Cyberwar in Estonia and the Middle East

Did a member of your family help launch a cyber attack that brought an entire nation to its knees? No, seriously, don’t laugh. In April 2007, communications in the Baltic state of Estonia were crippled through a coordinated attack that relied on the computers of millions of innocent users around the world, just like you and your kin. The strike was notable in fully demonstrating how cyber war had moved from idea to reality. And it all started with the movements of a single soldier.

The Bronze Soldier is a two-meter statue which formerly stood in a small square in Tallinn, the Estonian capital, above the burial site of Soviet soldiers lost in the Second World War. The memorial has long divided the population of the country, with native Estonians considering it a symbol of Soviet (and formerly Nazi) occupation and a large minority population (around 25% of the total) of ethnic Russian immigrants seeing it as an emblem of Soviet victory over the Nazis and Russian claims over Estonia. When the country’s newly appointed Ansip government initiated plans to relocate the statue and the remains as part of a 2007 electoral mandate, the move sparked the worst riots the country had ever seen – and a startling cyber attack from Russia.

On April 27, as two days of rioting shook the country and the Estonian embassy in Moscow found itself under siege, a massive distributed denial-of service (DDoS) attack overwhelmed most of Estonia’s internet infrastructure, bringing online activity almost to a standstill. The targets were not military websites but civilian sites belonging to organizations such as banks, newspapers, internet service providers (ISPs), and even home users. Much of the onslaught came from hackers using ISP addresses in Russia, but the most devastating element in the attack was a botnet which co-opted millions of previously virus infected computers around the globe to pummel the Estonian infrastructure.

Anatomy of a Cyber Attack

The botnet fooled Estonian network routers into continuously resending useless packets of information to one another, rapidly flooding the infrastructure used to conduct all online business in the country. The attack centered mainly on small websites which were easy to knock out, but nevertheless was devastatingly effective. Bank websites became unreachable, paralyzing most of Estonia’s financial activity. Press sites also came under attack, in an attempt to disable news sources. And ISPs were overwhelmed, blacking out internet access for significant portions of the population.

While the Estonian government was expecting there to be an online backlash to its decision to move the statue, it was completely unprepared for the scale of the cyber attack. Estonia’s defense minister went on record to declare the attack “a national security situation”, adding “it can effectively be compared to when your ports are shut to the sea.”(1)

Once it became clear that most of the country’s online business infrastructure was being affected, the Computer Emergency Response Team for Estonia (CERT-EE) issued a plea for help from IT security specialists worldwide and an ad-hoc digital rescue team was assembled, which included people from my own firm, Beyond Security. It took us a few days to get to the bottom of the threat and begin setting up frontline defenses, which mainly involved implementing BCP 38 network ingress filtering techniques across affected routers to prevent source address spoofing of internet traffic. The attack waned quickly once we started taking defensive measures. But in the days it took to fight off the attack, it is likely that the country lost billions of Euros in reduced productivity and business downtime.

Cyber War in the Middle East

The Estonian incident will go down in history as the first major (and hopefully biggest ever) example of full-blown cyber warfare. However, there is one place on earth where cyber war has become part of the day-to-day online landscape – and it is still ongoing.

In the Middle East, the Arab-Israeli conflict has a significant online element, with thousands of attacks and counter-attacks a year. This has been the situation since the collapse of peace talks in the region and was preceded by a spontaneous wide-scale cyber war between Arab and Israeli hackers in 1999 and 2000. Arab sympathizers from many nations are involved. A group of Moroccan hackers have been defacing Israeli web sites for the last six years or so, and recently Israel’s military radio station was infiltrated by an Iraqi hacker.

Unlike the blitzkrieg-like strike in Estonia, this protracted warfare is not intended to paralyze critical enemy functions but more to sap morale, drain resources and hamper the economy. The targets are typically low-hanging fruit in internet terms: small transactional, informational and even homespun web sites whose security can easily be compromised. Taking over and defacing these sites is a way of intimidating the opposition – creating a feeling of ‘if they are here, where else might they be?’ – and leads to significant loss of data, profits and trust for the site owners.

Cyber War Spreads

If the Estonia and Middle East examples were our only experiences of cyber warfare then it might be tempting to put them down to local factors and therefore not of concern to the wider security community. Sadly, however, these instances are simply part of a much larger trend towards causing disruption on digital communications platforms. In January this year, for example, two of Kyrgyzstan’s four ISPs were knocked out by a major DDoS hit whose authors remain unknown.(2) Although details are sketchy, the attack is said to have disabled as much as 80% of all internet traffic between the former Soviet Union republic and the west.

