Some interesting detail on the Estonian Cyberwar. This ain’t just any old attack. According to Jose Nazario, who works at ARBOR SERT, the attacks peaked a week ago, but aren’t over:
As for how long the attacks have lasted, quite a number of them last under an hour. However, when you think about how many attacks have occurred for some of the targets, this translates into a very long-lived attack. The longest attacks themselves were over 10 and a half hours long sustained, dealing a truly crushing blow to the endpoints.
There’s some older stuff here, from F-Secure, which shows that it’s not (just) a government initiative. And Dr Mils Hills, who works at the Civil Contingencies Secretariat of the UK’s Cabinet Office (a department of government responsible for supporting the prime minister and cabinet), feels that cyberwar may be too strong a term for something that he prefers to label ‘cyber anti-social behaviour’.
Indeed, what surprises him is that such a technologically advanced state — which uses electronic voting, ID cards and laptop-centric cabinet meetings — could so easily be hobbled by such a primitive form of attack, and what implications that holds:
What IS amazing is that a country so advanced in e-government and on-line commercial services has been so easily disrupted. What more sophisticated and painful things might also have already been done? What else does this indicate about e-security across (i) the accession countries to the EU; (ii) NATO and, of course, the EU itself?
Definitely true that this is probably just a little blip on the screen of what is possible, and what governments are capable of doing.
(Definition of Cyberwar from Wikipedia here.)
Attacking the ‘right thing’ with 90mbps of traffic, and what Jose doesn’t mention is this is sampled netflow from a bunch of providers not necessarily the victim so the full effect isn’t obvious here, is certainly enough to get people’s attention. While it’s bad in some senses, there are protections that could be put into place to thwart the attackers. We do this daily for folks. Preparation is key, and often folks won’t/don’t prepare until it’s far too late.
-Chris