DDoS attacks on Estonia "not from Kremlin"

Attacks aimed at Estonian government websites came from everywhere except from the Russian government, study suggests.

The DDoS attacks affecting Estonia were the spontaneous product of a loose federation of separate attacks rather than a concerted effort by a single government agency, according to data gathered by an IT security company.

The information collated by Arbor Networks showed that the source of attacks were worldwide rather than just from a few locations. The attackers used a giant network of botnets - perhaps as many as one million computers in places as far away as the US and Vietnam, to increase the impact of the attack.

Advertisement - Article continues below

The attacks came after a statue of a Russian soldier was moved from the centre of the Estonian capital Tallinn to a suburban graveyard, prompting outrage from Russia.

The DDoS attacks at their height streamed 90Mbps of data at Estonian networks for period of up to 10 hours. The company said that this was the equivalent of downloading the whole of Windows XP every six seconds.

"We do know that the sites affected (the Parliament, the Ministries of Finance and Agriculture and others) were offline or unavailable for hours at a time during the attacks," said Jose Nazario, senior security engineer at Arbor Networks.

"This is disruption, but as to how much this affected daily life for the average Estonian, it is not very clear."

Advertisement
Advertisement - Article continues below

He said that there was no evidence that these attacks targeted resources that every citizen would use (such as electricity grids or other control systems). And no sizable attacks against Estonian internet infrastructure were observed.

Advertisement - Article continues below

"Most of the attacks appeared more about making a statement at a high profile website or two than about disrupting Estonia's online life or economy," he said.

Nazario said that the source of the attacks were global in nature and not concentrated in one country.

"We know from tracking botnets that at least one or two botnets were involved in some of the attacks," said Nazario. "However, we've also seen non-botnet tools that turned peoples' computers into packet sources."

He said while there were signs of Russian nationalism at work, there was no government connection.

"None of the sources we have analysed from around the world show a clear line from Moscow to Tallinn; instead, it's from everywhere around the world to Estonia. Spoofed sources are easy to provide, but we see no evidence of who is behind the attacks supposedly coming from Moscow," said Nazario.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Recommended

Visit/mobile/mobile-security/355889/parachute-introduces-superlock-feature
mobile security

Parachute's Superlock feature keeps your phone recording in an emergency

2 Jun 2020
Visit/security/encryption/355820/k2view-innovates-in-data-management-with-new-encryption-patent
encryption

K2View innovates in data management with new encryption patent

28 May 2020
Visit/software/video-conferencing/355410/zoom-50-adds-256-bit-encryption-and-ui-refresh
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020
Visit/security/hacking/355382/whatsapps-flaw-shoulder-surfing
hacking

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020

Most Popular

Visit/security/ransomware/355891/nasa-it-contractor-ransomware-hack
ransomware

Ransomware collective claims to have hacked NASA IT contractor

3 Jun 2020
Visit/security/exploits/355866/critical-vmware-cloud-director-exploit-lets-hackers-seize-corporate
exploits

VMware Cloud Director exploit lets hackers seize corporate servers

2 Jun 2020
Visit/data-insights/data-science/355678/how-data-science-is-transforming-business
Sponsored

How data science is transforming business

29 May 2020