| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 20 May 2008 19:21:49 +0300 From: "Viktor Larionov" <viktor.larionov@...va.ee> To: <bugtraq@...urityfocus.com> Cc: funsec@...uxbox.org, full-disclosure@...ts.grok.org.uk, ge@...uxbox.org Subject: Re: An account of the Estonian Internet War Hi Gadi and all the rest of a community, I work and live in Estonia, and I was a witness to all happening here, especially on the cyber-sphere starting the first day. Let's skip the details on the political context of your story, which from my point of view is far from being neutral, and pass-on to technical part of it. First of all, neither I, nor (well as far as I know) anybody here have seen any evidence that attacks have originated from Russia. I certainly have no doubt that there may have been adresses located in Russian IP-pools attacking our government networks, but well we are professionals here, and we do understand what do botnets mean, do we ? What concerns the story about blogs and forum activities, well pardon, CNN also showed pictures of happening in Estonia, so did BBC, EuroNews, MTV3 that gives me no arguments to claim that CNN is behind all that :) More of that, living here, and working in the IT sector for a half of my life I have noticed none of increasing hacker activity on my servers. (also the company servers) Neither did a lot of my friends here. In fact, yet I have not seen anyone, except for some political party though, who would have suffered from so called "cyber-war". All those stories about banks going offline, etc. etc. etc. - well may I tell you that my visa was working properly all the time, and my bank was 24/7 available. This all led me to the conclusion, that all the hush is about a couple (ok, maybe tens or hundreds) of DDoS attacks being done. Tell me, how many attacks or ok, attack attempts does your corporate network suffer during the day ? What concerns that student you wrote about, well, Gadi please, as far as I know that was a ping-of-death he commited against the server of one political party. And well, if your server goes offline due to a ping of death, the please, you have security issues, and serious ones... And for me, the story about "ugly russian hackers" in this context sounds more than hillarious for me. The more ridiculous it gets if one tries to make an international disaster of one "lazy admin forgetting to install a firewall". Give me a break... In general, a lot of IT experts around here, are concerned that no "cyber-war" has never happened, everything was going about a couple, maybe 10-20 DDoS attacks which took place, and sleeping admins off duty. And what concerns the security situation here in Estonia, well I should agree with you that, yes, our banks have the security which we may trust, well at least from my point of view. But if we go to the goverment level, then please... You don't even need to be a cracker know-it-all of any kind, a plain skript-kiddie skill will do the trick...e.g. recently checking out one software package for security breaches we have found a key to a some of 100 Estonian goverment websites + web server user priveleges on the boxes itself...it took us 15 minutes not even being a security-expert of any sort. Fortunatelly for the goverment we are the good guys. :) Generally, pardon Gadi but, your story copies 1:1 the story the officials tell everybody, and well sorry but mr. Toomas Hendrik-Ilves'es IT skills leave me in a very grand doubt. So does the story he has no evidence for. So far the online community has seen none of the evidence the government was boasting about, a year has gone by - and personally I consider all this a one big bluff. Just my point of view. Kindest regards, Viktor Larionov Tallinn, Estonia -----Original Message----- From: Gadi Evron [mailto:ge@...uxbox.org] Sent: Tuesday, May 20, 2008 5:27 PM To: bugtraq@...urityfocus.com Cc: full-disclosure@...ts.grok.org.uk; funsec@...uxbox.org Subject: An account of the Estonian Internet War About a year ago after coming back from Estonia I promised I'd send in an account of the Estonian "war". The postmortem analysis and recommendations I later wrote for the Estonian CERT are not yet public. A few months ago I wrote an article for the Georgetown Journal of International Affairs, covering the story of what happened there, in depth. The journal owns the copyright so I had no way of sending that along either. I wasn't about to email saying "go buy a copy". Mostly silly articles kept popping up with misguided to wrong information about what happened in Estonia, and when an Estonian student was arrested for participating, some in our community even jumped up to say "it was just some student". Ridiculous. This is the "war" that made politicians aware of cyber security and entire countries scared, NATO to "respond" and the US to send in "help". It deserved a better understanding for that alone, whatever actually happened there. I was there to help, but I just deliver the account. The heroes of the story are the Estonian ISP and banking security professionals and the CERT (Hillar Aarelaid and Aivar Jaakson). Apparently the Journal made my article available in PDF form by a third party: Battling Botnets and Online Mobs Estonia's Defense Efforts during the Internet War URL: http://www.ciaonet.org/journals/gjia/v9i1/0000699.pdf It is not technical, I hope you find it useful. Gadi Evron. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists