Analysis: An Eastern European argument has created a new kind of DDOS attack

Share this article:

The clash between Estonia and Russia over the removal of a Soviet war monument is gathering force on the web.

The re-siting of a bronze statue of a Soviet soldier in the Estonian capital Tallinn has triggered a wave of protests from Russians, ranging from physical blockades of the border and the Estonian embassy in Moscow to riots and, now, a flood of alleged cyber attacks.

Estonian authorities claim that a million PCs have been used in several waves of crippling direct denial-of-service (DDOS) attacks on government sites, banks and media organisations. Damage is estimated to run into tens of millions of euros, and Nato chiefs are said to be advising the tiny EU nation.

Russian officials have denied any state responsibility and have suggested the Estonians should prove their allegations - an impossible burden, given the nature of the attacks. As well as malicious traffic from Russia itself, analysts say they have traced attackers to other countries, including the US, Canada, Vietnam and Brazil.

According to Paul Sop, chief technology officer of DDOS defence specialist Prolexic Technologies, this battle has one unusual element: "Activists have downloaded a DDOS tool and pointed it at a specific website at a pre-arranged time. This is a huge shift in the use of this technology.

"Most websites could be brought down by 20,000 or 30,000 users doing this, and that's not such a large number in political terms," he warns.

Cyber-security is expected to be discussed at a meeting of Nato officials next month. In the meantime, it seems Estonia has little recourse. The concept of a cyber-war is not new, recent events such as the Iraq war and the cartoons crisis in Denmark attracted similar online responses, if on a somewhat smaller scale.

Although the size of this assault is unprecedented in geopolitical terms, commercial attacks can be much more impressive. "One single professional Russian botnet herder could easily generate this amount of traffic, and more," observes Sop.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Apple implements two-factor authentication

The company followed through on its promise to up iCloud security by implementing two-factor authentication earlier this week.

C&K apologizes for unauthorized access that led to Goodwill breach

A web hosting service apologized for intermittent unauthorized access of its hosted environment over 18 months that led to the Goodwill breach.

Yelp and TinyCo settle with FTC over COPPA Rule violations

Yelp and TinyCo settle with FTC over COPPA ...

Yelp will pay $450,000, and TinyCo will pay $300,000 to settle charges that their mobile apps collected information from children under the age of 13.