As promised, an update from the ISOI3 conference. Much of the information presented here is confidential and designed to help law enforcement and others deal with internet crime. The confidentiality is to prevent the information from becoming useful to the bad guys. There is a presentation I can talk about, in part because it was discussed at the Black Hat conference.

Hillar Aaerelaid from the Estonian CERT (Computer Emergency Response Team) and Gadi Evron from Beyond Security gave a presentation about the recent internet attack against Estonia and what was learned.

The “meaty” news was about the web site for the president of Estonia being taken offline by the attack. The truth of the matter is that there was no real effort to do anything about it because, like most politicians’ web pages, it wasn’t important.

Estonia is an extremely highly connected country. People virtually never go to a bank – that’s all done online. When the concerted attack against Estonia came on they quickly decided that rather trying to defend everything they would focus on critical infrastructure. Estonia was in a position to block a lot of internet traffic that did not originate in Estonia. This tactic was very successful for them, however it is questionable whether or not that would be scalable to a country like the US, if we came under a similar attack.

Other interesting aspects had less to do with mitigation, but about how and why. The attack was characterized as an “internet riot”. Many people on Russian blogs were inciting people to attack Estonia and providing the software tools that would allow anyone who could copy and paste to join in the attack. One person donated to botnets for free.

Estonia claimed the Russian government was behind the attack and of course the Russian government denied it. What is clear is that the attacks coincided with election season and creating an external enemy is the oldest political trick in the book when a politician wishes to draw focus away from internal problems... not that we would know what that looks like in the USA :)

Randy Abrams is the Director of Technical Education for ESET LLC