The strike appeared to have originated from Russian networks which are thought to have had links to criminal activity in the past, and probably the only thing preventing widespread disruption in this instance was the fact that Kyrgyzstan’s online services, unlike those in Estonia, are poor at the best of times. It was apparently not the first such attack in the country, either.(3) It is claimed there was a politically-motivated DDoS in the country’s 2005 presidential elections, allegedly attributed to a Kyrgyz journalist sympathizing with the opposition party.

China has also engaged in cyber warfare in recent years, albeit on a smaller scale. Hackers from within the country are said to have penetrated the laptop of the US defense secretary, sensitive French networks, US and German government computers, New Zealand networks and Taiwan’s police, defense, election and central bank computer systems.

In a similar fashion, in 2003 cyber pests hacked into the UK Labor Party’s official website and posted up a picture of US President George Bush carrying his dog – with the head of Tony Blair, the Prime Minister of the UK at the time, superimposed on it.(4) The incident drew attention to government sites’ lax approach to security although in this particular event it was reported that hackers had exploited the fact that monitoring equipment used by the site hosting company had not been working properly. And as long ago as 2001, animal rights activists were resorting to hacking as a way of protesting against the fur trade, defacing luxury brand Chanel’s website with images of slaughtered animals. (5)

The Case for the Defense

What do all these incidents mean for policy makers worldwide? Both the Estonian and Middle Eastern experiences show clearly that cyber war is a reality and the former, in particular, demonstrates its devastating potential. In fairness, Estonia was in some ways the perfect target for a cyber strike. Emerging from Russian sovereignty in the early 1990s with little legacy communications infrastructure, the nation was able to leapfrog the developments of western European countries and establish an economy firmly based on online services, such as banking, commerce and e-government. At the same time, the small size of the country – it is one of the least populous in the European Union – meant that most of its web sites were similarly minor and could be easily overwhelmed in the event of an attack. Last but not least, at the time of the Estonian incident, nothing on a similar scale had been experienced before.

It is safe to say that other nations will now not be caught out so easily. In fact, if anything, what happened in Estonia will have demonstrated to the rest of the world that cyber weapons can be highly effective, and so should be considered a priority for military and defense planning.

What might make cyber warfare the tactic of choice for a belligerent state? There are at least five good reasons. The first is that it is ‘clean’. It can knock out a target nation’s entire economy without damaging any of the underlying infrastructure.

The second is that it is an almost completely painless form of engagement for the aggressor: an attack can be launched at the press of a button without the need to commit a single soldier.

The third reason is cost-effectiveness. A 21,000-machine botnet can be acquired for ‘just a few thousand dollars’, a fraction of the cost of a conventional weapon, and yet can cause damage and disruption easily worth hundreds of times that.(6)

The fourth is that it is particularly difficult for national administrations to police and protect their online borders. A DDoS attack may be prevented simply by installing better firewalls around a web site (for example), but no nation currently has the power to tell its ISPs, telecommunications companies and other online businesses that they should do this, which leaves the country wide open to cyber strikes.

The last but by no means least reason is plausible deniability. In none of the cyber war attacks seen so far has it been possible to link the strike with a government authority, and in fact it would be almost impossible to do so. In the case of the Chinese hack attacks, for instance, the authorities have provided a defense which amounts to saying: ‘There are probably a billion hackers on our soil and if it was us we would have to be stupid to do it from a Chinese IP address.’

A similar logic potentially provides absolution to the Russian administration in the case of Estonia: if it is so cheap and easy to get a botnet to mount a DDoS attack, why would the Russians bother mounting hack attacks from their own ISPs? And in the Kyrgyz attack, although the source of the DDoS clearly points to a Russian hand, the motives for Russia’s involvement remain hazy, leading to a suggestion that it may have been caused by Kyrgyzstan’s own incumbent party, acting with hired cyber criminals from Russia.

Tactics For Protection

With all these advantages, it is unlikely that any military power worth its salt is by this stage still ignoring the potential of cyber warfare. In fact, since the Estonia incident it is even possible that the incidence of cyber warfare has increased, and we are simply not aware of the fact because the defensive capabilities of the sparring nations have increased. After all, another important lesson from Estonia is that it is possible to mount a defense against cyber attacks. There is no single solution, no silver bullet, but a range of measures can be taken to deal with the kinds of DDoS issues faced by Estonia and the kinds of hacker attacks still going on in the Middle East.

