The Lair

Perhaps little noticed in the midst of all the other conflagrations but there is a war raging on in Estonia right now. Unlike your conventional conflict with the bombs, tanks, guns and allegations of human rights atrocities and genocide notwithstanding - this little tiff is being fought out online. Apparently one of the most wired nations in the EU (errm. that factoid isn’t backed up by numbers, but anyway), Estonian infrastructure has been under siege from massive, persistent and allegedly Russian sponsored denial of service attacks. The nation to nation equivalent of cramming an ATM card slot with chewing gum, if you like.

Some interesting background first - The Tribune notes that the denial of service attacks have stretched to almost 3 weeks now. It all started with the proposed movement of a WW2 memorial statue from downtown Tallinn to the outskirts of the city - seen by the pro-Russians as a slur on the war dead. Soon, rioting and protests on the streets (or so the story goes) spread into massive distributed denial of service attacks on Estonian websites.

Random aside here: remember the Daily Telegraph’s downtime last week? Also caused by a DDOS, although perhaps unrelated. DDOS has been a favoured tactic of extortionists and crackers everywhere - the TimesOnline article mentions at least one such case. It has long been suspected that other nations (China and North Korea, for example) provide state support for electronic espionage and other activities. But this latest attack on an entire country’s infrastructure is an interesting development - and a possible test case for how such activities will pan out in the future. There has been much made of NATO observers flying into Estonia (and rather meaningless expressions of solidarity) to well… observe how things are being handled but there isn’t much else that can be done.

The Economist picks up the story at this point and also makes an observation that friendly countries (.ee is part of NATO) have cooperated with Estonia in minimizing the effect of the packet flood. Swedish telecoms, for example, apparently cooperated in dropping packets destined for targets somewhere in Estonia. The fact is - it’s been several weeks, lots of Estonian sites have been hit and taken down and there doesn’t seem to be much let up. It’s also not particularly easy to stop a full scale distributed denial of service attack, even more so at the volumes of traffic that are being bandied about here - one article estimates 10,000 gigabytes of data. Yikes.

It’s a full scale war which seems to show no signs of abating any time soon yet it’s not being reported much. Perhaps (and rightly so) because there have been no casualties… It’s difficult to make pretty soundbites where there is no war footage, no IED blasts, no perceived casualties. Yet …

Last year a Department of Trade and Industry report found that more than 50 per cent of businesses had suffered “a premeditated and malicious” security incident in the past twelve months. For large businesses, the average cost of the worst such incident was as much as £130,000, the report said.

Yeah. It’s businesses, who cares etc etc. The Economist went a step further with the Estonia DDOS though (not sure if the full article is available online). There were quotes alleging that such large packets (hundreds of megabytes a pop, *goggle eyed*) could not have emanated from Russia without complicity from the telecoms in the country.

There are also parallels with other incidents - including this one. Should be interesting to see how long it will take before some regionwide agreement is made for these eventualities.