Moon of Alabama Brecht quote
Back to Main

January 25, 2008
An International Security Rip-Off

A usual defense/security rip-off goes like this:

  • Find some tiny curious event that can be blown up to The Threat.
  • Personify The Threat by pinning it to Evil of the Day.
  • Urge action – gain support from sympathic media idiots like Fred Hiatt.
  • Propose the solution that makes the most for your interests.
  • Reap in the profits.

Never worry that the original event may turn out bogus. If that happens, it will inevitably be ignored. The Threat will never vanish and the profits will continue to flow.

The scheme is regularly used in a national context. Just think of all the stupid stuff the ‘Hauptabteilung für die Sicherheit des Heimatlandes’ is financing. Thinking bigger, tiny Estonia successfully managed to run the rip-off on an international scale.

We can follow the trail by simply listing news accounts:

Estonia hit by ‘Moscow cyber war’,
BBC, May 16, 2007
Estonia says the country’s websites have been under heavy attack for the past three weeks, blaming Russia for playing a part in the cyber warfare.

Many of the attacks have come from Russia and are being hosted by Russian state computer servers, Tallinn says.

Estonia urges firm EU, NATO response to new form of warfare: cyber-attacks,
AFP, May 16, 2007
"Taking into account what has been going on in Estonian cyber-space, both the EU and NATO clearly need to take a much stronger approach and cooperate closely to develop practical ways of combatting cyber-attacks," Estonian Defence Minister Jaak Aaviksoo told AFP Tuesday.

Pushback for Mr. Putin,
WaPo Editorial, May 19, 2007
FOR THE past three weeks, Estonia, a small European country that is a member of both NATO and the European Union, has been under assault from neighboring Russia. The offensive is of a new kind: cyber-warfare. Computers serving Estonian government ministries, banks, schools and media have been vandalized via the Internet. Some of the attacks have been traced to Russian government servers, including that of the president’s office in the Kremlin.

President Ilves met with the President of the United States
President of Estonia, June 25, 2007
President Ilves called upon the United States to participate in the NATO Center of Excellence, which the Estonian Government has proposed to establish in Tallinn.

Cyberwarfare threat is growing, say experts,
ComputerWeekly, Oct 24, 2007
The United States is to contribute a top Navy cyber defence expert to the Nato Centre of Excellence on Cooperative Cyber Defence that Estonia has formed with Germany and Spain. The centre aims to enhance Nato’s cyber defence capability and to serve as an essential source for providing Nato with expertise on cyber defence.

Estonia won a permanent NATO installation, free access to first grade technology and specialist to train its own people. That packages is only a few million per year but then Estonia IS a small country.

Now nobody will really care anymore about the last news-clip.

Student fined for attack against Estonian Web site,
IDG, Jan 24, 2008
A 20-year-old Estonian student has been fined for participating in a cyberattack that paralyzed Estonian Web sites and soured the country’s relationship with Russia, a government official said Thursday.

Dmitri Galushkevich used his home PC to launched a denial-of-service attack that knocked down the Web site for the political party of Estonia’s prime minister for several days, said Gerrit Maesalu, spokesman for the Northeast District Prosecutor’s Office in Tallinn, Estonia’s capital. Galushkevich must pay 17,500 kroons ($1,642).

"He [Galushkevich] wanted to show that he was against the removal of this bronze statue," Maesalu. "At the moment, we don’t have any other suspects."

Posted by b on January 25, 2008 at 14:42 UTC | Permalink
Comments

Galuschkevich is the cyber Lee Harvey Oswald…

Posted by: ralphieboy | Jan 25 2008 16:34 utc | 1

Cue Redrum, er, Rummy…
Rumsfeld: Ramp up information warfare

The U.S. military can’t fight the war on terrorism alone. It needs help from a host of other U.S. government agencies, including a new one that should be created to use the Internet to wage an information offensive against Muslim extremists, former Defense Secretary Donald Rumsfeld said Jan. 23.
In an address to an information warfare conference, Rumsfeld said the United States is “sitting on the sidelines” in a global battle of ideas. “We’re barely competing,” and for that reason we are losing, he said.

I posted about this in the ot too, however, the spam trap kept abusing me…
Translation: Demonize the internet by any means necessary…

Posted by: Uncle $cam | Jan 25 2008 16:53 utc | 2

Yes, Uncle Scam. Nice post Bernard.
Rummy has taken a grudging step towards Dem povs – collaboration is needed – but he limits it to ‘ideas’ – right in the Bush line, as if propaganda today could have any effect except on opportunisitic scammers who are keen, and effective, in exploiting other’s weakness and spinning tall tales. And, he says the US military needs help…from other US organisms, thus keeping to the go-it-alone mantra.

Posted by: Tangerine | Jan 25 2008 17:37 utc | 3

Wait a minute!
The last news link is dated January 24 2007 and tells of the student being caught.
The first we hear of the cyber attacks is from the BBC on May 16, 2007, which they claim were going on for the past three weeks or, since April 23, 2007, three months after the student was caught.
Either these attacks of late April are new attacks which happened as reported or the BBC item of May 16 is a complete fabrication.
I think you might be tilting at windmills on this one, B.

Posted by: Marek Bage | Jan 25 2008 23:58 utc | 4

Aha!!
I found the spanner in the works!
You’ve incorrectly dated the last news account at Jan. 24, 2007, when the link follows to an article of 2008.
It all makes sense now! 🙂

Posted by: Marek Bage | Jan 26 2008 0:03 utc | 5

Thanks Marek – copy paste error – the last piece is from 2008 – just corrected it.

Posted by: b | Jan 26 2008 7:55 utc | 6

we don’t have any other suspects.

Zero suspects is what you would expect from an anonymous DDoS attack. That or a frustrated teenage scriptkiddy who got a hold of of a trojan and a some botnet code, but is to young to think about such things as covering his tracks.
But the existence of a suspect doesn`t say anything about how big or little the attack was. There are zero suspects of the DDoS attacks on the DNS root servers, that doesn`t make the attack less memorable. And there must have been tons of groups of kids that got caught and that I cant remember at the moment.
Its my understanding that a significant chunk of the Estonia DDoS traffic was ICMP traffic. This is said to have come from the many readers of Russian language blogs following instructions to run ICMP echo “ping” tests against Estonian servers. I remember when I was like a 14 year old and the teardrop attack was the hot new thing. Compared even to that a bunch of people running ping is just incredibly sad.
Not at all impressive or sophisticated, but with enough people it can still saturate a serious internet link. This would mean there are a couple of Russian bloggers out there that if you can find them then maybe they did some inciting DoS kind of crime… Maybe if you work hard on making a list then Russia will help fine them. I can understand why the Estonian prosecutor didn`t bother. If he did then the list of suspects would be longish, but the attack wouldn`t be impressive at all.
There may have been a real botnet based DDoS part at one point during the attacks. What I remember of kids getting caught over the malware based DDoS is that they where caught because their extortion demands to online banks and casino`s and the accompanying bank accounts got traced back to them. Tracing the attacks can be harder since they come from the thousands of windows computers of people to lazy to run patches or have their ten year old nephew clean out the malware at 50$ an hour.
From what I heard there was no extortion. It was just the kind of nationalism that has been seen many times before. There have been vandals that DoS and deface things before they are old enough to write their own code let alone have a nuanced view on international relations for decades. I can think of American Chinese and Turkish kids as being annoying recently over such as the Belgrade embassy bombing, the spyplane incident, minor Armenian genocide comments in the least exciting corners of the world… and Al Jazeera just existing. Smart money says these kids, if there were any, wont get caught or suspected of anything.
So yes this was a very boring 90`s like attack that didn`t impress anyone. But that doesn`t logically follow from the fact that one unimpressive (and Estonian) kid got caught. My gut feeling is that if there were decent measurements of the size of the attack that it would be microscopic compared to what banks and casino`s deal with on a monthly basis. At least there the attackers have the brains to go after routers or DNS servers or something central like it. There is no doubt that a “run this ping command” attack is childish and silly. But if enough people join in then its still almost as much of a headache as a serious attack by people who know what they do. Even by todays low standards of kids and their scripts.
http://en.wikipedia.org/wiki/Script_kiddie
So 90 year old NATO generals after years of vandalisms on the “internets” finally notice and sound like idiots with their “cyber-terror” “cyberwar”-cries. But that doesn`t mean that the NSA and unit 8200 didn`t reverse Cisco Routers and GSM phones as part of serious signals inteligence and electronic warfare work that has been going on since the second world war.

Posted by: ek | Jan 28 2008 0:23 utc | 7

Back to Main