DarkMarket_ Cyberthieves, Cybercops and You - Misha Glenny [76]
Thanks to the coordination of the government, the police, the banks and CERT, the impact of the attacks on ordinary citizens was kept within reasonable boundaries. Hansabank maintained its online banking, but the other two largest banks were unable to. Instead people simply switched to using their branches. Mobile phones were interrupted and, once the government ordered the shutdown of Estonia’s links to the outside world, communication with the country was tricky for a few days. Contrary to initial reports, traffic lights in Tallinn did not stop working, but there was some interruption to the work of the government and the media.
The attacks continued at varying degrees of intensity for two weeks, culminating in a massive assault on 9th May, the date of the Red Army’s victory over the Nazis in Europe. At this point, exhausted by the relentless flood of DDoS attacks, the Estonian government decided to cut off the country’s Internet system from the rest of the world. The DDoS attacks declined to a dribble, eventually coming to an end on 19th May.
The implications of the Estonian events were grave. In political terms it was perfectly clear that the attacks came from Russia, but predictably the government in Moscow denied all responsibility for them. And it is perfectly possible that there was no official involvement. Researchers were unable to track down the precise origin of the attacks. Assuming that they did come from Russia, however, the government must have known about them because of their omniscient monitoring system, SORM-2. Having said that, there was so much extraordinary Internet activity going on in Russia at the time that maybe even the fabled SORM-2 was having a hard time keeping up with everything. Who can say? Because one thing that the attack on Estonia made quite clear was that you can make a very shrewd guess as to who has instigated events like these, but you cannot ever be certain.
Like all governments, the Russian government was evolving its own unique attitude towards the Internet, its function and the relationship between the state and the end user. Moscow recognised as early as the 1990s that the political and security importance of the Internet was such that it deserved the full attention of one of the country’s most enduring and successful institutions: the secret police. In short, the FSB (intimate successor to the KGB) developed the ability to monitor every packet of data zinging in, out and around the country. This system goes under the appropriately sinister acronym of SORM-2, the or the System for Operative-Investigative Activities.
SORM-2 is truly frightening. Should you request information over the Web from your computer in Vladivostock or Krasnodar, then when it reaches your Internet Service Provider, a duplicate package dutifully trots off to FSB central in Moscow, to be read, mulled over, laughed at and (who knows?) used in evidence against you, at the FSB’s pleasure. At the very least, it will be stored.
Not only does SORM-2 require that Russian ISPs feed all Internet activity through to the FSB’s headquarters, but it adds insult to injury by compelling the ISPs to purchase the required equipment (at a cost of more than $10,000) and to fund the running costs of the service. These costs are of course passed on to consumers, who thus end up paying quite directly for a mighty tool of oppression of which they are the principal victims.
The Russian state has the capacity to know who is doing what, when, to whom and, probably, why over the Web. Of course, a sneaky Russian computer-user might concoct a plan to circumvent