nothing more than rumors. For example, what could have turned into a run on the banks in Estonia during the brief November 2007 panic over a rumored currency devaluation was averted by luck. Money transfers into dollars spiked, he explained, but since most Estonians bank online, these transfers did not deplete banks’ actual cash reserves.” I take this to mean that if people had actually demanded cash, rather than merely transfered their money into another currency online, then it could have had far more damaging effects on the Estonian banking system.
  • Finally, the debate within Estonia focused on clarifying “who has the authority, for example, to unplug Estonia from the internet. In the case of the 2007 attacks, XXXXXXXXXXXX noted, it was simply one technician who decided on his own this was the best response to the growing volume of attacks.”

Some Early Lessons from The Georgian Cyberwar

image

illustration fron Arbor Networks

There’s some interesting writing going about the Georgian Cyberwar. This from VNUnet, which seems to confirms my earlier suspicion that this was the first time we’re seeing two parallel wars: 

“We are witnessing in this crisis the birth of true, operational cyber warfare,” said Eli Jellenc, manager of All-Source Intelligence at iDefense.

“The use of cyber attack assets in conjunction with kinetic military operations in the current crisis now stands among the most significant developments ever seen in the field of information security or cyber conflict studies.”

Others suggest that in fact there are examples of earlier parallel conflicts: Kosovo, among them, says Arbor Networks’ Jose Nazario.

ZDNet’s Dancho Danchev takes the idea that this is all about denying participants a chance to get their message out a stage further: those put out of action are being forced to get their message out through other channels. Georgia’s foreign ministry, for example, has set up a blog at Blogger and the website of the Polish president.

The mainstream press is having a go at the story, too, including the Journal and the NYT. The main culprit, the articles suggest (following Georgia’s own claims), is the Russian Business Network, a St. Petersburg-based gang.

But as this article points out, finding out who is responsible is a slow business. Indeed, this is a strange feature of cyberwar that makes it more akin to terrorism than to warfare. This kind of makes the notion of establishing responsibility a little beside the point. Cyberattacks are a chance for ordinary (well, sort of ordinary) citizens to do their bit for the war effort. In this sense the government is a customer for the services of botnet and hacker groups or individuals with skills the government is happy to see deployed on its behalf, while able to plausibly deny it has anything to do with.

Indeed, we may be missing the more interesting aspect of this, one that predates South Ossetia. Now we’re just seeing cyber attacks work alongside the physical, or kinetic, attacks. A sort of psywar, since it’s mainly about getting the word out and winning hearts and minds.

But what about a cyberwar conducted on its own, but one that leads to a physical war—at least, a cold one? Joel Hruska at arstechnica points out in a piece written a week ago, that an uncovered little cyberwar—or rather cyber-hacktivism—in Lithuania, led to a serious cooling of relations between its government and that of Russia. As with Estonia last year, the attack “marked the first time I was aware of in which a single individual with a computer was able to notably impact relations between two neighboring nations.”

Georgia, however, represents the first time we’ve seen a government almost wiped off the Internet. Whether this is a prelude to it being wiped off the map is something we’ll have to wait and see. But already some conclusions are becoming obvious:

  • Cyberwar is too powerful a tool for any government to ignore, both offensively and defensively;
  • Cyberwar is not just about putting citizens of a target country in the dark; it’s about making it impossible for the target government, and its citizens, to get their side of the story out.
  • As these tools get more powerful, when will we see cyberwar as a specific phase in a physical war designed to achieve what used to be done by the physical bombardment of communication centers?
  • Botnets, and their owners, are powerful players beyond the underworld of spam and phishing. A government that has them operating within their borders must surely know of their existence; if it hasn’t shut them down already, is it too great a leap of logic to suggest there must, at some level, be a relationship between them?

Georgia gets allies in Russian cyberwar – vnunet.com

Russia Declares Cyberwar?

The Guardian reports on what some are suggesting may the first outbreak of official cyberwar between one country and another, after Russian hackers, official or not, have flooded Estonian websites with Denial of Service attacks (DDoS):

clipped from www.guardian.co.uk

Without naming Russia, the Nato official said: “I won’t point fingers. But these were not things done by a few individuals.

 

“This clearly bore the hallmarks of something concerted. The Estonians are not alone with this problem. It really is a serious issue for the alliance as a whole.”

Skype Cuts Some Rates

Skype has lowered rates of its SkypeOut service to some destinations as part of its first anniversary celebrations. Here are the details:

Six major new countries have been added to the SkypeOut Global Rate, a fixed, low-cost rate of 1.7 Euro cents per minute to popular calling destinations. China, Greece, Taiwan, Hong Kong, Poland and Switzerland have joined more than 20 additional destinations in the Global Rate. Skype has also significantly lowered SkypeOut rates for calling numbers in Armenia, Bangladesh, Belarus, Bulgaria, the Cook Islands, Croatia, the Czech Republic, Denmark, the Dominican Republic, Estonia, Finland, Germany, Hungary, Iceland, India, Indonesia, Ireland, Korea, Lebanon, Luxembourg, Malaysia, Mexico, the Netherlands, Poland (mobile), Portugal, Russia, Slovakia, South Africa, Spain, Sri Lanka and Turkey.

I’m not quite clear from the press release, but it sounds as if this is an average reduction of 15%.

It’s not all good news: Prices for SkypeOut calls to Saudi Arabia, Papua New Guinea, Oman, Lichtenstein and Haiti numbers will increase slightly.

News: From Kazaa To Skype

 From Estonia comes news that the guys behind file-swapping legend Kazaa are launching an Internet phone service they claim could put traditional phone companies out of business. AP says the service, called Skype, purports to offer free, unlimited phone service between users with sound quality near to existing phone lines.
 
 
Skype users — and there are already more than half a million of them — can currently use the program only to talk to each other, but it could later be enhanced so someone could call other types of programs, or even regular landline and cell phones. The program directs peer-to-peer data through the quickest networks, ensuring that quality isn’t degraded. Privacy is ensured through encryption.