London, UK - 02 June 2007, 08:08 GMT
- The recent turmoils
-- physical and digital -- triggered by the decision of the Estonian authorities
to relocate the seven-foot Bronze Soldier statue from the Tallinn city centre,
where it had stood for sixty years, to the war cemetery, has been broadly
covered by traditional and online media as well as by the more in-depth recent
Dear ATCA Colleagues
We are grateful to:
Roberto Preatoni based in Tallinn, Estonia, and Milan, Italy, for his submission
"The digital bending of Estonia on its physical knees -- The Lessons
we are NOT going to learn" to ATCA in response to "Cyber
Warfare -- Beyond Estonia-Russia, the rise of China's 5th Dimension Cyber
Dear DK and Colleagues
Re: The digital bending of Estonia on its physical knees -- The Lessons
we are NOT going to learn
Tallinn, Estonia, being the base for most of my professional activities
as well as the headquarters of Zone-H, the international independent cyber-crime
observatory, I had the opportunity to witness the development of the story
both from the social and from the digital point of view. In view of the
subject matter, I consider myself to have a privileged standpoint: my wife
and children are Estonian while the general manager of my Estonian security
company is a Russian-Estonian. This, together with a broad circle of friends
amongst both the Estonian and the Russian-Estonian communities has given
me the opportunity to collect first-hand comments, being able to understand
that the removal of the Bronze Soldier statue was just the spark that ignited
a process fully loaded with old resentments, nationalism and unresolved
political issues. Estonia has been the first former-Soviet Union country
to join the European Union, nevertheless it has still a long way to go towards
the integration of the two communities that since 1991 have been struggling
on the social and political level.
It is not my intention to take a stand and judge as I am neither a sociologist
nor a politician but being the founder of Zone-H, I had the opportunity
to analyse the facts behind the digital attacks which caused the collapse
of the country's critical infrastructure for several days and I'd like to
share my views with the distinguished ATCA members.
When we think about critical infrastructure, it might come naturally to
some to think about Supervisory Control and Data Acquisition (SCADA) systems,
which power electric grids, power plants, sewage etc, but in the case of
Estonia the first national critical infrastructure is the Internet itself.
Estonia is well known to be one of the most Internet-connected countries
in the world, where almost every single aspect of the average-citizen is
managed by IT infrastructures. From eBanking to eVoting, from eParking to
Wi-Fi coverage even on its beaches, Estonia was a country small enough to
decide in the mid '90s to dare to take the "digital road" step
by step via development, implementation as well as self-reliance on top
notch IT solutions from scratch, based on the traditional Scandinavian positive
attitude towards technology and telecommunications.
The over reliance of Estonian society on information technology was well
known by the authors of the Distributed Denial of Service (DDoS) attacks
that backed up the street protests following the removal of the statue.
Although, we had begun gathering some intelligence a few days in advance
about the incoming attacks, but our information was not far-in-advance.
Scattered information started to trickle through a week before the first
attacks, mostly coming from Russian-Estonian or Russian net-citizens who
announced their will to use digital fire-power to hit Estonia and bend it
on its knees. And so it happened, Estonia did bend on its knees.
This episode, following last February's Prophet Mohammed cartoons' digital
protest against Denmark, covered extensively on ATCA, has a lot to teach
Heed the Visionaries -- Lesson One: The possibility of large scale
digital warfare has been researched, envisioned, announced and understood
a long time ago and it has arrived. In this view the mi2g Intelligence Unit
and Zone-H have been true pioneers in this field for over a decade, announcing
to the world such possibilities [original ATCA submission] when the Internet
for the average Joe public still meant a 35 kbits/s bandwidth.
Cheap Innovation -- Lesson Two: Digital firepower is cheap. Attackers
nowadays can easily compromise computers located, for example, in South
Korea, where the home bandwidth can reach a staggering (by Western standards)
150 Mbits/s. New attacking vectors have also been developed, allowing attackers
to compromise a single peer-to-peer file sharing hub, zombifying (enslaving)
thousands of high-bandwidth computers at once.
Fast Aggregation -- Lesson Three: The digital-divide concept is widely
known but the digital-unite one is not yet clear. The Internet is a fast-pace
aggregator (think about the social networks and blogs) where unknown people
from different countries can meet in their efforts under a shared political
or social agenda in the glimpse of a second. In this context, the first
case we witnessed was the Pakistan-Brazil cyber-alliance against USA right
after 9/11, when hackers from apparently non-related countries and religions
united their efforts against a common adversary. Here we must say that official
political relationships between countries do not always reflect the citizens'
real sentiments which are revealed by their actions in cyber-space, without
political control. Our overall impression in relation to the Estonian cyber-incident
is that the digital attacks were coming from single or small groups of net-citizens
who decided to co-ordinate between themselves rather than an episode driven
by the nation state of Russia.
Crushing Power -- Lesson Four: Nothing can easily survive a Distributed
Denial of Service, period. Long time ago DDoS mainly meant large size data
packets launched against a target. Today, we have TCP floods, UDP floods
and the less-known application stressing floods (Zone-H has live examples
of its effects as we are under attack everyday). No security appliance or
anti-DDoS solution can help against a coordinated and focused series of
attacks. It's just pure mathematics, if you have a 100 Mbits/s (100 Million)
pipeline and your attacker sends you 1 Gbits/sec (1 Billion) of junk data,
your security appliances might prevent the junk traffic reaching your network
plug, but the incoming pipeline will still be filled by ten times the amount
of data it can handle, virtually disconnecting the target from the rest
of the Internet.
Worse still, any 13 years old young cracker can build a DDoS network capable
of several Gigabytes per second firepower in a matter of a few days utilising
publicly available compromised computers and bandwidth.
Learn from History -- Lesson Five: We didn't learn the lesson. After
the Estonian incident, I was expecting the issue to be widely discussed.
On the contrary, it is discussed only among few elite communities such as
the ATCA distinguished list.
My best regards to you and the distinguished ATCA members
Roberto Preatoni (40) is Chief Executive of an international group of security
companies: Domina Privacy & Security AS, Estonia and Russia, PITconsulting
SPA - Italy & Securitylab SA - Switzerland. He is the author of a book
on digital asymmetric warfare "Asymmetric Shadows" (Ombre Asimmetriche);
and international Lecturer in IT security, property protection and digital
warfare conferences. He also teaches in regard to "Internet Abuses"
at the Applied Computer Science faculty of the University of Urbino, Italy.
He is the founder of the independent cybercrime observatory of server side
attacks "Zone-H" and key teacher in Zone-H worldwide security
classes, providing advice to several governments and institutions in matters
related to Cyber-crime. He lives between Italy, Estonia, Russia and Japan.
Read the previous article here: Cyber Warfare -- Beyond
Estonia-Russia, The Rise of China's 5th Dimension Cyber Army
We look forward to your further thoughts, observations and views. Thank