Cyber attacks not the work of the Kremlin

  • 2007-08-08
  • By TBT staff and wire reports

CYBER WEAPON: An IT expert says home users were responsible for much of the assault on Estonian websites

WASHINGTON - The 'cyber attacks' launched against Estonia in April and May were carried out by an "Internet mob" and not a foreign government. That is the conclusion of an Israeli cyber security expert in a report he has compiled for the Tallinn government.

Gadi Evron, a security technologist for an Israel-based consultancy and a world authority on cyber security, is of the opinion that the use of the Internet to create an online mob has proven itself and will likely receive more attention in the future, United Press International reported.

Speaking at a web security conference in the U.S., Evron said the attacks that crippled some Estonian government websites were carried out by Russian individuals with support and coordination from security-savvy people in the Russian 'blogosphere', but did not come directly from the Russian government.

Russian-language blogs provided readers with simple and detailed instructions on how to join the attacks and help overload Estonian websites, Evron said. The bloggers also kept updating their advice while Estonian incident responders started co-ordinating a defense.

In a recent online interview for the Fistful of Euros website, Evron said: "Many of the attacks were… by a mass of home users using commands… to manually attack Estonian sites. This was a riot, and not just in the streets. Many different Russian-speaking forums and blogs encouraged people to attack Estonia using crude commands or simple tools. Others used more advanced techniques."

Evron also confirmed that Estonia's techno-savvy status did much to reduce the effectiveness of the attacks:"It could have been more serious, but while their Internet infrastructure as a quiet country was not prepared for such an attack, the response and mitigation worked for them."

Large-scale attacks against Estonian Internet traffic started on April 27, a day after disturbances sparked by the removal of a Soviet-era war memorial from central Tallinn. Using so-called denial of service techniques, the attacks mainly focussed on government websites but some private websites were also affected.

Both Prime Minister Andrus Ansip and Justice Minister Rein Lang have gone on record saying that some attacks were launched from computers with IP addresses linked to the Kremlin.