These are some notes I took while watching a slideshow from last year’s DefCon (watching online *sigh*). It is on the attacks against Estonia last year and how they were responded to. Fascinating stuff for anyone interested in Security, emerging threats and online/internet/cyber-terrorism. If you have no idea what happened to Estonia a year ago, find out briefly here. Note: according to the presenter (Gadi Evron) this was not the first or the largest such attack (the article I linked to says it was).
Estonia’s government is fully internet based
-they have online elections
-elementary school teachers give nightly updates to students
The government knew that there would be a threat around the day that it occurred because it was the anniversary of the Russians defeating the Germans in WWII and there’s a lot of craziness on that date. So they,
-Asked sensitive websites to create plaintext versions
-did CERT preparation
During the attack only Open BSD server survived well.
The attack resulted in an increase of traffic from 100 to 1000 times (estimated).
Because of riots in the streets, they called the DOS attacks “cyber-riots”
Meme spreads through Russian Language forums and blogs–much faster than normal memes spread. The phrase “fucking estonian fascists/Nazis” appeared over and over again. Made many think it was an organized attack.
Those coping sent everyone home for the weekend to rest and recoup and when they came back they found that websites had set up instructions for bloggers on how to ping-attack Estonian websites “pinguem estonskie servera”
“First self-correcting attack” speaker had seen
Spam attack on the Estonian Parliament resulted in 2 days of downtime for the internet-based country
2 routers crashed. One router was misconfigured and the other just couldn’t handle the traffic.
There seem to be measurement attacks for 2 minutes at a time, with an internal of an hour or two weeks. This indicates organization of botnets.
The botnet attacks were quite regular, there were nearly no bots attacking from within Estonia.
There were forums where people ask for botnets and offered them.
The speak suggests implementing redundant (non-technical?) systems for critical infrastructure–private and business sector were the attacked systems. Not military. But ISPs, banks and media web sites were critical. Also, home computer security.
Think: internet warfare is scalable. Individuals can fight each other in the same way countries can fight each other.
Botnets are similar to trading prisoners but infecting them with a disease first–“unwitting zombie fifth column”.
Dealing with cyber-terrorism is like mob control, mass psychology. Bellweathers can controlled masses.
Defenders must enact crowd control–counter intelligence. Keep the president (‘s website) and parliament (‘s email) safe!
Broken windows theory. Deal with small attacks first.
If you want to see for yourself, here is the very cool presentation:
Estonia: information warfare and lessons learned “the first internet war”
I do not take a single newspaper, nor read one a month, and I feel myself infinitely the happier for it.
– Thomas Jefferson