lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CBEGIFDHGBLGDCJDOKAPGENPCJAA.viktor.larionov@salva.ee>
Date: Tue, 20 May 2008 19:21:49 +0300
From: "Viktor Larionov" <viktor.larionov@...va.ee>
To: <bugtraq@...urityfocus.com>
Cc: funsec@...uxbox.org, full-disclosure@...ts.grok.org.uk, ge@...uxbox.org
Subject: Re: An account of the Estonian Internet War

Hi Gadi and all the rest of a community,

I work and live in Estonia, and I was a witness to all happening here,
especially on the cyber-sphere starting the first day.

Let's skip the details on the political context of your story, which from my
point of view is far from being neutral, and pass-on to technical part of
it.

First of all, neither I, nor (well as far as I know) anybody here have seen
any evidence that attacks have originated from Russia. I certainly have no
doubt that there may have been adresses located in Russian IP-pools
attacking our government networks, but well we are professionals here, and
we do understand what do botnets mean, do we ?
What concerns the story about blogs and forum activities, well pardon, CNN
also showed pictures of happening in Estonia, so did BBC, EuroNews, MTV3
that gives me no arguments to claim that CNN is behind all that :)

More of that, living here, and working in the IT sector for a half of my
life I have noticed none of increasing hacker activity on my servers. (also
the company servers)
Neither did a lot of my friends here. In fact, yet I have not seen anyone,
except for some political party though, who would have suffered from so
called "cyber-war".
All those stories about banks going offline, etc. etc. etc. - well may I
tell you that my visa was working properly all the time, and my bank was
24/7 available.

This all led me to the conclusion, that all the hush is about a couple (ok,
maybe tens or hundreds) of DDoS attacks being done.
Tell me, how many attacks or ok, attack attempts does your corporate network
suffer during the day ?

What concerns that student you wrote about, well, Gadi please, as far as I
know that was a ping-of-death he commited against the server of one
political party.
And well, if your server goes offline due to a ping of death, the please,
you have security issues, and serious ones... And for me, the story about
"ugly russian hackers" in this context sounds more than hillarious for me.
The more ridiculous it gets if one tries to make an international disaster
of one "lazy admin forgetting to install a firewall".
Give me a break...

In general, a lot of IT experts around here, are concerned that no
"cyber-war" has never happened, everything was going about a couple, maybe
10-20 DDoS attacks which took place, and sleeping admins off duty.
And what concerns the security situation here in Estonia, well I should
agree with you that, yes, our banks have the security which we may trust,
well at least from my point of view. But if we go to the goverment level,
then please...
You don't even need to be a cracker know-it-all of any kind, a plain
skript-kiddie skill will do the trick...e.g. recently checking out one
software package for security breaches we have found a key to a some of 100
Estonian goverment websites + web server user priveleges on the boxes
itself...it took us 15 minutes not even being a security-expert of any sort.
Fortunatelly for the goverment we are the good guys. :)

Generally, pardon Gadi but, your story copies 1:1 the story the officials
tell everybody, and well sorry but mr. Toomas Hendrik-Ilves'es IT skills
leave me in a very grand doubt. So does the story he has no evidence for.
So far the online community has seen none of the evidence the government was
boasting about, a year has gone by - and personally I consider all this a
one big bluff.


Just my point of view.
Kindest regards,

Viktor Larionov
Tallinn, Estonia




-----Original Message-----
From: Gadi Evron [mailto:ge@...uxbox.org]
Sent: Tuesday, May 20, 2008 5:27 PM
To: bugtraq@...urityfocus.com
Cc: full-disclosure@...ts.grok.org.uk; funsec@...uxbox.org
Subject: An account of the Estonian Internet War


About a year ago after coming back from Estonia I promised I'd send in an
account of the Estonian "war". The postmortem analysis and recommendations
I later wrote for the Estonian CERT are not yet public.

A few months ago I wrote an article for the Georgetown Journal of
International Affairs, covering the story of what happened there, in
depth. The journal owns the copyright so I had no way of sending that
along either. I wasn't about to email saying "go buy a copy".

Mostly silly articles kept popping up with misguided to wrong information
about what happened in Estonia, and when an Estonian student was arrested
for participating, some in our community even jumped up to say "it was
just some student". Ridiculous.

This is the "war" that made politicians aware of cyber security and entire
countries scared, NATO to "respond" and the US to send in "help".
It deserved a better understanding for that alone, whatever actually
happened there.

I was there to help, but I just deliver the account. The heroes of the
story are the Estonian ISP and banking security professionals and the
CERT (Hillar Aarelaid and Aivar Jaakson).

Apparently the Journal made my article available in PDF form by a third
party:

Battling Botnets and Online Mobs
Estonia's Defense Efforts during the Internet War

URL: http://www.ciaonet.org/journals/gjia/v9i1/0000699.pdf

It is not technical, I hope you find it useful.

Gadi Evron.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