190 likes | 779 Views
Cyber Warfare Case Study: Estonia. Jill Wiebke April 5, 2012. What is Cyber Warfare?. Cyber warfare “is a combination of computer network attack and defense and special technical operations” (IEEE)
E N D
Cyber WarfareCase Study: Estonia Jill Wiebke April 5, 2012
What is Cyber Warfare? • Cyber warfare “is a combination of computer network attack and defense and special technical operations” (IEEE) • 8 Principles:Lack of physical limitations Identity & privilegesKinetic effects Dual useStealth Infrastructure controlMutability & inconsistency Information as operational environment
Things to Consider… • Malicious cyber activity: crime, espionage, terrorism, attacks, warfare • Classifications are made by intentions of perpetrator and effect of the act • Definition of cyber attack is inconsistent
Case Study: Estonia • Baltic territory • Capital: Tallinn • Independence in 1918 • Forced into the USSR in 1940 • Regained freedom in 1991, Russian troops left in 1994 • Joined UN in 2001, and NATO and EU in 2004 • Known as an “e-society,” paperless government, electronic voting, etc.
Attacks on Estonia • Who: That’s the real question, isn’t it? • What: Distributed denial of service (DDoS) attacks on government, banks, corporate websites; website defacement • When: April 27, 2009 – May 18, 2007 • Where: Estonia • Why: Another good question… • How: Well-known attack types, but “unparalleled in size;” hundreds of thousands of attack computers
Attack Progression • April 27: Estonian government websites shut down from traffic, defaced • April 30: Estonia began blocking Web addresses ending in .ruIncreased attack sophistication; targets now included media websites attacked by botnets • 1 million computers were unwittingly employed to deploy botnets in US, China, Vietnam, Egypt, Peru • May 1: Estonian ISPs under attack • May 9: Russian victory in WWII – new wave of attacks at Russian midnight • May 10: Banks are attacked
Details • Estonia had just decided to relocate a Soviet WWII memorial • Large, well-organized, well-targeted attacks – not spontaneous – began hours after the memorial was relocated • Malicious traffic indicated political motivation and Russian language background • Instructions for attacking websites were posted in Russian language forums including when, what, and how to attack • Did not accuse Russian government (not enough evidence), but attacks are believed to have originated in Moscow • IP addresses of attackers belong to Russian presidential administration • Russian officials denied any involvement; IPs could have been spoofed
Effects of the Attacks • One person has been convicted – student in Estonia organized a DDoS attack on the website of an Estonian political party • NATO enhanced its “cyber-war capabilities” • Created a “cyber defense research center in Tallinn in 2008” • Cyber Command – Full Operating Capability on Oct 31, 2010
Other Cyber Attack Examples • Georgia • DDOS attacks coincided with Russian invasion in August 2008 • Stuxnet • Worm that targets industrial control systems • Infected Iranian nuclear facilities • Titan Rain • Suspected Chinese attacks on the US since 2003 • “Nearly disrupted power on the West Coast” • Security breaches at defense contracting companies
Magnitude of Cyber Warfare • Attribution • Nation-state actors • Non-state actors • “Hired guns” • Trails end at an ISP • New territory – no rules/standards • Legal territory issues • International laws do not exist yet • Crime of Aggression definition • Impacts
Glimpse at Cyber Warfare Future • The US heavily relies on cyber networks, so a cyber attack could be highly detrimental • Physical impacts • Disable water purification systems • Turn of electricity • Misrouting planes/trains • Opening dams • Melting nuclear reactors • Communication network impacts • Stock market manipulations • Wireless Internet access outages
Why SAs Should Care • Cyber attacks are increasing in threats, frequency, and intensity • Targets range from government entities, banks, corporations, to private businesses • We are the “cyber warriors” and “network ninjas” that will be dealing with the effects of cyber warfare
References • https://www.cia.gov/library/publications/the-world-factbook/geos/en.html • http://www.state.gov/r/pa/ei/bgn/5377.htm • http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5634434 • http://www.stratcom.mil/factsheets/cyber_command/ • https://docs.google.com/a/utulsa.edu/file/d/0B7yq33Gize8yNjEzNDkxMGMtOWMyNS00ZDJhLTg4MDUtZDUwODQ2YjQwOTIw/edit?pli=1 • http://www.industrialdefender.com/general_downloads/news_industry/2008.04.29_cyber_attacks_p1.pdf • http://www.getgogator.com/News/Content/Articles/Malware/The%20Evolution%20of%20Cyber%20Warfare.pdf • msl1.mit.edu/furdlog/docs/washpost/2007-05-19_washpost_estonia_cyberattacked.pdf • http://www.msnbc.msn.com/id/31801246/ns/technology_and_science-security/t/look-estonias-cyber-attack/#.T3Mt7NmGWW9 • ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6029360&tag=1 • http://www.law.duke.edu/journals/dltr/articles/2010dltr003.html