Transcript Cyber Warfare Case Study: Estonia

Jill Wiebke
April 5, 2012
• Cyber warfare “is a combination of computer
network attack and defense and special technical
operations” (IEEE)
• 8 Principles:
Lack of physical limitations
Kinetic effects
Stealth
Mutability & inconsistency
Identity & privileges
Dual use
Infrastructure control
Information as
operational environment
• Malicious cyber activity: crime, espionage,
terrorism, attacks, warfare
• Classifications are made by intentions of
perpetrator and effect of the act
• Definition of cyber attack is inconsistent
•
•
•
•
•
Baltic territory
Capital: Tallinn
Independence in 1918
Forced into the USSR in 1940
Regained freedom in 1991,
Russian troops left in 1994
• Joined UN in 2001, and NATO
and EU in 2004
• Known as an “e-society,”
paperless government,
electronic voting, etc.
• Who: That’s the real question, isn’t it?
• What: Distributed denial of service (DDoS) attacks on
government, banks, corporate websites; website
defacement
• When: April 27, 2009 – May 18, 2007
• Where: Estonia
• Why: Another good question…
• How: Well-known attack types, but “unparalleled in
size;” hundreds of thousands of attack computers
• April 27: Estonian government websites shut down from
traffic, defaced
• April 30: Estonia began blocking Web addresses ending in
.ru
Increased attack sophistication; targets now included media
websites attacked by botnets
• 1 million computers were unwittingly employed to deploy
botnets in US, China, Vietnam, Egypt, Peru
• May 1: Estonian ISPs under attack
• May 9: Russian victory in WWII – new wave of attacks at
Russian midnight
• May 10: Banks are attacked
• Estonia had just decided to relocate a Soviet WWII memorial
• Large, well-organized, well-targeted attacks – not spontaneous
– began hours after the memorial was relocated
• Malicious traffic indicated political motivation and Russian
language background
• Instructions for attacking websites were posted in Russian
language forums including when, what, and how to attack
• Did not accuse Russian government (not enough evidence), but
attacks are believed to have originated in Moscow
• IP addresses of attackers belong to Russian presidential
administration
• Russian officials denied any involvement; IPs could have been
spoofed
• One person has been convicted – student in Estonia
organized a DDoS attack on the website of an
Estonian political party
• NATO enhanced its “cyber-war capabilities”
• Created a “cyber defense research center in
Tallinn in 2008”
• Cyber Command – Full Operating Capability on
Oct 31, 2010
• Georgia
• DDOS attacks coincided with Russian invasion in August 2008
• Stuxnet
• Worm that targets industrial control systems
• Infected Iranian nuclear facilities
• Titan Rain
• Suspected Chinese attacks on the US since 2003
• “Nearly disrupted power on the West Coast”
• Security breaches at defense contracting companies
• Attribution
• Nation-state actors
• Non-state actors
• “Hired guns”
• Trails end at an ISP
• New territory – no rules/standards
• Legal territory issues
• International laws do not exist yet
• Crime of Aggression definition
• Impacts
• The US heavily relies on cyber networks, so a
cyber attack could be highly detrimental
• Physical impacts
•
•
•
•
•
Disable water purification systems
Turn of electricity
Misrouting planes/trains
Opening dams
Melting nuclear reactors
• Communication network impacts
• Stock market manipulations
• Wireless Internet access outages
• Cyber attacks are increasing in threats, frequency,
and intensity
• Targets range from government entities, banks,
corporations, to private businesses
• We are the “cyber warriors” and “network ninjas”
that will be dealing with the effects of cyber
warfare
•
•
•
•
•
•
•
•
•
•
•
https://www.cia.gov/library/publications/the-world-factbook/geos/en.html
http://www.state.gov/r/pa/ei/bgn/5377.htm
http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5634434
http://www.stratcom.mil/factsheets/cyber_command/
https://docs.google.com/a/utulsa.edu/file/d/0B7yq33Gize8yNjEzNDkxM
GMtOWMyNS00ZDJhLTg4MDUtZDUwODQ2YjQwOTIw/edit?pli=1
http://www.industrialdefender.com/general_downloads/news_industry/200
8.04.29_cyber_attacks_p1.pdf
http://www.getgogator.com/News/Content/Articles/Malware/The%20Evolu
tion%20of%20Cyber%20Warfare.pdf
msl1.mit.edu/furdlog/docs/washpost/2007-0519_washpost_estonia_cyberattacked.pdf
http://www.msnbc.msn.com/id/31801246/ns/technology_and_sciencesecurity/t/look-estonias-cyber-attack/#.T3Mt7NmGWW9
ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6029360&tag=1
http://www.law.duke.edu/journals/dltr/articles/2010dltr003.html