« Targeting the Black Box | Main | Sorry Apple, Wrong Answer »

Cyberwar!

http://news.bbc.co.uk/2/hi/europe/6665145.stm
http://www.guardian.co.uk/russia/article/0,,2081438,00.html

As you might have read, Estonia removed a statue of a Russian solider in its main square in Tallinn. To the Estonians, the statue symbolized the nasty days of communism. The Russians claim it symbolized the Russian victory in WWII. About a third of Estonia is ethnic Russians, and after the statue’s removal, they took to the streets and protested. The Russian government also expressed strong disapproval.


Today, Estonia is under massive cyber assault from Russian hackers. Major websites of government ministries, political parties, newspapers, banks, and companies are under assault. Two Estonian banks have shut down their websites. Estonia has formally asked NATO for help and is pushing the EU for a cyberwar protocol to handle offending nations since Estonia believes the Russian government quietly endorsed this effort. The main attack objective has been denial of service attacks.

Some lessons:
-Fortify should open a sales office in Estonia ASAP.
-This episode illustrates how hacking works: professional hackers did a lot of the work and then publicly posted attack methods and targets. Soon, hobbyist followed their lead. The result? Estonia claims that 1 million separate computers have been used in the attack, most from .ru domains.
-Estonians are highly respected for their super technical acumen. They were caught blindsided.

A funny thing to note is this part is something my Fortify colleague Erik C pointed out:

"We identified in the initial attacks IP numbers from the Russian governmental offices," Aaviksoo [an Estonian government official] said, referring to Internet addresses that can be traced...The Russian government has denied Estonia's accusations. Spokesman Dmitry Peskov said the attackers must have used a fake Kremlin Internet address to tarnish Russian authorities.

You can’t fake your IP address anymore on internet networks. Mr. Peskov is basically stating something akin to "Even though you have video of us attacking you, it wasn’t us!!"

Posted by Robert Rachwald on May 17, 2007 12:15 PM |

Comments (1)

james D.:

Even if there would be attack from .ru goverment, I doubt someone would use goverment ip'addresses to attack? It would be as .ru goveremnt openly supports this kind of attacks which is not. If someone in goverment would like to make massive ddos, they would pay money to right people to handle it.

Posted by james D. | May 29, 2007 4:14 PM

Posted on May 29, 2007 16:14

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Presented By

House Rules

This blog is a place for discussion and feedback, both positive and negative. If you post here, you are agreeing to the following Participation Policy...more

Meet the Bloggers

Recent Posts

About

This page contains a single entry from the blog posted on May 17, 2007 12:15 PM.

The previous post in this blog was Targeting the Black Box.

The next post in this blog is Sorry Apple, Wrong Answer.

Many more can be found on the main index page or by looking through the archives.

Powered by
Movable Type 3.34