"Cyber Attacks Explained"

I thought this was a nice, apolitical article about an incident (or would it better be called a phenomenon?) which I don't think I've yet seen discussed in politically neutral terms. Clinically discussing the technical aspects of what happened is a good antidote for the hysteria which has tended to envelop all online discussions of this topic that I've seen. Of course it's because the author's agenda has nothing to do with Russia or Estonia - rather, his goal seems to be the laudable one of raising consciousness about potential American vulnerabilities.

Cyber Attacks Explained
By James A. Lewis, Director, CSIS Technology and Public Policy Program
June 15, 2007

The small Baltic country of Estonia was the target of a series of cyber attacks in May 2007. These were "denial of service" attacks, where an attacker floods the target network with bogus messages, causing its servers (computers that serve as a hub in a network) to slow or shut down.

The attacks caused grave concern among NATO officials, in large part because, at first, Russia was blamed. This attribution was wrong, in the sense that the attacks were not launched from Russian government computers. Like many things in cyberspace, it was difficult to tell who was at the other end of the Internet. Attribution in the Estonia case was made even harder by the use of "botnets." Botnets—short for robot networks—are the big new thing in cyber crime. A cyber criminal takes remote control of a computer by surreptitiously loading software on it. Most consumers don’t know that their computers have been compromised. Some botnets are huge, using tens of thousands of computers around the world. Having these gigantic criminal networks simultaneously send thousands of messages every minute overburdened Estonian servers and caused them to crash.

Attacks, crashes, robots—sounds like a war—and many commentators saw this as the first "cyber war." This was, of course, completely erroneous. Botnets are used all the time—they are the source of most spam—and are nothing special for cyber crime. This was not the first time that a government had seen foreign protestors attack servers and Web sites with botnets, hacks, and graffiti. China, Israel, India, Pakistan, and the United States have seen similar attacks, albeit on a smaller scale.

Nor was the Russian government inept enough to leave a trail of e-mails leading back to the Kremlin. Though one Russian government computer was used in the attacks, that was because it had been captured and controlled in a botnet. This does not prove that the Russian government is innocent. Russian government agents could have used chat rooms and e-mail to incite patriotic Russian hackers and cyber criminals to batter Estonian networks as punishment for daring to move a statue of a Soviet soldier. Estonian police arrested one such hacker, an ethnic Russian and Estonian citizen. Again, this is standard stuff—intelligence agents inciting a protest or riot. The attacks on Estonia are better seen as cyber protests than as war, like demonstrators lying down in a capital’s streets to block traffic (only without the risk of being run over).

On the Estonian end, there was turmoil, but not collapse or terror. Since independence, Estonia has been a leader in "e-government," or service using the Internet. This made them more vulnerable, but it also made them prepared to work in cyberspace. The Estonians responded calmly and were able to restore key services to minimal levels within a few days. Parliament, the president’s office, the police, and the foreign ministry were the primary targets, along with Estonia’s largest bank. Some took the simple response of blocking messages coming from other countries—this reduced the attacks, although it kept Estonians on travel from accessing their bank accounts.

Denial of service is not the most dangerous form of attack. A serious attack would not have been as noisy but would have penetrated Estonian computers and databases and scrambled or erased the data. Making health records and bank accounts disappear would have been far more disruptive. The United States faces this kind of attack, and it is vulnerable—U.S. government networks are routinely penetrated. We have many more networks than Estonia. Many are secure. Others are not. Unfortunately, we do not know which is which. All will be made clear when it is our turn to be attacked, but it might be better to find and fix our vulnerable systems before this occurs.

The article in pdf format.

Bits on Estonia

I decided to translate this article - emailed to me by a friend in Moscow who gets his news in part from Inosmi.ru. This article originally appeared in a Polish newspaper, was then translated by an Inosmi reader, and I'm translating it from that Russian version, so something may be lost in translation. Anyway, I take no position on the article - just wanted to translate it.

The Pinnacle of Russian Hypocrisy
Gazeta Wyborcza, Poland
Sergei Kovalyov
May 2, 2007

The same thing that is taking place in Estonia is happening at the same time in the Moscow suburb of Khimki, where the remains of Soviet pilots who perished in battles with the Germans are being relocated. The only difference is that in Moscow the militia dispersed a demonstration by youthful protesters, but in Estonia demonstrations are permitted.