For DDoS strike avoidance, there are four types of defense:
o Blocking SYN floods, which are caused when the attacker (for example) spoofs the return address of a client machine so that a server receiving a connection message from it is left hanging when it attempts to acknowledge receipt.
o Implementing BCP 38 network ingress filtering techniques to guard against forged information packets, as employed successfully in Estonia.
o Zombie Zappers, which are free, open source tools that can tell a device (or ‘zombie’) which is flooding a system to stop doing so.
o Low-bandwidth web sites, which prevent primitive DDoS attacks simply by not having enough capacity to help propagate the flood.

For hacker attacks such as those seen in the Middle East, meanwhile, there are
three main types of defense:
o Scanning for known vulnerabilities in the system.
o Checking for web application holes.
o Testing the entire network to detect the weakest link and plug any potential entry points.

A Doomsday Scenario?
All the above are useful defensive tactics, but what about strategic actions? First and foremost, the Estonian experience showed that it is important for the local CERT to have priority in the event of an attack, in order to ensure that things can return to normal as soon as possible.

Authorities can also as far as possible check national infrastructures for DoS and DDoS weaknesses,, and finally, national CERTs can scan all the networks they are responsible for – something the Belgian CERT has already started doing. Given the openness of the internet and the differing challenges and interests of those operating on it, these measures will of course only provide partial protection. But it is hoped they would be enough to prevent another Estonia incident. Or would they?

There is, unfortunately, another type of cyber war strike which we have yet to see and which could be several times more devastating that what happened in Estonia. Rather than trying to hack into web sites just to deface them – a time-consuming effort with relatively little payback – this tactic would involve placing ‘time bombs’ in the web systems concerned. These could be set to lay dormant until triggered by a specific time and date or a particular event, such as a given headline in the national news feed. They would then activate and shut down their host web site, either using an internal DoS or some other mechanism.

The code bombs could lay dormant for long enough for a malicious agency to crack and infect most or all of the major web sites of a country. And in today’s networked world, this is no longer about simply causing inconvenience. Think of the number of essential services, from telephone networks to healthcare systems, which now rely on internet platforms. Knocking all these out in one go could have a truly overwhelming impact on a nation’s defensive capabilities, without the need for an aggressor to send a single soldier into combat.

The means to create such an attack definitely exist. So do the means to defeat it. What has happened in Estonia and the Middle East shows we now need to consider cyber warfare as a very real threat. What could happen if we fail to guard against it really does not bear thinking about.

1. Mark Landler and John Markoff: ‘Digital fears emerge after data siege
in Estonia’. New York Times, 29 May 2007.
2. Danny Bradbury: ‘The fog of cyberwar’. The Guardian, 5 February 2009.
3. Ibid.
4. ‘Labour website hacked’. BBC News, 16 June 2003.
5. ‘The fur flies’. Wired, 23 January 2001.
6. Spencer Kelly: ‘Buying a botnet’. BBC
World News, 12 March 2009.

Greek Architecture

Architecture in ancient Greece was usually done with wood or mud-bricks, so their ground plans are the only evidence of their existence. Greeks established most of the most enduring themes, attitudes, and forms of western culture. Architecture is one of the Greek legacies that the western civilization has inherited, as Greece established many of the structural elements, decorative motifs, and building types still used in architecture today.

The two main styles of Greek architecture are doric and ionic. The doric style is much more disciplined and austere, whereas the ionic style is more relaxed and decorative. There was a strong emphasis in building temples for the Greek mythological gods and goddesses. But, there were also well known public buildings like the Parthenon.

Building materials used were limestone and some native stones. Highly expensive marble was used mainly for sculptural decoration found in grand buildings of the classical period. The roofs of their buildings were made up of timber beams covered with overlapping terracotta or occasionally marble tiles.

The structure of ancient Greek architecture consists of a basic cube or rectangle, flanked by colonnades, and a long sequence of columns. Building will have a pronao or a portico that open up to a large open court peristyle. Greeks used very little of the principles of the masonary arch, individual blocks bound together by mortar. The front end of the roof has flat triangular shaped structure, the pediment which is usually filled with scultural decoration.

Temples are the best known form of Greek architecture. The altar of the temple was usually found in the sacred fane, an enclosure, in front of the temple. The inner building of the temple, cella, served mainly as the storage room. The other common public builds of the Greek architecture are gymnasiums, the palaestra, and theatres.

In ancient Greece, architects were hardly treated as valuable master craftsmen, unlike today where the architects are closely associated with the work they produce. And moreover, architecture was not seen as an art form, as it is in modern times.

Forgive Me God – There Will Be Potholes In My Legacy

As we unravel the fabric of our personal story, we are left with a mixed bag. This is the time for a spiritual guy like me to come clean – to make amends for unruly behavior. The urgency to make things right stems from an aging process that leaves me feeling vulnerable when I look at the landscape of my life. I need closure from the times in my life when I “missed the mark.”

