Estonian DDoS attacks ‘unlikely’ in U.S., says expert

Could U.S.-based organizations find themselves defending against the level of distributed denial of service (DDoS) attacks Estonian web servers have seen since early April? While saying there is no shortage of people with grudges against the U.S., a researcher at Arbor Networks' ASERT team said that it is an unlikely scenario.

The attacks, reportedly the result of a political squabble between Russian nationals and the newly elected Estonian government, have disrupted web services at numerous Estonian government agencies and financial institutions for weeks.

During a recent two-week period, ASERT's ATLAS web-tracking service saw 128 unique DDoS attacks on Estonian websites; of those, 115 were ICMP floods, four were TCP SYN floods and nine were generic traffic floods.

According to Jose Nazario, a senior security researcher with Arbor Networks' ASERT team, which investigates web-based threat activity, the attacks lasted from short, half-hour bursts to one lasting more than 10 hours. He noted that 10 of the attacks consumed 90 Mbps of bandwidth.

"All in all, someone is very, very deliberate in putting the hurt on Estonia," Nazario said. "This kind of thing is only going to get more severe in the coming years."

The DDoS attacks appear to have been initiated by Russians irked by a proposal by Andrus Ansip, Estonia’s newly elected prime minister, to relocate of a World War II memorial statue from downtown Tallinn to the outskirts of the city. Pro-Russians were reported to have considered the move to be a slur on their war dead and thus staged the DDoS attacks.

"Could [massive DDoS attacks] happen in the U.S.?" asked Nazario. "Certainly - there's no shortage of people with grudges against any country, and any geopolitical event could cause one."

That said, he doesn't foresee such an attack taking place on U.S. soil. "We track thousands of attacks a day - many against U.S. government sites - and they don't appear to have any substantial impact."

However, U.S. Rep. Tom Davis, R-Va., generally considered one of the most IT security-savvy members of Congress, has repeatedly warned that the nation could face a "cyber–Pearl Harbor" if it fails to shore up its infrastructure against web-based attacks.

A couple of issues are at work here, Nazario said. "Many U.S. government sites are more low profile - there are hundreds of departments within the U.S. Department of Defense and government that no one recognizes," he said.

More importantly, "All the major sites are very well protected in terms bandwidth and their ability to push back the attack traffic and keep legitimate traffic going."

Although Estonia is one of Eastern Europe's more technically advanced countries, its "infrastructure is not as robust, and they have fewer resources" than U.S. organizations, said Nazario. "They're savvy, and know what they're doing, and brought in help in right place so they're able to weather the attacks."

Get more IT security news. Click here for SC Magazine Blogs.


Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.