Are Our FSB Cyber Buddies Busy Somewhere else?

Well, if you’re a regular reader of this site, you might have noticed that, lately, our abusive Moscow traffic has dropped off significantly.  Perhaps they are busy working on the following cyber atttack…

Russia accused of unleashing cyberwar to disable Estonia
· Parliament, ministries, banks, media targeted
· Nato experts sent in to strengthen defences

Ian Traynor in Brussels
Thursday May 17, 2007
The Guardian

A three-week wave of massive cyber-attacks on the small Baltic country of Estonia, the first known incidence of such an assault on a state, is causing alarm across the western alliance, with Nato urgently examining the offensive and its implications.

While Russia and Estonia are embroiled in their worst dispute since the collapse of the Soviet Union, a row that erupted at the end of last month over the Estonians’ removal of the Bronze Soldier Soviet war memorial in central Tallinn, the country has been subjected to a barrage of cyber warfare, disabling the websites of government ministries, political parties, newspapers, banks, and companies.

Nato has dispatched some of its top cyber-terrorism experts to Tallinn to investigate and to help the Estonians beef up their electronic defences.

“This is an operational security issue, something we’re taking very seriously,” said an official at Nato headquarters in Brussels. “It goes to the heart of the alliance’s modus operandi.”

Alarm over the unprecedented scale of cyber-warfare is to be raised tomorrow at a summit between Russian and European leaders outside Samara on the Volga.

While planning to raise the issue with the Russian authorities, EU and Nato officials have been careful not to accuse the Russians directly.

If it were established that Russia is behind the attacks, it would be the first known case of one state targeting another by cyber-warfare.

Relations between the Kremlin and the west are at their worst for years, with Russia engaged in bitter disputes not only with Estonia, but with Poland, Lithuania, the Czech Republic, and Georgia – all former parts of the Soviet Union or ex-members of the Warsaw Pact. The electronic offensive is making matters much worse.

“Frankly it is clear that what happened in Estonia in the cyber-attacks is not acceptable and a very serious disturbance,” said a senior EU official.

Estonia’s president, foreign minister, and defence minister have all raised the emergency with their counterparts in Europe and with Nato.

“At present, Nato does not define cyber-attacks as a clear military action. This means that the provisions of Article V of the North Atlantic Treaty, or, in other words collective self-defence, will not automatically be extended to the attacked country,” said the Estonian defence minister, Jaak Aaviksoo.

“Not a single Nato defence minister would define a cyber-attack as a clear military action at present. However, this matter needs to be resolved in the near future.”

Estonia, a country of 1.4 million people, including a large ethnic Russian minority, is one of the most wired societies in Europe and a pioneer in the development of “e-government”. Being highly dependent on computers, it is also highly vulnerable to cyber-attack.

The main targets have been the websites of:

· the Estonian presidency and its parliament

· almost all of the country’s government ministries

· political parties

· three of the country’s six big news organisations

· two of the biggest banks; and firms specializing in communications

It is not clear how great the damage has been.

With their reputation for electronic prowess, the Estonians have been quick to marshal their defences, mainly by closing down the sites under attack to foreign internet addresses, in order to try to keep them accessible to domestic users.

The cyber-attacks were clearly prompted by the Estonians’ relocation of the Soviet second world war memorial on April 27.

Ethnic Russians staged protests against the removal, during which 1,300 people were arrested, 100 people were injured, and one person was killed.

The crisis unleashed a wave of so-called DDoS, or Distributed Denial of Service, attacks, where websites are suddenly swamped by tens of thousands of visits, jamming and disabling them by overcrowding the bandwidths for the servers running the sites. The attacks have been pouring in from all over the world, but Estonian officials and computer security experts say that, particularly in the early phase, some attackers were identified by their internet addresses – many of which were Russian, and some of which were from Russian state institutions.

“The cyber-attacks are from Russia. There is no question. It’s political,” said Merit Kopli, editor of Postimees, one of the two main newspapers in Estonia, whose website has been targeted and has been inaccessible to international visitors for a week. It was still unavailable last night.

“If you are implying [the attacks] came from Russia or the Russian government, it’s a serious allegation that has to be substantiated. Cyber-space is everywhere,” Russia’s ambassador in Brussels, Vladimir Chizhov, said in reply to a question from the Guardian. He added: “I don’t support such behaviour, but one has to look at where they [the attacks] came from and why.”

Without naming Russia, the Nato official said: “I won’t point fingers. But these were not things done by a few individuals.

“This clearly bore the hallmarks of something concerted. The Estonians are not alone with this problem. It really is a serious issue for the alliance as a whole.”