My children have heard my “sordid” stories because I used them as teachable moments for behaviors to avoid. I typically tried to provide “real-life” stories about my misdeeds and those of others as a way of promoting character-building qualities. This concept failed quite miserably, because my kids followed in my footsteps anyway.

When I was a young teenager, my parents departed for a business trip. I was left behind in the care of my older brother. Like most teenagers, I yearned for the day that I would turn sixteen so that I could move through the rite-of-passage of getting behind the wheel of an automobile. For me, that day didn’t come fast enough and those keys hanging near the front door presented a serious temptation. Without considering consequences (a typical problem for kids), I took off on a joy ride with my friend Chrissie. I was feeling very adult-like until we cruised through a neighboring town as a police officer was traveling toward me in the opposite direction. Chrissie spotted the cop and freaked out. I responded by over-turning onto a side street and nearly ending up in the front yard of a nearby house.

The officer spotted my brilliant move and pulled me over. After asking me the question I didn’t want to hear, “Son, can I see your license?” we were escorted to the local police station. My brother came to the station where we were released into his custody. “Wait until Mom and Dad get home,” Rick kept repeating. I wanted to hide under a rock and stay there indefinitely. I wrote a long “how could I have done this” letter prior to my parents return. I even included various punishment options within the letter’s body. When my parents returned home they received the news from my brother. Although they were not as angry as I expected, they indicated that I was to appear in court to respond to my behavior. I remember that fateful day when my father and I made our way to the county courthouse where I was vigorously lectured by the judge and then released to my father because I said that I would never to stupid tricks again.

Chrissie was a chatter-box, so the news of our adventure permeated the halls of our high school. We instantly became risk-taking, law-breaking heroes. It is interesting how teenagers can reframe things and make behaviors appear so awesome, even back in the days of my youth. I still have my high school yearbook which is full of quips about the “adventure,” “the ride,” and the good-natured teasing about my anti-social behavior.

That same school year, I took Latin because my parents thought it would help me with all those long medical terms. For some inexplicable reason, my Latin class was inhabited by all the “jocks” from every imaginable sport (no girls allowed). Things were complicated by the fact that the teacher was a first year rookie who was also the head cross-country coach. Mr. P. was known by many in the class for his coaching skills. No classroom introductions were necessary. The class period was split due to a lunch period which was squeezed into the middle of Latin.

The split-class option with lunch posed various sneaky “boys will be boys” possibilities. We brought red Jell-O back from lunch and conveniently placed it on page thirty two of Tony P.’s Latin book. I think this translation page was about Caesar’s Gallic wars. I remember Mr. P. retorting in his nasal tone, “Boys, your not being very funny at all.” On another occasion, we tortured our poor teacher by taking the onions out of our hamburgers and putting them in the radiator of the classroom before he arrived. Then we waited… As the aroma permeated the air, Mr. P. responded with, “Boys, I don’t think that was a very wise thing to do.” In spite of our antics, we actually formed a very positive relationship with Mr. P.

In the mid 1990’s, more than thirty years after the fact, I learned how potent a legacy I had left behind. At that time, I worked as Director of Guidance and Counseling for a midwestern high school. I was charged with the responsibility of helping formulate a new comprehensive guidance plan for our school. In order to accomplish the task, a colleague and I visited various exemplary school models throughout the state – one of them which happened to be my old alma mater. As I visited my school as an alumni, memories of my past began to envelope me. When we entered the counseling department office, we were greeted by retired counselors who were volunteering as part of their retirement package. When I mentioned my name and that I had attended the school decades ago, the gentleman laughed. The counselor replied, “We have heard of you and your antics along with some of your classmate’s behavior.” “Throughout the years, your story has repeatedly been mentioned by alumni and the Latin teacher.” I said, “This is quite amazing. “Is Tony still teaching here?” “He certainly is and you will find him in the teacher’s lounge.” the volunteer remarked.

As I entered the teacher’s lounge with my co-worker, I immediately sat down to have lunch. After we ate, I looked around the room to find Tony. I asked a teacher where he was sitting and as I moved toward his table I noticed the older version of my teacher. I introduced myself, but it was unnecessary. Tony grasped my arms and immediately began laughing. It was his last year of teaching and we sat at that table and he reminisced with his colleagues about a story that has touched so many lives.

Forgive me God – there will be potholes in my legacy! All of my memories constitute the nature of who I am. They remind me of my humanity and the ways in which I touched the lives of others for better or worse. I have one story. I don’t have the choice to take parts back. I just hope that in the end that I am appreciated for the sum total of all its parts.