The digital bending of Estonia on its physical knees

ATCA Briefings

The Lessons we are NOT going to learn

London, UK - 02 June 2007, 08:08 GMT - The recent turmoils -- physical and digital -- triggered by the decision of the Estonian authorities to relocate the seven-foot Bronze Soldier statue from the Tallinn city centre, where it had stood for sixty years, to the war cemetery, has been broadly covered by traditional and online media as well as by the more in-depth recent ATCA post.

Dear ATCA Colleagues

We are grateful to:

Roberto Preatoni based in Tallinn, Estonia, and Milan, Italy, for his submission "The digital bending of Estonia on its physical knees -- The Lessons we are NOT going to learn" to ATCA in response to "Cyber Warfare -- Beyond Estonia-Russia, the rise of China's 5th Dimension Cyber Army."

Dear DK and Colleagues

Re: The digital bending of Estonia on its physical knees -- The Lessons we are NOT going to learn

Tallinn, Estonia, being the base for most of my professional activities as well as the headquarters of Zone-H, the international independent cyber-crime observatory, I had the opportunity to witness the development of the story both from the social and from the digital point of view. In view of the subject matter, I consider myself to have a privileged standpoint: my wife and children are Estonian while the general manager of my Estonian security company is a Russian-Estonian. This, together with a broad circle of friends amongst both the Estonian and the Russian-Estonian communities has given me the opportunity to collect first-hand comments, being able to understand that the removal of the Bronze Soldier statue was just the spark that ignited a process fully loaded with old resentments, nationalism and unresolved political issues. Estonia has been the first former-Soviet Union country to join the European Union, nevertheless it has still a long way to go towards the integration of the two communities that since 1991 have been struggling on the social and political level.

It is not my intention to take a stand and judge as I am neither a sociologist nor a politician but being the founder of Zone-H, I had the opportunity to analyse the facts behind the digital attacks which caused the collapse of the country's critical infrastructure for several days and I'd like to share my views with the distinguished ATCA members.

When we think about critical infrastructure, it might come naturally to some to think about Supervisory Control and Data Acquisition (SCADA) systems, which power electric grids, power plants, sewage etc, but in the case of Estonia the first national critical infrastructure is the Internet itself. Estonia is well known to be one of the most Internet-connected countries in the world, where almost every single aspect of the average-citizen is managed by IT infrastructures. From eBanking to eVoting, from eParking to Wi-Fi coverage even on its beaches, Estonia was a country small enough to decide in the mid '90s to dare to take the "digital road" step by step via development, implementation as well as self-reliance on top notch IT solutions from scratch, based on the traditional Scandinavian positive attitude towards technology and telecommunications.

The over reliance of Estonian society on information technology was well known by the authors of the Distributed Denial of Service (DDoS) attacks that backed up the street protests following the removal of the statue. Although, we had begun gathering some intelligence a few days in advance about the incoming attacks, but our information was not far-in-advance. Scattered information started to trickle through a week before the first attacks, mostly coming from Russian-Estonian or Russian net-citizens who announced their will to use digital fire-power to hit Estonia and bend it on its knees. And so it happened, Estonia did bend on its knees.

This episode, following last February's Prophet Mohammed cartoons' digital protest against Denmark, covered extensively on ATCA, has a lot to teach us:

Heed the Visionaries -- Lesson One: The possibility of large scale digital warfare has been researched, envisioned, announced and understood a long time ago and it has arrived. In this view the mi2g Intelligence Unit and Zone-H have been true pioneers in this field for over a decade, announcing to the world such possibilities [original ATCA submission] when the Internet for the average Joe public still meant a 35 kbits/s bandwidth.

Cheap Innovation -- Lesson Two:
Digital firepower is cheap. Attackers nowadays can easily compromise computers located, for example, in South Korea, where the home bandwidth can reach a staggering (by Western standards) 150 Mbits/s. New attacking vectors have also been developed, allowing attackers to compromise a single peer-to-peer file sharing hub, zombifying (enslaving) thousands of high-bandwidth computers at once.

Fast Aggregation -- Lesson Three:
The digital-divide concept is widely known but the digital-unite one is not yet clear. The Internet is a fast-pace aggregator (think about the social networks and blogs) where unknown people from different countries can meet in their efforts under a shared political or social agenda in the glimpse of a second. In this context, the first case we witnessed was the Pakistan-Brazil cyber-alliance against USA right after 9/11, when hackers from apparently non-related countries and religions united their efforts against a common adversary. Here we must say that official political relationships between countries do not always reflect the citizens' real sentiments which are revealed by their actions in cyber-space, without political control. Our overall impression in relation to the Estonian cyber-incident is that the digital attacks were coming from single or small groups of net-citizens who decided to co-ordinate between themselves rather than an episode driven by the nation state of Russia.

