–Estonian Websites Under Attack
(May 10 & 17, 2007)
Web sites throughout Estonia have been under attack for the past three weeks. Riots and protests broke out on April 27 when Estonia removed a
Soviet war memorial statue in the capital city of Tallinn. Ethnic
Russians protested the statue's removal. Russia is suspected of being behind the attacks, but no accusations have been made. The distributed denial-of-service (DDoS) attacks have hit across the board at government web sites as well as web sites of newspapers, banks and businesses.
NATO has sent cyber terrorism experts to Tallinn to help the country improve its cyber defenses.
http://www.guardian.co.uk/russia/article/0,,2081438,00.html http://www.economist.com/world/europe/displaystory.cfm?story_id=9163598
[Editor's Note (Liston): I find this incident to be troubling on many levels. While there is a great deal of disagreement on whether or not the Russian government is participating in this attack, the effectiveness of this DDoS highlights the potential for third-party agitators to potentially exacerbate an international incident. Rapid, accurate and positive attribution of this type of cyber-attack is essentially impossible, which almost invites "interested" third parties to use it as a means of stirring up trouble on an international level.
(Ullrich): During the China-US standoff about the spyplane that was shot down in 2001, Chinese hacker groups defaced US websites and US hacker groups retaliated. None of these attacks amounted to more then a nuisance. It is likely that the attacks against Estonia are similarly inspired by patriotism and not necessarily government controlled.
However, as the importance of cyber warfare increases, better methods are needed to determine attribution of attacks. (Honan): Arbor Networks have an interesting entry in their Security to the Core Blog outlining a summary of these attacks as seen by them,
http://asert.arbonetworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/.
While TERENA has details on how the European CSIRT community is assisting Estonia in dealing with the attacks,
http://www.terena.org/news/fullstory.php?news_id=2103]
(((Thanks a lot, SANS.org!)))
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
A little help, please. We are planning for the 2007 Top20 Internet
Security Threats report. If you have any experience with Top20 reports over the past six years, could you tell us whether you think an annual or semi-annual or quarterly summary report is necessary or valuable? Do you think the current categorization is OK or can you think of improvements Are there any things we can do to improve the value of the
Top20 for you to put it to use? Just reply to this email with your comments. And thanks.
Alan
For a free subscription, (and for free posters) or to update a current subscription, visit
http://portal.sans.org/
