This article can also be found in the Premium Editorial Download "Information Security magazine: How to dig out rootkits."
Download it now to read this article plus other related content.
Estonian attackers reportedly employed botnets in their DDoS attacks, including one with a million computers. The effect was equivalent to more than 1 million individuals participating in a Web sit-in--many more than the few thousand who typically join a sit-in--except that none of them volunteered. They too were victims. Moreover, unlike most sit-ins that last an hour or two, the Estonian attack went on for weeks. The net effect of the siege was extremely disruptive and costly--at least $1 million for one of the targets, Estonia's largest bank.
The extent of the assault led some to speculate that it was the work of the Russian government. This seems unlikely. The hijacked computers comprising the botnets were located all over the world. It is doubtful the Russian government would engage in that level of collateral damage against neutral countries. Although a few attacks seem to have come from inside the Kremlin, those computers too could have been compromised. Also, at least one individual--the leader of a pro-Kremlin youth group--admitted to staging one of the attacks, and several Russian-language Web forums distributed information and scripts for participating in the attacks.
More importantly, it did not take a government to cause the cyber damage seen in Estonia. The assault showed that a few individuals, operating on their own and without the resources of a government, can cause considerable damage at a national level. Al-Qaida and other terrorists know
As cyberspace increasingly penetrates our lives and critical processes, and cyber technologies and attack tools continue to advance, the possibilities for harm will increase. We need to take cyber defense seriously, regardless of whether the cyberterror terminology sounds like hype today.
This was first published in September 2007