Russia's protest against the relocation of the monument to Soviet soldiers in Tallinn is the pinnacle of slander and double standards. Russia is protesting because we are ruled by the heirs to the Stalin era, who have never apologized or sought forgiveness for the fact that the Soviet Union turned Central-Eastern Europe into a concentration camp. It would never even occur to them that Stalin didn't liberate but actually cruelly conquered Estonia.

Russia's misfortune lies in the fact that, unlike other peoples, we have no concept of "national guilt" or "historical guilt." And this situation was not an innovation of communism, but dates from an earlier wea. Russia's actions were justified by empire-building, but the idea of creating a Third Rome in Moscow, of uniting all of the Slavs under the scepter of the Tsar. Communism adopted this mentality. If we had a sense of historical guilt, then those who committed crimes under Stalin would have been punished or at the very least subjected to condemnation. But nothing of the sort happened.

It was easier for the Germans to do this after the Second World War, since they were occupied, and de-Nazification was forced on them. In Russia after the collapse of communism nothing of the sort happened, and we can feel the results of this today.

Our politicians, who are protesting the events in Estonia so vehemently, should have at least a tiny bit of a conscience.

For those interested in Polish readers' reactions to this article, the same Inosmi reader has translated into Russian a bunch of comments to the original article (though with a bias - indicated in the italicized translator's introduction - toward translating more of the pro-Russian comments).


The best summary I've seen of Estonia's argument against characterizing the Soviet Army as a "liberating" one was in a comment by Peteris Cedrins at Siberian Light:

If two bandits invade your house, theu both rape you, they fight, and one comes back to rape you for another fifty years — the last is a “liberator”? Because he fathered a bunch of children upon you?

Russia's official - and from all indications unofficial - reactions to this scandal have been extreme. The website of the youth organization Nashi has a whole section headlined "Estonian state fascism," and comments from government officials have been similar to or even harsher than the following:

Alexei Borodavkin, Russia's permanent representative to the Organization for Security and Cooperation in Europe, said the "blatant human rights violations in Estonia" indicated "indifference and connivance by the EU and NATO, organizations that have given membership to a country that tramples on the values upon which European culture and democracy rest."

Copydude also has some fairly trenchant commentary on the bronze soldier - and one Russian's view of the situation.

Soldiering on

There is a lot of comment around the blogosphere about the recent events in Tallinn. See here and here for Siberian Light's take; Global Voices also has coverage. Here's my small and unoriginal contribution, from today's bne newsletter.

Russia-Estonia stand off
Rencap, Russia
Tim Brenton
Thursday, May 3, 2007

The week-long stand off between Russia and Estonia reached a new level yesterday (2 May) when demonstrators from the Nashi youth group stormed a newspaper office in Moscow in order to disrupt a press conference being held by the Estonian Ambassador to Russia, Marina Kaljurand. The ambassador called the press conference to criticise Russian authorities for failing to protect her rights as a diplomat as laid out in the Vienna treaty against what she claimed were intimidation tactics used by the youth group.

Members of Nashi, the youth arm of United Russia, have been camped outside the Estonian Embassy for the past six days since the Estonian government removed a war memorial to Soviet soldiers from the centre of Tallinn and moved it to a cemetery outside the city. Estonia claims the memorial was becoming a focal point for clashes between Estonian nationalist groups and ethnic Russians living in the country. While Russia claims the move is yet another symptom of anti-Russian feeling in Estonia and disrespect for the dead. The Russian Orthodox Patriarch yesterday called the move "a sin"; and Russian Foreign Minister Sergei Lavrov has sent an extremely strongly worded letter to a number of his foreign counterparts complaining about the move.

The Nashi youth group is widely seen as being a tool of a faction within the Kremlin. Recently there have been cyber attacks on a number of Estonian government Web sites, which the Estonians claim originated from within the Kremlin.

However strange this saga may appear, it could be symptomatic of a number of things. Firstly, that Russia now feels in a powerful enough position to take on the Baltic States which have long been the most independent and anti-Russian former members of the Soviet Union. Secondly, yesterday's clash demonstrates a nervous political situation in Russia, where relatively minor events result in overly strong, possibly politically motivated reactions, in our view.