Student fined 1,100 euro for DoS attack on key sites in Estonia

Share this article:

A 20-year-old Estonian student has been fined 1,100 euro ($1,626) by a regional court for launching a wave of denial of service (DoS) attacks against the websites of numerous businesses and high-ranking politicians in Estonia, including the website for the political party of Estonia's prime minister, in April and May of last year.

 

The student, Dmitri Galushkevich, reportedly admited to initiating the attacks from his own computer. After Galushkevich's DoS took place, the Estonia government claimed that Russia was either directly or indirectly involved, which the Russian government denied.

 

However, a report posted on Friday by Heise Security in the United Kingdom said that last year's attack on the Estonian websites deployed parts of a botnet that had been previously used to mount attacks on servers hosting sites for opponents of the Russian government and the former world chess champion Gary Kasparov, now an outspoken critic of Russian President Vladimir Putin.

 

Galushkevich, a native Estonian reportedly of Russian ethnic origin, was said to be angry over his government's controversial plans to move a World War II-era memorial known as the Bronze Soldier from the center of Tallin in Estonia to the outskirts of the city and initiated the attacks as a protest.

 

The proposed move of the statue – erected by a Communist government when Estonia was part of the Soviet Union – and a decision by the Estonian government to relocate the graves of several Soviet soldiers who died in World War II – ignited a variety of protests, most often led by members of the country's ethnic Russian minority.

 

Galushkevich attacks, which not only took down a wide range of websites, including banks and schools as well as those for political organizations.

 

While some reports expressed surprise that a single individual could create so much disruption, it came as no major shock to Jose Nazario, a senior security researcher with Arbor Network's ASERT team, which investigates web-based threat activity.

 

 "Bear in mind that many of these attacks appeared to be coming from botnets, or compromised personal computers, which grow organically, then wait for commands to send traffic," Nazario told SCMagazineUS.com.

 

"We track thousands of these a day, and it's a very effective mechanism for an individual to have thousands and even hundred of thousands individual PCs doing their bidding," he said. "With just a couple of keystrokes, one individual can tell tens of thousands of computers around world to send traffic to one computer," generating a DoS attack.

 

What's not so effective, Nazario pointed out, is controlling one of the key elements in denial of service attacks: the independent server used by attackers to control their botnets. These are typically servers at third-party web hosting sites that have been taken over by individuals such as Galushkevich.

 

"We see [co-opted servers] all over the place," Nazario said. "A hosting site makes a good choice because the servers there are generally up and running as long as possible."

 

Nazario said he isn't pleased with the relatively small fine Galushkevich paid.

 

 "I'd like to see the punishment upscaled, but I'm not sure of [the] extent of law in Estonia in regard to this kind of crime," he said. "There clearly were real damages associated with the attack, including lost productivity for the people who use the networks and loss of productivity to protect the networks by the people who run the networks."

 

He noted that the U.S. "has stricter penalties and more case law for this kind of attack, and the U.K. has even more significant laws with regard to this kind of computer abuse

Share this article:

Sign up to our newsletters

More in News

Feds warn health care sector of looming cyber attacks

The FBI believes that the lax security systems that the health care industry has in place make it a prime target for cyber attacks.

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.