DarkMarket_ Cyberthieves, Cybercops and You - Misha Glenny [75]
Thankfully for all of us, the Kremlin indeed showed no inclination to render any fraternal assistance, but as Tallinn’s centre crackled and fizzed with rioters and flag-burners, hackers were opening up a new front in this peculiar conflict.
That evening the websites of Estonia’s President and several government ministries started receiving inordinate amounts of spam email, while the Prime Minister’s photo on his party’s website was defaced. Russian-language chat rooms began to exhort hackers to launch attacks on Estonian sites and were distributing the software to do so. According to sources quoted in a US Embassy telegram to Washington (c/o WikiLeaks), the initial attacks were technically unsophisticated and ‘seemed more like a cyber riot than a cyber war’.
Over the weekend, however, the attacks escalated from spam showers to DDoS attacks. Hackers had created dozens of those pesky botnets, suborning infected zombie computers around the world and forcing them to request Estonian websites. These were mighty assaults – the presidential website, ‘which normally has a two-million megabits-per-second capacity, was flooded with nearly 200 million Mbps of traffic’, according to the US Embassy cable. This was still manageable, but on 3rd May ‘the cyber attacks expanded beyond Government of Estonia sites and servers to private sites’.
At about ten o’clock that evening Jaan Priisalu received a call at his home on the outskirts of Tallinn. ‘They told me that the channels were all going down at work,’ he remembered. As the Chief of IT Security at Estonia’s biggest bank, Hansabank, Priisalu went into overdrive. ‘I then got an SMS, which informed me that our Internet banking service had gone down.’
It was action stations all round: tens of thousands of computers were swamping Hansabank’s systems with requests for information. Priisalu immediately started to delve into the frenetic electronic activity and soon discovered that Hansabank was under attack from a botnet comprising some 80,000 computers. Following the attacks back to their origin, Priisalu found they were coming from a server in Malaysia. Not that this amounted to evidence of anything at all, for beyond Malaysia the attackers had successfully masked their real origin. But he realised immediately that he was dealing with a very serious attack. ‘It was massive,’ he said. A botnet of 80,000 computers is a big monster that can completely paralyse a company’s entire system within a matter of minutes.
Thanks to Priisalu’s precautionary measures, Hansabank was well prepared with powerful servers. These were alternative websites that could mirror content (thus making it more difficult for DDoS attacks to succeed). However, even though Hansabank’s site remained online, the US Embassy’s key Estonian source reported that it cost the company ‘at least 10 million euros ($13.4 million)’.
The next targets were the Estonian media, including the daily paper with the most frequently visited news website. ‘Imagine, if you can, the psychological effect,’ said one observer, ‘when an Estonian tries to pay his bills but can’t, or tries to get the news online but can’t.’ The government was on high alert, deeply worried that the escalating attacks represented ‘a frightening threat to key economic and societal infrastructure’.
By this time Hillar Aarelaid and his team had fully mobilised. Estonia’s CERT responded by expanding the country’s broadband ‘pipeline’ into the country with the assistance of its friends abroad, notably in Finland and Sweden. ‘We had been expecting that something like this