Estonia Survives Internet`s First Cyberwar - Attack and Defense
(Page 2 of 4 )
After about a week, Estonia had gotten quite adept at filtering out attackers, with some help from authorities in other countries. But the script kiddies were only the beginning. Before long attackers were straining the resources of Postimees, Estonia’s leading newspaper. They crippled ATMs in Tallinn. Many people could not do grocery shopping, get gas, or carry out basic banking tasks. Botnets were starting to get involved. And online, many sites were buzzing about worse attacks to come. Hackers wrote of plans for May 9, a holiday in Russia called Victory Day, which they would commemorate by taking Estonia down.
In fact, at 11 PM May 8 – midnight Moscow time -- Estonia saw Internet traffic spike over four million packets per second, a two hundred fold increase over normal levels for that time of night. Attackers went for bank sites, newspapers, foreign ministry sites, and government-connected sites. Many of the bots had their targets hard-coded into their source. There were dozens of attacks, some lasting as long as 10 hours each and slamming Estonia’s servers with 90 megabits of data a second. To get a picture of how much bandwidth that is, imagine downloading the entire Windows XP operating system -- every six seconds, for 10 hours.
The attack lasted 24 hours. The country’s largest bank, Hansabank, was forced to shut down its online banking services for more than an hour, losing $1 million. Email communications at the Estonian parliament ground to a halt for two days. Two routers crashed, though one was misconfigured. Postimees went down during the attack, but it wasn’t alone; other online newspapers in Estonia were also targeted. And for a while, one government site was forced to host a forged letter claiming to be from Estonia’s prime minister, apologizing for the relocation of the statue.
As bad as the attack was, it could have been much worse. Hillar Aarelaid, head of Estonia’s computer emergency response team, started making plans as soon as he realized the scope of the problem. On the night of the attack, he had a dream team in place to help him cut off the attackers: Kurtis Lindqvist, Patrik Faltstrom and Bill Woodcock, three of the very few people in the world who have the power to officially cut off the global flow of Internet traffic. Lindqvist is in charge of Netnod, one of the Internet’s 13 root DNS servers.
Aaerlaid’s team still needed to identify the attackers, at which point filters would be put in place to stop them in their tracks. These filters would get distributed worldwide. Meanwhile, network operators all over the world were informed of the problems in real time, and asked to block the traced IPs at the source.
Next: Political Fallout >>
More Web Hosting News Articles
More By Terri Wells
