DDoS attacks on Estonia "not from Kremlin"
By Rene Millman,
The DDoS attacks affecting Estonia were the spontaneous product of a loose federation of separate attacks rather than a concerted effort by a single government agency, according to data gathered by an IT security company.
The information collated by Arbor Networks showed that the source of attacks were worldwide rather than just from a few locations. The attackers used a giant network of botnets - perhaps as many as one million computers in places as far away as the US and Vietnam, to increase the impact of the attack.
The attacks came after a statue of a Russian soldier was moved from the centre of the Estonian capital Tallinn to a suburban graveyard, prompting outrage from Russia.
The DDoS attacks at their height streamed 90Mbps of data at Estonian networks for period of up to 10 hours. The company said that this was the equivalent of downloading the whole of Windows XP every six seconds.
"We do know that the sites affected (the Parliament, the Ministries of Finance and Agriculture and others) were offline or unavailable for hours at a time during the attacks," said Jose Nazario, senior security engineer at Arbor Networks.
"This is disruption, but as to how much this affected daily life for the average Estonian, it is not very clear."
He said that there was no evidence that these attacks targeted resources that every citizen would use (such as electricity grids or other control systems). And no sizable attacks against Estonian internet infrastructure were observed.
"Most of the attacks appeared more about making a statement at a high profile website or two than about disrupting Estonia's online life or economy," he said.
Nazario said that the source of the attacks were global in nature and not concentrated in one country.
"We know from tracking botnets that at least one or two botnets were involved in some of the attacks," said Nazario. "However, we've also seen non-botnet tools that turned peoples' computers into packet sources."
He said while there were signs of Russian nationalism at work, there was no government connection.
"None of the sources we have analysed from around the world show a clear line from Moscow to Tallinn; instead, it's from everywhere around the world to Estonia. Spoofed sources are easy to provide, but we see no evidence of who is behind the attacks supposedly coming from Moscow," said Nazario.
You may also like...
advertisement
Latest Security Features
Q&A: The ID card commissioner talks cards and controversy
We spoke to ID card commissioner Sir John Pilling about his thoughts on the identity scheme and why we might all think he's a bit of prat down the line.
- So you've been hacked, now what?
- The problems facing Internet Explorer
- Year in Review: 2009 in your words
- Top 10 security predictions for 2010
- Year in Review: Top tech stories of 2009
- The worst IT disasters of 2009
- Five free security software suites
- How to stay safe shopping online
- Is it time to switch to IPv6?
Latest Security Reviews
Symantec Backup Exec 2010 review
Rating: 
advertisement
Most popular
- Your Views: Google Street View across the UK
- Reviews round-up: Windows Phone 7 and Firefox Mobile
- Q&A: Conrad Wolfram on communicating with apps in Web 3.0
- Why is Microsoft accelerating Service Pack 1?
- Palm 'disapointed' by results, Pre sales
- Google updates Chrome, awards security bonus
- Report: Macs cost less to run than Windows PCs
- A guide to BlackBerry Messenger 5.0
- Windows Phone 7 review ? hands on
- HTC Legend review
Latest News Videos in Security
Video: Why security is everybody's responsibility
PlayRik Ferguson, senior security advisor at Trend Micro says it's up to all of us to make security work.
Whitepapers
Want more background on today's hottest IT trends?
Visit IT PRO's whitepaper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.