Source:
NYTimes --------------------------------------------------------------------------------
May 29, 2007
War Fears Turn Digital After Data Siege in Estonia
By MARK LANDLER and JOHN MARKOFF
TALLINN, Estonia, May 24 — When Estonian authorities began removing a bronze statue of a World War II-era Soviet soldier from a park in this bustling Baltic seaport last month, they expected violent street protests by Estonians of Russian descent...What followed was what some here describe as the first war in cyberspace, a monthlong campaign that has forced Estonian authorities to defend their pint-size Baltic nation from a data flood that they say was set off by orders from Russia or ethnic Russian sources in retaliation for the removal of the statue. “It turned out to be a national security situation,” Estonia’s defense minister, Jaak Aaviksoo, said in an interview. “It can effectively be compared to when your ports are shut to the sea.”
The bulk of the cyberassaults used a technique known as a distributed denial-of-service attack. By bombarding the country’s Web sites with data, attackers can clog not only the country’s servers, but also its routers and switches, the specialized devices that direct traffic on the network. To magnify the assault, the hackers infiltrated computers around the world with software known as bots, and banded them together in networks to perform these incursions. The computers become unwitting foot soldiers, or “zombies,” in a cyberattack. In one case, the attackers sent a single huge burst of data to measure the capacity of the network. Then, hours later, data from multiple sources flowed into the system, rapidly reaching the upper limit of the routers and switches...The attackers used a giant network of bots — perhaps as many as one million computers in places as far away as the United States and Vietnam — to amplify the impact of their assault. In a sign of their financial resources, there is evidence that they rented time on other so-called botnets...In the early hours of May 9, traffic spiked to thousands of times the normal flow. May 10 was heavier still, forcing Estonia’s biggest bank to shut down its online service for more than an hour. Even now, the bank, Hansabank, is under assault and continues to block access to 300 suspect Internet addresses. It has had losses of at least $1 million. Finally, on the afternoon of May 10, the attackers’ time on the rented servers expired, and the botnet attacks fell off abruptly.
All told, Arbor Networks (Ann Arbor, MI) measured dozens of attacks. The 10 largest assaults blasted streams of 90 megabits of data a second at Estonia’s networks, lasting up to 10 hours each. That is a data load equivalent to downloading the entire Windows XP operating system every six seconds for 10 hours.
In recent years, cyberattacks have been associated with Middle East and Serbian-Croatian conflicts. But computer systems at the Pentagon, NASA, universities and research labs have been compromised in the past.
Scientists and researchers convened by the National Academy of Sciences this year heard testimony from military strategy experts indicating that both China and Russia have offensive information-warfare programs. The United States is also said to have begun a cyberwarfare effort...Though Estonia cannot be sure of the attackers’ identities, their plans were posted on the Internet even before the attack began. On Russian-language forums and chat groups, the investigators found detailed instructions on how to send disruptive messages, and which Estonian Web sites to use as targets...Because of the murkiness of the Internet — where attackers can mask their identities by using the Internet addresses of others, or remotely program distant computers to send data without their owners even knowing it — several experts said that the attackers would probably never be caught. American government officials said that the nature of the attacks suggested they were initiated by “hacktivists,” technical experts who act independently from governments...The police here arrested and then released a 19-year-old Estonian man of Russian descent whom they suspected of helping to organize the attacks. Meanwhile, Estonia’s foreign ministry has circulated a document that lists several Internet addresses inside the Russian government that it said took part in the attacks.
Mark Landler reported from Tallinn and John Markoff from San Francisco. Steven Lee Myers contributed reporting from Moscow.
Read more:
http://www.nytimes.com/2007/05/29/technology/29estonia.html?ref=technology
Heads Up! It's gonna be a bumpy ride.