priit@imke

Only hours after the Bronze Soldier was removed from Tõnismäe, in Tallinn, the capital of the Estonia, cyberattacks began and massivly continued for weeks. As Linnar Viik, well known visionaire in Estonia, commented the situation in morning television at ETV: „this is the firsti time, when such kind of massive attack was intented to be against the whole country“.

While Russia and Estonia are embroiled in their worst dispute since the collapse of the Soviet Union, a row that erupted at the end of last month over the Estonians’ removal of the Bronze Soldier Soviet war memorial in central Tallinn, the country has been subjected to a barrage of cyber warfare, disabling the websites of government ministries, political parties, newspapers, banks, and companies (The Guardian 2007). That was something that no one expected (Securenet 2005).

Main similarities between two wars are:

1.Attacking important infrastructures. After 26th April. The main targets have been the websites of (The Guardian 2007):

the Estonian presidency and its parliament
almost all of the country’s government ministries
political parties with no difference, was they against or supportive for removing bronze soldier
three of the country’s six big news organisations
two of the biggest banks, Hansapank and Ühispank; and firms specializing in communications

Arbor Networks Security Blogs (2007) gives an short overview of the last two weeks (17th May and before it). According to this, 128 unique DdoS attacks has been:

Attacks Destination Address or owner

35 “195.80.105.107/32″ pol.ee
7 “195.80.106.72/32″ www.riigikogu.ee
36 “195.80.109.158/32″ www.riik.ee, www.peaminister.ee, www.valitsus.ee
2 “195.80.124.53/32″ m53.envir.ee
2 “213.184.49.171/32″ www.sm.ee
6 “213.184.49.194/32″ www.agri.ee
4 “213.184.50.6/32″
35 “213.184.50.69/32″ www.fin.ee (Ministry of Finance)
1 “62.65.192.24/32″

2.Data gathering. Both sides are doing massive and even public (in case of cyberwar) espionage to find out enemy’s weaknesses.
3.Weapons distribution. In case of cyberwars, weapons are computers, software and tutorials about attacking targets with malware or just to overload servers.
4.Propaganda. Web forums, mailing lists and portals are perfect for quick and efficent propaganda against the other side.

Differences between wars are:

1.Chances to get hurt or killed is minimal, if you are taking a part of the cyberwar.
2.Very easy to join with the „army“
3.Patriotism is going to fade very soon and goes over to riots – one reason is tightly related with small chance to get caught.
4.In cyberwar, humans are dictating computers, who are taking over the role of being and fighting as a soldiers. More often users are not aware of the fact that his or her computer is being used as a part of the battle.
5.Cyberwar is invisible for the physical world. But the results are very visible – everything, what is connected to the Internet, is in danger and nowadays everything is connected.

What kind of attacks are being used in cyberwars?

Denial of Service attack (DoS attack) and DDoS (Distributed Denial of Service attack).

DDoS attack is a distributed attack from the multible computers at the same time. There are approximetly ten different DoS attack but the main idea is the same – victim is overloaded with queries and when computer is trying to answer them, it gets overloaded and crashes. The reason for that might be hidden in software errors or computer is just going to over heated.

How to prevent and be against the attacks?

A DoS attack can be perpetrated in a number of ways. There are three basic types of attack:

1.consumption of computational resources, such as bandwidth, disk space, or CPU time;
2.disruption of configuration information, such as routing information;
2.disruption of physical network components.

After the attacks began, Estonia cutted access to its sites from abroad. That is potentially more damaging to the country’s economy than the limited Russian sanctions announced so far, such as cutting passenger rail services between Tallinn and St Petersburg. It certainly hampers Estonia’s efforts to counter Russian propaganda that portrays the country as a fascist hellhole. “We are back to the stone age, telling the world what is going on with phone and fax,” says an Estonian internet expert (The Economist 2007).

Fact was that at the beginning some of the earliest attacks linked to Russian goverment. Plus suddenly tens of how-to’s appear about how to launch DoS attacks and those were mainly on the Russian web pages (The Economist 2007).

But cutting yourself out from the rest of the world is not the solution. Best way to help preventing those attacks (not from the target side but from the „host“ computer) would be using updated software against the malware. It is still very easy to follow that but usually users are not keeping attention on that.

Conlcusion

On 14th May, Finnish television agencie Yle announced that there has been started attacks against Yle homepage, police and some ministries and companies. Same type attacks were used as in Estonia before. Attack against the Yle site was the most powerful in the Finnish Internet history so far (Postimees 2007). That shows clearly the situation where cyberwar is not only happening between two countries and solving this mess is an excersise for whole EU and NATO too.

References:

1.http://en.wikipedia.org/wiki/Cyber-warfare
2.http://www.militaar.net/phpBB2/viewtopic.php?p=90926&sid=
fceb66499ab52144c24b132648c64164
3.http://www.ekspress.ee/viewdoc/F69F3BF1BC6B13FCC22572D0003166D6
4.http://www.postimees.ee/110507/esileht/siseuudised/260027.php
5.http://www.economist.com/world/europe/displaystory.cfm?story_id=9163598
6.http://www.securenet.ee/48?PHPSESSID=6cd380914f38636520828f477
44ce410
7.http://www.tgdaily.com/content/view/31869/97/
8.http://www.postimees.ee/160507/esileht/valisuudised/260946.php
9.http://arstechnica.com/news.ars/post/20070514-massive-ddos-attacks-target
-estonia-russia-accused.html
10.http://en.wikipedia.org/wiki/Denial_of_service
11.http://postimees.ee/170507/esileht/siseuudised/261227.php
linnar viik räägib ka asjast
12.Postimees, arti „Soome netilehed on küberrünnaku all“,
13.http://www.guardian.co.uk/russia/article/0,,2081438,00.html
14.http://asert.arbornetworks.com/2007/05/estonian-ddos-attacks-a-summary
-to-date/