Estonia Incident Demonstrated Power of Russia-Based Cyber Networks

By Brian Krebs Staff Writer
Saturday, October 13, 2007; 12:00 AM

In late April, Estonia was the target of a concerted, weeks-long cyber attack that interrupted the computer networks of major commercial banks, government agencies and media outlets, even knocking ATMs temporarily offline.

The apparently coordinated digital assault was launched after the Estonian government removed a six-foot bronze statue from the downtown area of Tallinn, the Baltic nation's capital city. The statue, installed in 1947 to memorialize the Soviet soldiers who died driving Nazi forces from the area, had for many Estonians come to symbolize the oppression the country experienced under Soviet rule.

In Russia, the statue's removal was seen as an affront, and led to protests in some cities and heated rhetoric from politicians. The cyber attacks were preceded by inflammatory postings on Russian Internet forums that urged sympathetic hackers to retaliate against Estonia for the move.

But the siege of Estonia's online economy succeeded in large measure due to the sheer amount of bogus Internet traffic thrown at the highly wired country by "botnets," groupings of large numbers of personal computers controlled surreptitiously by hackers and typically used to relay junk e-mail. Many of the individual machines employed in the cyber attack were traced back to Russian Internet addresses.

Russia denied involvement in the attacks. But according to an investigation by Wired magazine, this was hardly the first time the Russian government had been accused of being involved in a large botnet campaign.

"In fact, just a few weeks earlier, a similar assault had been launched against an alliance of Russian opposition parties led by chess grandmaster Garry Kasparov," Joshua Davis reported for Wired in August. "The attacks shut down the opposition Web sites just as government authorities announced a change in venue for an upcoming opposition rally. With his Web site down, Kasparov had difficulty informing his followers of the change, and when they massed at the originally announced location, he was arrested for leading an illegal rally.

Working with Arbor Networks, a security firm that tracks international botnet attacks, Wired unearthed evidence identifying an overlap between the networks involved in both attacks, suggesting that part of the botnet that attacked the opposition Web sites was redeployed to assault Estonia.

For many, the incidents are evidence that the Russian government is, while not condoning illegal cyber activity, doing little to discourage it.

Eugene Kaspersky, founder of the Russian anti-virus company Kaspersky Lab, said he suspects the attacks were carried out mostly by Russian spammer gangs that have gained control over huge numbers of home computers. Kaspersky said he's surprised that the issue of cyber crime, which by some estimates costs consumers and businesses upwards of $100 billion a year, has not emerged as a diplomatic issue among major industrialized nations.

"We're going to quite a dangerous area of discussion of terrorist attack by the use of Internet resources, and don't want to disclose what I really think about it, but I am scared about the potential impact of these attacks," Kaspersky said. "If there are two or three more Estonia-like attacks, I think governments will start talking more about this. And sooner or later, these attacks will happen."

© 2007 The Washington Post Company