Cyber Warfare Case Study: Estonia

Jill WiebkeApril 5, 2012

• Cyber warfare “is a combination of computer network attack and defense and special technical operations” (IEEE)

• 8 Principles:Lack of physical limitations Identity & privilegesKinetic effects Dual useStealth Infrastructure controlMutability & inconsistency Information as operational environment

• Malicious cyber activity: crime, espionage, terrorism, attacks, warfare• Classifications are made by intentions of

perpetrator and effect of the act• Definition of cyber attack is inconsistent

• Baltic territory• Capital: Tallinn• Independence in 1918• Forced into the USSR in

1940• Regained freedom in 1991,

Russian troops left in 1994• Joined UN in 2001, and

NATO and EU in 2004• Known as an “e-society,”

paperless government, electronic voting, etc.

• Who: That’s the real question, isn’t it?• What: Distributed denial of service (DDoS)

attacks on government, banks, corporate websites; website defacement

• When: April 27, 2009 – May 18, 2007• Where: Estonia• Why: Another good question…• How: Well-known attack types, but

“unparalleled in size;” hundreds of thousands of attack computers

• April 27: Estonian government websites shut down from traffic, defaced

• April 30: Estonia began blocking Web addresses ending in .ruIncreased attack sophistication; targets now included media websites attacked by botnets

• 1 million computers were unwittingly employed to deploy botnets in US, China, Vietnam, Egypt, Peru

• May 1: Estonian ISPs under attack• May 9: Russian victory in WWII – new wave of

attacks at Russian midnight• May 10: Banks are attacked

• Estonia had just decided to relocate a Soviet WWII memorial• Large, well-organized, well-targeted attacks – not

spontaneous – began hours after the memorial was relocated• Malicious traffic indicated political motivation and Russian

language background• Instructions for attacking websites were posted in Russian

language forums including when, what, and how to attack• Did not accuse Russian government (not enough evidence),

but attacks are believed to have originated in Moscow• IP addresses of attackers belong to Russian presidential

administration• Russian officials denied any involvement; IPs could have been

spoofed

• One person has been convicted – student in Estonia organized a DDoS attack on the website of an Estonian political party• NATO enhanced its “cyber-war

capabilities”• Created a “cyber defense research center

in Tallinn in 2008”• Cyber Command – Full Operating

Capability on Oct 31, 2010

• Georgia• DDOS attacks coincided with Russian invasion in August 2008

• Stuxnet•Worm that targets industrial control systems• Infected Iranian nuclear facilities

• Titan Rain• Suspected Chinese attacks on the US since 2003• “Nearly disrupted power on the West Coast”• Security breaches at defense contracting companies

• Attribution• Nation-state actors• Non-state actors • “Hired guns”• Trails end at an ISP

• New territory – no rules/standards• Legal territory issues• International laws do not exist yet • Crime of Aggression definition

• Impacts

• The US heavily relies on cyber networks, so a cyber attack could be highly detrimental• Physical impacts• Disable water purification systems• Turn of electricity• Misrouting planes/trains• Opening dams• Melting nuclear reactors

• Communication network impacts• Stock market manipulations• Wireless Internet access outages

• Cyber attacks are increasing in threats, frequency, and intensity• Targets range from government

entities, banks, corporations, to private businesses• We are the “cyber warriors” and

“network ninjas” that will be dealing with the effects of cyber warfare

• https://www.cia.gov/library/publications/the-world-factbook/geos/en.html

• http://www.state.gov/r/pa/ei/bgn/5377.htm• http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5634434• http://www.stratcom.mil/factsheets/cyber_command/• https://

docs.google.com/a/utulsa.edu/file/d/0B7yq33Gize8yNjEzNDkxMGMtOWMyNS00ZDJhLTg4MDUtZDUwODQ2YjQwOTIw/edit?pli=1• http://

www.industrialdefender.com/general_downloads/news_industry/2008.04.29_cyber_attacks_p1.pdf• http://

www.getgogator.com/News/Content/Articles/Malware/The%20Evolution%20of%20Cyber%20Warfare.pdf• msl1.mit.edu/furdlog/docs/washpost/2007-05-19_washpost_estonia_cyberattacked.pdf• http

://www.msnbc.msn.com/id/31801246/ns/technology_and_science-security/t/look-estonias-cyber-attack/#.T3Mt7NmGWW9

• ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6029360&tag=1

• http://www.law.duke.edu/journals/dltr/articles/2010dltr003.html