Russia Prosecutes the First State-Sponsored Cyberwar

Reader Jeremy Putley points to a story in the Guardian which indicates that Russia has harnesssed the power of a million computers to launch a cyber war against Estonia. Does Russia really believe that cyber war, nothing but terrorism, will lead to winning respect and prestige in the community of nations? How does it do anything but confirm the world’s existing stereotype of Russia a rogue, criminal state?

Estonia said yesterday that at least 1m computers had been used to launch an unprecedented wave of cyber-attacks on the small Baltic state over the past few weeks and indicated the damage inflicted had run into tens of millions of euros.

Despite earlier explicit accusations that Russia was behind the offensive, however, officials in Tallinn, the Estonian capital, backed away from accusing the Kremlin directly. The outbreak of the attack, with hundreds of thousands of hits bombarding Estonian websites in order to jam them and make them unusable, coincided three weeks ago with the climax of an ugly dispute between Moscow and Tallinn over a Soviet second world war memorial in the Estonian capital.

Jaak Aaviksoo, Estonia’s defence minister, said yesterday that some of the attackers early in the onslaught had been identified as using internet provider addresses from Russian state institutions. But he said: “There is not sufficient evidence of a [Russian] governmental role.”

Russian officials have denied any state responsibility, suggested the Estonians should prove their allegations, and have said the culprits could have faked Russian-origin internet provider addresses.

The issue was to be raised last night or today by European leaders at the EU-Russian summit in Samara.

Russia has said EU solidarity with Estonia in the row over second world war memorials is misplaced and hypocritical, and has charged Estonia with barbarism.European capitals have been shocked by the fierceness of the Russian reaction to the spat with Estonia, entailing trade and transport blockades, a siege of the Estonian embassy in Moscow, an attempt to attack the Estonian ambassador there, and calls for the resignation of the Estonian government.

The internet attacks targeted Estonian government websites and those of political parties, banks, media organisations, and other companies. There have been three distinct waves over the past three weeks, the last of which appeared to be subsiding yesterday.

Estonian officials are determined to press the phenomenon on to Nato and EU agendas. Cyber-security is expected to be discussed at a meeting of Nato officials next month. Nato experts are also helping Estonia to investigate the attacks.

Hillar Aarelaid, the official in charge of trying to counter the attacks, said yesterday that most of the websites targeted were operating normally. As well as the volume of “malicious traffic” from Russia, analysts had also traced attackers to the US, Canada, Vietnam, Brazil and other countries, he said.

There have been several such “denial of service” attacks in recent years, in connection with the Iraq war, and during the cartoons crisis in Denmark two years ago. Nato websites were also targeted as long ago as 1999, during the war in Kosovo. But in scale and duration, the current campaign is believed to be the worst yet.

Another reader points out that the BBC is calling Russia a nation of “cyber pirates.” Either the Kremlin is launching these attacks, or it is doing nothing to stop them, or it’s powerless to stop them. Any way you look at it, the picture is a bleak one for the rule of law in Russia.

Estonia, one of the most internet-savvy states in the European Union, has been under sustained attack from hackers since the ethnic Russian riots sparked in late April by its removal of a Soviet war memorial from Tallinn city centre. Websites of the tiny Baltic state’s government, political parties, media and business community have had to shut down temporarily after being hit by denial-of-service attacks, which swamp them with external requests. Some sites were defaced to redirect users to images of Soviet soldiers and quotations from Martin Luther King about resisting “evil”. And hackers who hit the ruling Reform Party’s website at the height of the tension on 29 April left a spurious message that the Estonian prime minister and his government were asking forgiveness of Russians and promising to return the statue to its original site.

Getting hit hard

The government’s response has been to close down sites under attack to external internet servers while trying to keep them open to users inside Estonia, but the attacks are taking a toll and have been likened by the defence ministry to “terrorist activities”. “Of course [sites] can be put up again, but they can be attacked also again,” Mikhail Tammet, head of IT security at the Estonian defence ministry, told BBC World Service’s Newshour programme. Estonia, he said, depended largely on the internet because of the country’s “paperless government” and web-based banking. “If these services are made slower, we of course lose economically,” he added. While the government in Tallinn has not blamed the Russian authorities directly for the attacks, its foreign ministry has published a list of IP addresses “where the attacks were made from”. The alleged offenders include addresses in the Russian government and presidential administration.

Dmitry Peskov, the Kremlin’s chief spokesman, told the BBC’s Russian Service there was “no way the [Russian] state [could] be involved in cyber terrorism”. “When you look at the IP addresses showing where the attacks are coming from, then there’s a wide selection of states from around the world,” he added. “But it does not mean that foreign governments are behind these attacks. Moreover, as you probably know, IP addresses can be fake.” Russia’s own presidential website, he said, came under attack itself “hundreds” of times daily.

‘Private attacks’

David Emm, senior technical consultant at Moscow-based antivirus software company Kaspersky Lab, believes the hackers are likely to be “younger types who, in other days, would have been writing and spreading viruses”. “I would not be surprised if switched-on people were using technical means of expressing themselves,” he told the BBC News website’s technology correspondent, Mark Ward. Anton Nossik, one of the pioneers of the Russian internet, sees no reason to believe in Russian state involvement in the hacking, beyond the fanning of anti-Estonian sentiment. “Unlike a nuclear or conventional military attack, you do not need a government for such attacks,” he told the BBC News website. “There were anti-Estonian sentiments, fuelled by Russian state propaganda, and the sentiments were voiced in articles, blogs, forums and the press, so it’s natural that hackers were part of the sentiment and acted accordingly.” Hackers, he points out, need very little money and can hire servers with high bandwidth in countries as diverse as the US and South Korea. The expertise is “basic”, he says, with virus scripts and source codes available online and there are “hundreds of thousands of groups who have the resources to launch a massive virus attack”. “The principle is very simple – you just send a shed load of requests simultaneously,” he says. Estonia’s blocking of external servers is in his opinion a smart response but can only work for a country of “1.4 million with a non-international language”. In Russia, for instance, foreign servers account for 60% of the net, he says. For Mr Nossik, of more concern is how the global net can protect itself against the big virus attacks like the Backbone Denial-of-Service attack in February which hit three key servers making up part of the internet’s backbone. “Compared to the scale of the problem in general, Estonia is small,” he says.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s