Loading ...
Sorry, an error occurred while loading the content.

Cyberwar in Estonia?

Expand Messages
  • Fred Cohen
    Lawrence D. Dietz, Managing Director, Information Security & Legal Support Services, Tal Global Corporation This bulletin is part of our continuing effort to
    Message 1 of 1 , May 30, 2007
    • 0 Attachment
      Lawrence D. Dietz, Managing Director, Information Security & Legal
      Support Services, Tal Global Corporation

      This bulletin is part of our continuing effort to provide information
      and analysis to our clients and colleagues. Recently, tiny Estonia
      with an estimated population of slightly over 1 million has learned
      that productivity and connectivity on the Internet comes with the
      vulnerability borne of dependence. Estonia began removing a bronze
      statue of a World War II-era Russian soldier from a park in Tallinn.
      As a result they have been engaged in what some, like the New York
      Times are calling the “first war in cyberspace”. For the past several
      weeks the country has been defending itself from a barrage of
      apparently sophisticated and coordinated cyber attacks. Linton Wells
      II, the US DOD Principal Deputy Assistant Secretary of Defense for
      Networks and information integration was quoted as saying “This may
      well turn out to be a watershed in terms of widespread awareness of
      the vulnerability of modern society.”

      Some aspects of the attacks are worth noting. First of all there were
      a number of ‘waves’ of attacks each with a specific objective in
      mind. Early waves were designed to explore vulnerabilities and test
      capacity and defenses. Secondly combinations of attack vectors were
      employed. In particular a psychological attack was waged on the prime
      minister by posting a fake letter of apology on this web site.
      Thirdly resource augmentation, the probable renting of botnets
      (networks of computers controlled by hostile parties and available
      for temporary rental by the highest bidder) for selected periods of
      time was employed to strengthen the distributed denial of service
      (DDoS) attack at key points in time.

      Defensively the government categorized its sites and determined
      which, like the Estonian president’s sites would be designated low
      priorities, they also closed off large parts of the network to
      international traffic. The perpetrators were never identified nor
      caught.

      What does this mean to our clients? If you are a part of the national
      infrastructure you may be an unwitting victim of an attack designed
      as a general attack against the government or the economy. Your
      systems may be victimized in several ways, taken over and used as
      potential ‘zombies’ for attacks on others, defacing of your websites
      for the purpose of advancing the messages of the attacker; denial of
      service victim or perhaps even designated for more malicious activity
      such as deletion of key files or information.

      The point is that contingency planning must constantly think ‘out of
      the box’. A key task is inventory of critical information and
      functions. Personally identifiable information (PII), intellectual
      property and other sensitive data must be segregated and protected
      employing a defense in depth consisting of reinforcing defensive
      techniques. Alternatives for compartmentalization of networks into
      discrete, clearly defendable components should be considered and
      plans for alternative communications resources should be formulated
      and tested regularly to insure transparent implementation.

      Information security is certainly a key aspect of today’s governance
      challenges; another is the protection of critical information such as
      intellectual property. To get the latest in legal developments and
      best practices in this area, attend our upcoming June 13th Seminar,
      Demystifying Trade Secrets Protection Strategies. For more
      information see: http://www.acteva.com/booking.cfm?bevaID=133433.


      - This communication is confidential to the parties it is intended to
      serve -
      Fred Cohen & Associates tel/fax: 925-454-0171
      http://all.net/ 572 Leona Drive Livermore, CA 94550
      Monthly announcements: http://tech.groups.yahoo.com/group/FCA-
      announce/join
    Your message has been successfully submitted and would be delivered to recipients shortly.