An account of the Estonian Internet War May 20 2008 02:27PM
Gadi Evron (ge linuxbox org) (1 replies)
RE: An account of the Estonian Internet War May 20 2008 04:21PM
Viktor Larionov (viktor larionov salva ee) (1 replies)
Hi Gadi and all the rest of a community,

I work and live in Estonia, and I was a witness to all happening here,
especially on the cyber-sphere starting the first day.

Let's skip the details on the political context of your story, which from my
point of view is far from being neutral, and pass-on to technical part of

First of all, neither I, nor (well as far as I know) anybody here have seen
any evidence that attacks have originated from Russia. I certainly have no
doubt that there may have been adresses located in Russian IP-pools
attacking our government networks, but well we are professionals here, and
we do understand what do botnets mean, do we ?
What concerns the story about blogs and forum activities, well pardon, CNN
also showed pictures of happening in Estonia, so did BBC, EuroNews, MTV3
that gives me no arguments to claim that CNN is behind all that :)

More of that, living here, and working in the IT sector for a half of my
life I have noticed none of increasing hacker activity on my servers. (also
the company servers)
Neither did a lot of my friends here. In fact, yet I have not seen anyone,
except for some political party though, who would have suffered from so
called "cyber-war".
All those stories about banks going offline, etc. etc. etc. - well may I
tell you that my visa was working properly all the time, and my bank was
24/7 available.

This all led me to the conclusion, that all the hush is about a couple (ok,
maybe tens or hundreds) of DDoS attacks being done.
Tell me, how many attacks or ok, attack attempts does your corporate network
suffer during the day ?

What concerns that student you wrote about, well, Gadi please, as far as I
know that was a ping-of-death he commited against the server of one
political party.
And well, if your server goes offline due to a ping of death, the please,
you have security issues, and serious ones... And for me, the story about
"ugly russian hackers" in this context sounds more than hillarious for me.
The more ridiculous it gets if one tries to make an international disaster
of one "lazy admin forgetting to install a firewall".
Give me a break...

In general, a lot of IT experts around here, are concerned that no
"cyber-war" has never happened, everything was going about a couple, maybe
10-20 DDoS attacks which took place, and sleeping admins off duty.
And what concerns the security situation here in Estonia, well I should
agree with you that, yes, our banks have the security which we may trust,
well at least from my point of view. But if we go to the goverment level,
then please...
You don't even need to be a cracker know-it-all of any kind, a plain
skript-kiddie skill will do the trick...e.g. recently checking out one
software package for security breaches we have found a key to a some of 100
Estonian goverment websites + web server user priveleges on the boxes
itself...it took us 15 minutes not even being a security-expert of any sort.
Fortunatelly for the goverment we are the good guys. :)

Generally, pardon Gadi but, your story copies 1:1 the story the officials
tell everybody, and well sorry but mr. Toomas Hendrik-Ilves'es IT skills
leave me in a very grand doubt. So does the story he has no evidence for.
So far the online community has seen none of the evidence the government was
boasting about, a year has gone by - and personally I consider all this a
one big bluff.

Just my point of view.
Kindest regards,

Viktor Larionov
Tallinn, Estonia

-----Original Message-----
From: Gadi Evron [mailto:ge (at) linuxbox (dot) org [email concealed]]
Sent: Tuesday, May 20, 2008 5:27 PM
To: bugtraq (at) securityfocus (dot) com [email concealed]
Cc: full-disclosure (at) lists.grok.org (dot) uk [email concealed]; funsec (at) linuxbox (dot) org [email concealed]
Subject: An account of the Estonian Internet War

About a year ago after coming back from Estonia I promised I'd send in an
account of the Estonian "war". The postmortem analysis and recommendations
I later wrote for the Estonian CERT are not yet public.

A few months ago I wrote an article for the Georgetown Journal of
International Affairs, covering the story of what happened there, in
depth. The journal owns the copyright so I had no way of sending that
along either. I wasn't about to email saying "go buy a copy".

Mostly silly articles kept popping up with misguided to wrong information
about what happened in Estonia, and when an Estonian student was arrested
for participating, some in our community even jumped up to say "it was
just some student". Ridiculous.

This is the "war" that made politicians aware of cyber security and entire
countries scared, NATO to "respond" and the US to send in "help".
It deserved a better understanding for that alone, whatever actually
happened there.

I was there to help, but I just deliver the account. The heroes of the
story are the Estonian ISP and banking security professionals and the
CERT (Hillar Aarelaid and Aivar Jaakson).

Apparently the Journal made my article available in PDF form by a third

Battling Botnets and Online Mobs
Estonia's Defense Efforts during the Internet War

URL: http://www.ciaonet.org/journals/gjia/v9i1/0000699.pdf

It is not technical, I hope you find it useful.

Gadi Evron.

[ reply ]
RE: An account of the Estonian Internet War May 20 2008 07:41PM
Gadi Evron (ge linuxbox org)


Privacy Statement
Copyright 2010, SecurityFocus