Mr Chizhov went on to accuse the EU of hypocrisy in its support for Estonia, an EU and Nato member. “There is a smell of double standards.”

He also accused Poland of holding the EU hostage in its dealings with Russia, and further accused Estonia and other east European countries previously in Russia’s orbit of being in thrall to “phantom pains of the past, historic grievances against the Soviet union and the Russian empire of the 19th century.” In Tallinn, Ms Kopli said: “This is the first time this has happened, and it is very important that we’ve had this type of attack. We’ve been able to learn from it.”

“We have been lucky to survive this,” said Mikko Maddis, Estonia’s defence ministry spokesman. “People started to fight a cyber-war against it right away. Ways were found to eliminate the attacker.”

The attacks have come in three waves: from April 27, when the Bronze Soldier riots erupted, peaking around May 3; then on May 8 and 9 – a couple of the most celebrated dates in the Russian calendar, when the country marks Victory Day over Nazi Germany, and when President Vladimir Putin delivered another hostile speech attacking Estonia and indirectly likening the Bush administration to the Hitler regime; and again this week.

Estonian officials say that one of the masterminds of the cyber-campaign, identified from his online name, is connected to the Russian security service. A 19-year-old was arrested in Tallinn at the weekend for his alleged involvement.

Expert opinion is divided on whether the identity of the cyber-warriors can be ascertained properly.

Experts from Nato member states and from the alliance’s NCSA unit – “Nato’s first line of defence against cyber-terrorism”, set up five years ago – were meeting in Seattle in the US when the crisis erupted. A couple of them were rushed to Tallinn.

Another Nato official familiar with the experts’ work said it was easy for them, with other organisations and internet providers, to track, trace, and identify the attackers.

But Mikko Hyppoenen, a Finnish expert, told the Helsingin Sanomat newspaper that it would be difficult to prove the Russian state’s responsibility, and that the Kremlin could inflict much more serious cyber-damage if it chose to.

Explore posts in the same categories: Cyber Jihad, Russian Connection

9 Comments on “Are Our FSB Cyber Buddies Busy Somewhere else?”


    The West could take a lesson here and go after the jihadist sites. That would tick off the holies a great deal.

  2. Che Says:

    “But Mikko Hyppoenen, a Finnish expert, told the Helsingin Sanomat newspaper that it would be difficult to prove the Russian state’s responsibility, and that the Kremlin could inflict much more serious cyber-damage if it chose to.”

    “Mr Chizhov went on to accuse the EU of hypocrisy in its support for Estonia, an EU and Nato member. “There is a smell of double standards.”

    Estonian officials say that one of the masterminds of the cyber-campaign, identified from his online name, is connected to the Russian security service. A 19-year-old was arrested in Tallinn at the weekend for his alleged involvement.

    – That’s just another example of turning a fly into an elephant. Current Estonian government is rusophobic by nature and uses every excuse to blame us in whatever negative happens to them.

    The removal of the Bronze soldier was a great insult to russians living in both countries and to our government. It was even denounced by Simon Vizental center. However Putin is wise enough not to take any official actions like embargo and stuff, for Estonia is free to do things in it’s own land. He made only declarations against that.

    The attacks originate from particular persons or groups pissed off with Estonia’s actions. If the govenment really wanted to do smth., the consequences would me far more serious.

    The estonian clowns (I personally despise them) are just playing on the unsimple relations between Russia and the EU to gain some political benefits.

    By the way after the first accusation in DNS attack it was found that it came from Estonia itself (19 years old “FSB agent”).

    I hope you guys take the whole situation from the position of your own life experience.

  3. Che Says:

    And by the way… FSB is an organization of FBI rank and scale in Russia. It’s primary goal is national security. Did you guys seriously think, that such a serious agency or other similar institution is interested in such allegations or would spoil it’s hands with Estonia, especially when what estonians did had noth. to do with nat. sec.?

    And as for Estonia. Yes it’s a respectible act and a good way to draw attention to itself and to demonstrate it’s national will and pride by removing a war monument and coffins of the soldiers who died fighting nazi (and those of estonian SS legion). Brave act, apllauds, western community, hell of a challenge to evil occupant Russia!

