A security researcher involved in defending against last year's
web
attacks on Estonia has shared his account of the crisis, and is offering
advice on how to prevent similar assaults in the future.
Gadi Evron has published an article in the Georgetown Journal of
International Affairs detailing his experiences in helping Estonia's
government defend against a "cyber-riot" from Russian nationalist hackers.
The attacks began in April 2007 when authorities from the former Soviet state
disclosed plans to move a Russian World War II memorial out of a town square and
into a military graveyard.
An outcry from ethnic Russians in the country led to a series of real-world
riots as well as an outbreak of cyber-attacks on Estonian government websites.
The attacks were especially devastating for Estonia, which has become highly
reliant on web-based services in recent years.
"While the exact source of the attacks remains unknown, evidence suggests a
highly organised assault," wrote Evron.
"Not only did the cyber-riot start almost simultaneously with the actual
riots, but fresh posts in the Russian-language blogosphere appeared with new
targets and instructions."
Evron claims that the Estonian government went so far as to lobby the EU to
pressure the Russian government to step in, a move which was ultimately blocked
for diplomatic reasons.
The attacks began soon after. Fuelled by Russian-language blogs and websites,
a mob of users joined with botnet controllers to attack Estonian government
sites, and then target the country's banks and news outlets.
The government enlisted its own computer emergency response team to defend
against the attacks along with volunteers and outside security consultants.
While the team was eventually able to weather the attacks, Evron said that
the process might have been slowed by a lack of clear leadership.
"The Estonian response team was able, to a degree, to mitigate the impact of
the attacks," he wrote. "But due to its ad hoc, unofficial status, it lacked the
authority to enforce its recommendations on all parties involved."
Evron suggested that all governments need to develop a plan for responding to
a cyber-attack and establish a clear chain of command.
"Public and political attitudes to cyber-crime must change, and law
enforcement must be given greater resources to cope with its growing presence in
the virtual community," he said.
"Different national law enforcement agencies and operations should
collaborate and establish a common framework that will help trace recent
developments involving internet security in a significantly faster fashion, as
current measures have completely failed to cope."
Do you agree?
Have your say on this article