Only a few decades after the Wright brothers’ first flight in 1903, airspace had joined land and sea as a theater in which nations battle for military supremacy. Now the battleground has moved to cyberspace.
“We are in a world today where, in addition to the classical dimensions of land, sea and air, we have a virtual dimension called cyberspace,” Estonia’s defense minister recently told a Washington audience at the Center for Strategic and International Studies.
He warned them that, a century later, history is poised to repeat itself.
“It is imminent that future development will see war in this newly born cyberspace. The probability of this threat is rising over time.”
Jaak Aaviksoo, a theoretical physicist who became Estonia’s defense minister early in 2007, made his comments from practical experience.
“In Estonia, it was not an imaginary but a real threat that we experienced a few months ago,” Aaviksoo said.
Spring attack
During three days in late April and early May, Estonia suffered denial-of-service attacks against its information infrastructure, becoming the victim of what is widely believed to be the first instance of a coordinated, wide-scale cyberattack by one country against another.
“This was clearly not a spontaneous event,” he said. “The attacks were carried out in a precise time frame by groups of organized computers, botnets they had rented for that purpose.
This was related to a decision to relocate a Soviet-era monument.”
The online attacks appeared to have been coordinated with street demonstrations spurred by a decision to move a statue of a Red Army soldier from the central square of the Estonian capital of Tallinn to the city’s outskirts. To many Russians, the statue is a symbol of the Soviet liberation of Estonia in World War II. To many Estonians, it is a symbol of Soviet oppression.
The first day of attacks was April 28, the second day May 5 and the third day May 9. The attacks appear to have been carried out by as many as 1 million computers in 50 countries and, at their peak, generated more than 400 times normal traffic volumes. The targets were government Web sites and portals, news sites and financial institutions.
The aim of the attacks seemed to be psychological impact rather than damage to physical infrastructure; Aaviksoo characterized them as cyberterrorism rather than cyberwarfare. But the possibility of full-fledged cyberwar must be faced, he said.
There was no long-term damage done to targets, but there were impacts.
“People who were newsthirsty could not get online news,” Aaviksoo said. This was not a trivial matter in one of the world’s most wired countries. In addition, the country’s two largest banks, which hold 90 percent of the market, also were attacked.
As to who was behind the attacks, “for the time being, there is no solid evidence we can use for placing the blame,” he said. He did not mention Russia by name but said the attacks appeared to have been coordinated with demonstrations and riots funded by diplomatic representatives of “our big neighbor.”
The embassy of that neighbor says nyet.
“The speculation about funding of the demonstrations is absolute nonsense,” said the press secretary for the Russian embassy.
As for the attacks, “they have never produced any evidence it came from Russia,” the Russian embassy spokesman said.
Help-desk diplomacy
The spokesman said Estonia made a request in May to the Russian attorney general for assistance in finding the source of the attacks but that it was not properly made. The attorney general offered to help if the request was made in the proper form, “but nothing came back.”
The Estonian response to the attacks was informal but reasonably effective. The primary response was to block servers forwarding the attack traffic. In this effort, they received help from the U.S. government because as many as 10 percent of the attacking botnet computers were in the United States.
“We’ve decided we have to increase the security of our governmental computer systems,” Aaviksoo said.
Still, “there is a general lack of awareness and preparation to guard against cyberattacks,” he said. He called for a broad, multilateral effort by Europe and its allies to defend against cyberattacks, with cooperation between the public and private sectors and among countries.
“The problem resolves itself to a risk-management exercise,” he said. “Minimizing risk always brings with it certain burdens,” which will have to be shared by government, the private sector and the public.
---
Autor(en)/Author(s): William Jackson
Quelle/Source: Government Computer News, 10.12.2007