Crushing Power -- Lesson Four: Nothing can easily survive a Distributed Denial of Service, period. Long time ago DDoS mainly meant large size data packets launched against a target. Today, we have TCP floods, UDP floods and the less-known application stressing floods (Zone-H has live examples of its effects as we are under attack everyday). No security appliance or anti-DDoS solution can help against a coordinated and focused series of attacks. It's just pure mathematics, if you have a 100 Mbits/s (100 Million) pipeline and your attacker sends you 1 Gbits/sec (1 Billion) of junk data, your security appliances might prevent the junk traffic reaching your network plug, but the incoming pipeline will still be filled by ten times the amount of data it can handle, virtually disconnecting the target from the rest of the Internet.
Worse still, any 13 years old young cracker can build a DDoS network capable of several Gigabytes per second firepower in a matter of a few days utilising publicly available compromised computers and bandwidth.

Learn from History -- Lesson Five: We didn't learn the lesson. After the Estonian incident, I was expecting the issue to be widely discussed. On the contrary, it is discussed only among few elite communities such as the ATCA distinguished list.

My best regards to you and the distinguished ATCA members

Roberto Preatoni

Roberto Preatoni (40) is Chief Executive of an international group of security companies: Domina Privacy & Security AS, Estonia and Russia, PITconsulting SPA - Italy & Securitylab SA - Switzerland. He is the author of a book on digital asymmetric warfare "Asymmetric Shadows" (Ombre Asimmetriche); and international Lecturer in IT security, property protection and digital warfare conferences. He also teaches in regard to "Internet Abuses" at the Applied Computer Science faculty of the University of Urbino, Italy. He is the founder of the independent cybercrime observatory of server side attacks "Zone-H" and key teacher in Zone-H worldwide security classes, providing advice to several governments and institutions in matters related to Cyber-crime. He lives between Italy, Estonia, Russia and Japan.

Read the previous article here: Cyber Warfare -- Beyond Estonia-Russia, The Rise of China's 5th Dimension Cyber Army


We look forward to your further thoughts, observations and views. Thank you.

Best wishes

For and on behalf of DK Matai, Chairman, Asymmetric Threats Contingency Alliance (ATCA)

ATCA: The Asymmetric Threats Contingency Alliance is a philanthropic expert initiative founded in 2001 to resolve complex global challenges through collective Socratic dialogue and joint executive action to build a wisdom based global economy. Adhering to the doctrine of non-violence, ATCA addresses asymmetric threats and social opportunities arising from climate chaos and the environment; radical poverty and microfinance; geo-politics and energy; organised crime & extremism; advanced technologies -- bio, info, nano, robo & AI; demographic skews and resource shortages; pandemics; financial systems and systemic risk; as well as transhumanism and ethics. Present membership of ATCA is by invitation only and has over 5,000 distinguished members from over 100 countries: including several from the House of Lords, House of Commons, EU Parliament, US Congress & Senate, G10's Senior Government officials and over 1,500 CEOs from financial institutions, scientific corporates and voluntary organisations as well as over 750 Professors from academic centres of excellence worldwide.

The views presented by individual contributors are not necessarily representative of the views of ATCA, which is neutral. Please do not forward or use the material circulated without permission and full attribution.

Intelligence Unit | mi2g | tel +44 (0) 20 7712 1782 fax +44 (0) 20 7712 1501 | internet www.mi2g.net
mi2g: Winner of the Queen's Award for Enterprise in the category of Innovation

mi2g is at the leading edge of building secure on-line banking, broking and trading architectures. The principal applications of its technology are: 1. D2-Banking; 2. Digital Risk Management; and 3. Bespoke Security Architecture. For more information about mi2g, please visit: www.mi2g.net

Renowned worldwide for the ATCA Briefings. Subscribe now.
Home - Profile - Values - People - Careers - Partners - Contact Us
D2 Banking - Bespoke Security Architecture - Digital Risk Management - Tools

Intelligence Briefings - Brochures - Case Studies -
SIPS Methodology FAQ (pdf)
Keynote Speeches - Articles - News Feeds - Glossary (pdf)
Terms and Conditions - Privacy Policy