Tag Archives: Republics

“One Technician Unplugged The Estonian Internet”

In all the hoo-ha about the Arab Revolutions some interesting WikiLeaks cables seem to be slipping through the net. Like this one from 2008 about Estonia’s view of the cyberattack on Georgia. Estonia had learned some tough lessons from Russia’s cyberattack on its defenses the previous year, so was quick to send cyber-defense experts to “help stave off cyber-attacks emanating in Russia”, according to the Baltic Times at the time.

The cable, dated Sept 22 2008, reports on meetings with Estonian officials on both the lessons from its own experience and some candid commentary on Georgia’s preparedness and response. Here are some of the points:

  • Russia’s attack on Georgia was a combination of physical and Internet attack. “[Hillar] Aarelaid [Director of CERT-Estonia] recapped the profile of the cyber attacks on Georgia: the country’s internet satellite or microwave links which could not be shut down (inside Russia) were simply bombed (in southern Georgia).”
  • Russia seemed to have learned some lessons from the Estonia attack, suggesting that Estonia was a sort of dry-run: “the attacks on Georgia were more sophisticated than those against Estonia, and did not repeat the same mistakes. For example, in 2007, the ‘zombie-bots’ flooded Estonian cyberspace with identical messages that were more easily filtered. The August 2008 attacks on Georgia did not carry such a message.”
  • That said, Georgia itself learned some lessons, Aarelaid was quoted as saying. While it failed to keep “archives of collected network flow data, which would have provided material for forensic analysis of the attacks,” the country “wisely did not waste time defending GOG (Government of Georgia) websites, he said, but simply hosted them on Estonian, U.S. and public-domain websites until the attack was over.” This “could not have been taken without the lessons learned from the 2007 attacks against Estonia.”
  • Estonia felt it got off lightly, in that it would have made more sense to have tried to trigger a bank-run. (This is not as clear as it could be). “Aarelaid felt that another cyber attack on Estonia ‘…won’t happen again the same way…’ but could be triggered by nothing more than rumors. For example, what could have turned into a run on the banks in Estonia during the brief November 2007 panic over a rumored currency devaluation was averted by luck. Money transfers into dollars spiked, he explained, but since most Estonians bank online, these transfers did not deplete banks’ actual cash reserves.” I take this to mean that if people had actually demanded cash, rather than merely transfered their money into another currency online, then it could have had far more damaging effects on the Estonian banking system.
  • Finally, the debate within Estonia focused on clarifying “who has the authority, for example, to unplug Estonia from the internet. In the case of the 2007 attacks, XXXXXXXXXXXX noted, it was simply one technician who decided on his own this was the best response to the growing volume of attacks.”

World’s Slowest Email?

Burma (Myanmar) may be in the running for the world’s slowest email: more than four months.

clipped from www.lirneasia.net

LIRNEasia and ISEAS organized an expert forum on ICT indicators in Singapore in March 2007.  On the 26th of January, the Myanmar Ministry of Post and Telecom sent an e-mail to the ISEAS in Singapore, nominating an officer to attend.   That e-mail reached ISEAS yesterday (4th June 2006; more than four months later).


F-Secure are calling these things SMS phishing (sometimes called smishing, unfortunately), but really they are more like Nigerian email scams delivered via SMS, which isn’t quite the same. The scam is basically this: send an SMS saying the recipient has won the lottery, have them call the scammer, and the scammer tricks them into giving their account details — or persuading the victim to transfer money to another account.

These things have been going on for a while in Indonesia (which is where F-Secure’s originated.) What’s interesting about F-Secure’s is that it’s targetted at Malaysians, indicating that some Indonesians are beginning to use their shared language to export their scamming skills.

clipped from www.f-secure.com

From the phone numbers that we got from the SMS, we know that they belong to the Indonesian mobile network Indosat and therefore the phisher is located somewhere in Indonesia. This was further confirmed when the phisher spoke to us in Malay with a clearly Indonesian accent.