Cyber Warfare Case Study: Estonia

Document Sample
Cyber Warfare Case Study: Estonia Powered By Docstoc
					  Jill Wiebke
April 5, 2012
• Cyber warfare “is a combination of computer
  network attack and defense and special technical
  operations” (IEEE)
• 8 Principles:
 Lack of physical limitations   Identity & privileges
 Kinetic effects                Dual use
 Stealth                        Infrastructure control
 Mutability & inconsistency     Information as
                                operational environment
• Malicious cyber activity: crime, espionage,
  terrorism, attacks, warfare
• Classifications are made by intentions of
  perpetrator and effect of the act
• Definition of cyber attack is inconsistent
• Baltic territory
• Capital: Tallinn
• Independence in 1918
• Forced into the USSR in 1940
• Regained freedom in 1991,
  Russian troops left in 1994
• Joined UN in 2001, and NATO
  and EU in 2004
• Known as an “e-society,”
  paperless government,
  electronic voting, etc.
• Who: That’s the real question, isn’t it?
• What: Distributed denial of service (DDoS) attacks on
  government, banks, corporate websites; website
• When: April 27, 2009 – May 18, 2007
• Where: Estonia
• Why: Another good question…
• How: Well-known attack types, but “unparalleled in
  size;” hundreds of thousands of attack computers
• April 27: Estonian government websites shut down from
  traffic, defaced
• April 30: Estonia began blocking Web addresses ending in
  Increased attack sophistication; targets now included media
  websites attacked by botnets
• 1 million computers were unwittingly employed to deploy
  botnets in US, China, Vietnam, Egypt, Peru
• May 1: Estonian ISPs under attack
• May 9: Russian victory in WWII – new wave of attacks at
  Russian midnight
• May 10: Banks are attacked
• Estonia had just decided to relocate a Soviet WWII memorial
• Large, well-organized, well-targeted attacks – not spontaneous
  – began hours after the memorial was relocated
• Malicious traffic indicated political motivation and Russian
  language background
• Instructions for attacking websites were posted in Russian
  language forums including when, what, and how to attack
• Did not accuse Russian government (not enough evidence), but
  attacks are believed to have originated in Moscow
• IP addresses of attackers belong to Russian presidential
• Russian officials denied any involvement; IPs could have been
• One person has been convicted – student in Estonia
  organized a DDoS attack on the website of an
  Estonian political party
• NATO enhanced its “cyber-war capabilities”
• Created a “cyber defense research center in
  Tallinn in 2008”
• Cyber Command – Full Operating Capability on
  Oct 31, 2010
• Georgia
  • DDOS attacks coincided with Russian invasion in August 2008
• Stuxnet
  • Worm that targets industrial control systems
  • Infected Iranian nuclear facilities
• Titan Rain
  • Suspected Chinese attacks on the US since 2003
  • “Nearly disrupted power on the West Coast”
  • Security breaches at defense contracting companies
• Attribution
  • Nation-state actors
  • Non-state actors
  • “Hired guns”
  • Trails end at an ISP
• New territory – no rules/standards
  • Legal territory issues
  • International laws do not exist yet
  • Crime of Aggression definition
• Impacts
• The US heavily relies on cyber networks, so a
  cyber attack could be highly detrimental
  • Physical impacts
    •   Disable water purification systems
    •   Turn of electricity
    •   Misrouting planes/trains
    •   Opening dams
    •   Melting nuclear reactors
  • Communication network impacts
    • Stock market manipulations
    • Wireless Internet access outages
• Cyber attacks are increasing in threats, frequency,
  and intensity
• Targets range from government entities, banks,
  corporations, to private businesses
• We are the “cyber warriors” and “network ninjas”
  that will be dealing with the effects of cyber

Shared By: