The protests and riots on the part of Russian nationals in response to the decision made by the Estonian government to move a Soviet-era war memorial is not exactly current news any longer. However, all political and nationalist concerns aside, these protests have brought to light a new type of operation in the arsenal of the independent partisan - attacks on the electronic infrastructure of a nation.
The idea is nothing new to gamers or hacker types, we see individuals, ventrilo servers, game servers, and even entire IRC networks get targeted in DDoS (or distributed denial of service) attacks. A DDoS attacker employs software specifically tailored for the purpose of converting mulitple other innocent bystander machines which have been infected with some sort of malware or trojan horse into a sort of crazed bandwidth-thirsty zombie machine. Unbeknownst to the owners of said bystander machines, the attacker can use the collective bandwith of his computerized zombie minions to rain hell on the intended target machine. This is commonly in the form of hammering the said target with more communications requests than it has capacity to respond to, rendering the target unable to function at even a fraction of what it is able to operate at under normal conditions. Typical targets are individuals that got on the wrong side of someone with the right tools, and website hosting servers; a few plucky groups have even tried to launch attacks on DNS root servers in an attempt to bring the entire internet to a grinding hault.
Now that we're up to speed on the methodology, we can now have a look at just how little the folks behind this wave of DDoS attacks on Estonia are fucking around. Based on the compilation linked here, the attackers were occupying a network capacity that at times was peaking around 100 Mbps. This is a good 30 times the average residential peak upload capacity in some parts of Europe, and a good 150 times the average residental upload capacity in the United States. That makes for one massive internet wrecking ball, which the attackers were swinging wildly all over Estonian internet interests - government sites, banking mainframes, and even large commercial or corporate sites based out of Estonia, in a clear attempt to bring the increasingly progressive and tech-dependent Estonian society and economy to it's knees.
At least for a while, that is. The attacks are nearly at a standstill at this point and things are resuming as normal in the Estonian internet space. The small upside to such attacks is that they carry a reduced threat of long-term damages; while some can result in locked up session or a crashed OS all together, most attacks are a just a pain while they're being launched and everything can resume as normal after the source has been found and properly locked out. What has not yet been estimated yet (it seems) is the obvious negative effect this deliberately targeted attack had on the Estonian economy.
It has been speculated that the attack might have either been carried out direclty by or at the least ordered by agents of the Russian government, speculation that Moscow has been quick to deny. But in light of many strange happenings that seem to point towards the Kremlin, can that possibility really be ruled out? In addition, are we seeing the dawn of a new battlefield, not merely a theatre of operations for rogue hackers and troublemakers, but of warring nations?
No comments:
Post a Comment