    Germans and Est. neibourgh nations dont do that, no matter where the monuments and memorial tumbs are…

  4. Che Says:

    And if you dont find difficult reading some russian text from one of Russia’s main i-net news sites

    По всей видимости, такая позиция властей Эстонии связана попросту с неосведомленностью о жизни Рунета. Благо массовые атаки на сайты эстонских банков, газет и госучреждений можно рассматривать как очередной флэшмоб, которых в отечественном сегменте сети каждый месяц, да что там, неделю предостаточно. Сомнительно, что Кремлю удалось бы организовать в столь сжатые сроки “боевой отряд хакеров”, выдать им цели и заставить “класть” эстонские сайты. Ведь, вспомните, для того, чтобы собрать тысячи человек на Арбате, чтобы надувать мыльные пузыри, не надо было никакого указания сверху. Равно как никому не требовалось совета Кремля, когда какой-нибудь американский блоггер писал гадости про Россию у себя в ЖЖ – сотни две-три россиян писали ему комментарии известного содержания вполне самостоятельно. Так что все эти гипотезы об организованных властями России атаках и “военной агрессии” кажутся не очень похожими на правду.

    За военную агрессию DDoS-атаки НАТО, правда, пока не приняло, но уже отправило в помощь эстонцам своих специалистов по борьбе с кибертерроризмом. Однако в этом, кажется, не больше борьбы с хакерами, чем политики. Потому что, все-таки масштаб акций не тот – вероятно, сайт того же Белого дома (имеется в виду, конечно, атакуют гораздо чаще, чем все эстонские министерства и ведомства вместе взятые. И попытки признать DDoS-атаки военной агрессией, развить теорию о не последней роли Кремля в происходящем – не более чем неуклюжая попытка отвлечь внимание от неспособности взять ситуацию под контроль. Благо эту войну Эстония уже проиграла.

    Ну а если вдруг действительно эстонские сайты ломают с подачи Кремля… что ж, стоит нас поздравить с тем, что Россия раньше всех обзавелась батальоном кибердиверсантов. Которого даже НАТО боится.

    you’re welcome to ask for translation of the whole text or parts.

  5. Che,

    The article was very interesting in that it says that it doubts the Kremlin could have amassed and organized such a large group of cyber hackers in such a short time. I’m of the opinion that the Kremlin could, if they wanted to, organize such an attack.

    As to whether this is the work of the Kremlin and not just a rogue group of hackers is certainly open to debate. I would be surprised if the Kremlin were to be responsible, as this attack is sloppy, at best.

    When I was younger and liked to play hacker, I would hop around, telnet’ing into several different computers, then re-write my packets to spoof the identity of the sending computer. There was no way that it could be traced back.

    Some of the IP addresses have been tracked back to the Kremlin, but this could also be someone spoofing the packet header information to point towards the Kremlin.


  6. Che Says:

    That’s the idea – could Kremlim really want to do that and why?

    Lets imagine a hack-attack over White House site that changes all the words “United” to “Islamic” – Islamic States of America, how does that sound? If the source is detected as Russian, would GWB o Kondoleeeeza scandal publicaly about it, blaming russian government? I doubt that.

    In estonian case I reaffrim that IMHO all that barking and burping from that country against Kremlin looks stupid. It is nothing more than a flash mob. BTW, I personally took part in it, sending letters with the picture of the Soldier to the adresses of est. officials.

  7. Ronin Says:

    I think it was aliens from the large earth like planet discovered last year. They are hacking through the hole in the ozone and switching on everyone’s heaters. This is the real cause of global warming. Several alien agents have infiltrated earth bound governments and are working against our planet from the inside. Al Gore is the head alien, he came here and invented the Internet to distract our attention. When that plan failed he started the hacking war to shame Russia and cause the USA and NATO to aid Estonia. So far this part of the plan is working. As the world watches this hacking war; the evil Iranians are building nukes so they can attack Canada. Canada has been secretly working to close the ozone hole by melting trees with acid rain. The increase smog levels were starting to work and the ozone hole was diminishing. Most of the world leaders have already picked sides, the Chinese are helping the aliens and recently attempted to poison all the dogs in the USA because they were trained to smell aliens. They were good enough at it to drastically slow the numbers of Mexicans crossing through Texas and Arizona forcing more alien agents out into the open. Most of the alien helpers have been secretly meeting to form a plan to help the Mexicans get past the dogs and into the US. Today’s worker program is both a free pass into the USA and proof that I am right. The Muslims are not part of this scheme even the aliens want no part of them, fearing they will just spread their jihadi crapola throughout the known universe.

  8. Che Says:

    You’re so right! The voices told me exactly the same thing.

  9. walktubs Says:

    Wheelchair-bound patients can make an easier transition from chair to tub.
    Most walk-in bathtub vendors get their products from reputable manufacturers with strong brand recognition. But some less-scrupulous walk-in bath sellers offer poorly designed models from unknown manufacturers. It pays to do research on a supplier before committing to the purchase of a walk-in bathtub.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: