More on this book
Community
Kindle Notes & Highlights
Read between
August 1 - August 3, 2021
Individual volunteer attackers had given way to massive botnets of tens of thousands of enslaved machines controlled by criminal hackers including the notorious Russian Business Network, a well-known cybercriminal operation responsible for a significant portion of the internet’s spam and credit-card-fraud campaigns.
That meant malware-infected PCs all over the world, from Vietnam to the United States, were now training fire hoses of data at Estonia.
The attackers’ goals shifted, evolving from mere denial-of-service attacks to defacements, replacing the content of websites with swastikas and pictures of the country’s prime minister with a Hitler mustache, all in a coo...
This highlight has been truncated due to consecutive passage length restrictions.
They agreed that it was time for a draconian new approach. Instead of trying to filter out known sources of malicious traffic, they would simply blacklist every web connection from outside Estonia.
But the strategy came at a certain cost: It severed the Estonian media from the rest of the world, preventing it from sharing its stories of riots and digital bombardment. The tiny country had successfully locked out its foreign attackers. But it had also locked itself in.
Over the days that followed that lockdown, Estonia’s CERT began the slow process of relieving the country’s internet isolation. Aarelaid and his colleagues worked with internet service providers around the world to painstakingly identify and filter out the malicious machines hosted by each of those global sources of traffic.
The attacks were still growing, mutating, and changing their origins—until finally, a week after the attacks had started, they suddenly stopped.
He began to see more sophisticated attacks exploiting software vulnerabilities that allowed the hackers to briefly paralyze internet routers, taking down internet-reliant systems that included ATMs and credit card systems.
“You go to the shop and want to pay for milk and bread,” Aarelaid says. “You cannot pay with a card in the shop. You cannot take cash from the ATM. So you go without milk and bread.”
Then the defenders would wake up the next morning and clean up the mess they found, filtering the new traffic and restarting routers to bring the country’s digital infrastructure back online before the start of the workday. Even the more sophisticated router attacks had only temporary effects, Aarelaid says, curable with a reboot.
He compares this siege-defense routine to the Estonian ability to tolerate subzero temperatures in winters, with only a few hours of sun a day, collectively honed over thousands of years.
The attacks ebbed and flowed for the rest of that May until, by the end of the month, they had finally dwindled and then disappeared. They left behind questions that, even a decade later, haven’t been answered with certainty: Who was behind the attacks? And what did they intend to achieve?
Estonians who found themselves in the epicenter of the events, like Aarelaid and Ilves, believed from the first that Russia’s government—not merely its patriotic hackers—had a hand in planning and executing Estonia’s bombardment.
After the initial, weak smatterings of malicious traffic, the attacks had come to seem too polished, too professional in their timing and techniq...
This highlight has been truncated due to consecutive passage length restrictions.
An analysis by the security firm Arbor Networks also found that a telling subset of the traffic sources overlapped with earlier distributed denial-of-service attacks aimed at the website of Garry Kasparov, an opposition party presidential candidate and outspoken critic of the Kremlin.
“It’s like feudalism. You can do some kind of business because some boss in your area allows you to, and you pay him some tribute,” says Jaan Priisalu, who at the time of the attacks was the head of IT security at Estonia’s largest bank, Hansabank. “If your boss is going to war, you’re also going to war.”
He railed against the notion of a post–Cold War “unipolar” world in which no competing force could check the power of the United States and its allies.
Putin clearly felt the direct threat of that rising, singular superpower conglomerate. After all, Estonia had joined NATO’s alliance three years earlier, along with the other Baltic states of Lithuania and Latvia, bringing the group for the first time to Russia’s doorstep, less than a hundred miles from St. Petersburg.
“NATO has put its frontline forces on our borders,” Putin said in his Munich speech. The alliance’s expansion, he continued, represents “a serious provocation that reduces the level of mutual trust. And we have the right to ask: against whom is this expansion intended?” Put...
This highlight has been truncated due to consecutive passage length restrictions.
Still, NATO never treated the Estonian cyberattacks as an overt act of aggression by the Russian state against one of NATO’s own. Under Article 5 of the Washington Treaty that lays out NATO’s rules, an attack against any NATO member is meant to be considered an attack against all of them, with a collective response in kind.
But when President Ilves began speaking with his ambassadors in the first week of the cyberattacks, he was told that NATO members were unwilling to remotely consider an Article 5 response to the Russian provocations. This was, after all, a mere attack on the internet, not a life-threatening act of physical warfare.
How could they determine Russia was behind the provocations? After all, NATO’s diplomats and leaders hardly understood the mechanics of a distributed denial-of-service attack. The traffic’s source appeared to be Russian freelance hackers and criminals or, more confusing still to the lay observer, hijacked computers in countries around the world.
Underlying all of that inaction, Ilves says, was another motivation: what he describes as a kind of fracture between western European NATO countries and eastern Europeans facing Russian threats. “There’s a sense that it’s ‘over there,’ that ‘they’re not like us,’ ” Ilves says, mocking what he describes as a “haughty, arrogant” tone of western European NATO members.
Putin, it seemed, had tested a new method to bloody the nose of a NATO country with plausible deniability, using tools that were virtually impossible to trace to the Kremlin. And he’d correctly judged the lack of political will to defend NATO’s eastern European members from an innovative new form of mass sabotage.
The events of those two months in Estonia would, in some circles, come to be seen as the first cyberwar, or, more creatively, “Web War I.”
It was a few hours after nightfall when Khatuna Mshvidobadze learned Russian tanks were rolling toward her location.
But in the summer of 2008, the NATO Information Center found itself with a new, far more urgent focus: combating the Kremlin’s attempts to dominate the media narrative surrounding a Russian invasion.
War had broken out days earlier. Russia had moved troops and artillery into two separatist regions within Georgia’s borders, Abkhazia and South Ossetia.
But their plan, by all appearances, hadn’t accounted for the overwhelming force of the Russian response.
Proclaiming that it was protecting Abkhazia and South Ossetia from Georgian oppression, Russia flooded the small country with more than twenty-five thousand troops, twelve hundred artillery vehicles, two hundred planes, and forty helicopters.
