Advertisement
Promo

Security threats Toolkit

Estonia's CTO speaks out on cyberattacks

Tom Espiner ZDNet.co.uk

Published: 24 Oct 2007 11:47 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Speaking to ZDNet.co.uk at the RSA Conference Europe 2007 in London, Mikhel Tammet, director of the Estonian communication and information technology department, said he believes forces within the Russian government may have initiated and sponsored attacks against his country's critical national infrastructure earlier this year.

In May this year the Estonian critical national infrastructure (CNI) came under sustained cyberattack from perpetrators whose identity remains unknown. However, Tammet said he suspected the forces behind the attacks to be linked to the Russian government.

"It was a political campaign induced by the Russians; a political campaign designed to destroy our security and destroy our society," said Tammet on Tuesday. "The attacks had hierarchy and co-ordination."

Tammet added that, while it was not possible to put a face to the attackers nor to prove any direct connection to the Russian authorities, all previous attacks with a political aim emanating from Russia had their roots in government action.

"It's been that way in Russia for centuries," said Tammet. "The attack was 50 percent emotions, 50 percent something else, but we can't define what that something is. There was an organisation behind it, but we can't [definitively] say if it's the government or criminals, or both."

The attack on Estonia began on 26 April after the Estonian government relocated the "Bronze Soldier", a war memorial commemorating an unknown Russian who died fighting the Nazis. The initial attack phase saw denial-of-service attacks against government sites by individuals and defacement attacks.

In contrast to Tamet's views, Alexey Podrezov, a Russian antivirus researcher for Finnish security company F-Secure, said he believes the attacks were not government-sanctioned and were probably the work of private individuals.

"From a Russian perspective, the Second World War is sacred: we won, we're great, we conquered the fascists. Then Estonia moved the monument, which caused offence. The government had nothing to do with it — the media hyped it up [so people attacked]," said Podrezov.

According to Tammet, at the height of the attacks, 20,000 networks of compromised computers were being linked and orchestrated, indicating that a powerful organisation was behind the barrage of network traffic.

"We had a lot of spam, with government websites targeted, and calls to attack Estonia on the internet, but we were not afraid in this phase," said Tammet.

Read this

Feature
Q&A: Explaining the Estonian cyberattacks

Arbor Networks' Jose Nazario takes stock of the denial-of-service attack against the Baltic nation and discusses the wider implications

Read more +

The Estonians became uneasy during the second phase of the attack, between 30 April and 3 May, which saw a "gathering of botnets like a gathering of armies", according to Tammet. These botnets were used to launch attacks against the routers of ISPs hosting Estonian government sites, and their DNS (domain name system) servers, in an attempt to disable email.

"They were bandwidth-stealing, testing how much we could stand," said Tammet. "Those days were the most alarming."

The main attack phase saw distributed denial-of-service (DDoS) attacks against the two main banks in Estonia, Hansabank and SEB Eesti Ühispank. According to Tammet, Estonia "is 97 percent dependent on internet banking".

"If the main banks are out of order and there are no bank services, we're in deep trouble, because cash isn't common in Estonia," said Tammet.

The attacks peaked on 10 and 15 May, when some bank terminals were also out of order and foreign money transfers knocked out. Government systems were also attacked on 15 May. The attacks abruptly ceased three weeks after they had begun.

Tammet said that the escalation of events during the attack had been hard to predict, and reaction times had to be short. There was no time for human-centred decision making. The attacks caused Estonia to realise that it needed tighter links with ISPs, thin structures to protect e-society, and to share decision making between humans and machines.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
19 out of 19 people found this useful


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

1 comment

  1. Revolt Tanvir37

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:










Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Climate research centre compromised

One of the UK's leading climate change research centres has had a security breach. The Climate Research Unit at the University of East Anglia (UEA) suffered a compromise of information,... More

1 comment

Government web-monitoring plans on hol...

Government plans to compel ISPs to process and store details of all web communications have been put on hold until after the next election. The Home Office told ZDNet UK on Wednesday... More

1 comment

Watchdog reveals illegal sale of phone...

The Information Commissioner's Office is preparing a prosecution file against a mobile operator's employees who allegedly sold on thousands of customers' details to a competitor. The... More

1 comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters