Financial Times: Kremlin-backed group behind Estonia cyber blitz

Update (March 12, 2:17 am Pacific): Hillar Aarelaid points out to me in an email that this was reported almost two years ago in the Russian-language press. Google Translated version here.

Financial Times:

By Charles Clover in Moscow
Published: March 11 2009 02:00 | Last updated: March 11 2009 02:00

Members of a Kremlin-backed youth movement have claimed responsibility for May 2007 cyber attacks that crippled Estonia’s internet in the midst of a diplomatic argument with Russia.

It is believed to have been the first attack of its kind, directed against virtually the entire informational infra-structure of a Nato country.

Estonian officials said the attacks originated in Russia. They began after April 27, when Estonia removed a second world war Soviet memorial from its capital, Tallinn, provoking a storm of protest from Moscow. They continued to mid May.

Russia has consistently denied any involvement. Yesterday, however, Konstantin Goloskokov, a “commissar” in the youth group Nashe, which works for the Kremlin, told the Financial Times that he and some associates had launched the attack, which appears to be the first time anyone has claimed responsibility.

“I wouldn’t have called it a cyber attack; it was cyber defence,” he said.

“We taught the Estonian regime the lesson that if they act illegally, we will respond in an adequate way.”

Palju õnne sünnipäevaks, Eestimaa!

Estonian Declaration of Independence, 24 February 1918

MANIFESTO
To All The Peoples of Estonia

Never in the course of centuries have the Estonian people lost their ardent desire for Independence. From generation to generation Estonians have kept alive the secret hope that in spite of enslavement and oppression by other nations the time will come in Estonia “when all splinters, at both end, will burst forth into flames” and when “Kalev will come home to bring his children happiness.”

Now this time has arrived.

Manifest kõigile Eestimaa rahvastele

Eesti rahvas ei ole aastasadade jooksul kaotanud tungi iseseisvuse järele. Põlvest põlve on temas kestnud salajane lootus, et hoolimata pimedast orjaööst ja võõraste rahvaste vägivallavalitsusest veel kord Eestis aeg tuleb, mil “kõik piirud kahel otsal lausa löövad lõkendama” ja et “kord Kalev koju jõuab oma lastel õnne tooma”.

Nüüd on see aeg käes.

February 6: Cyrus interviewed on PRI’s The World

I had the honor of being interviewed (again!) by Marco Werman on “The World” today to talk about the relationship of the Estonian economy to technology.

It will be available on any of these stations (and their Internet streams):

New York – 3 pm Eastern – WNYC – 820 AM – www.wnyc.org
Washington, DC – 8 pm Eastern – WAMU – 88.5 FM – www.wamu.org
Los Angeles – 12 pm Pacific – KPCC – 89.3 FM – www.kpcc.opg
Boston – 4 pm Eastern – WGBH – 89.7 FM – www.wgbh.org
San Francisco – 2 pm Pacific – KQED – 88.5 FM – www.kqed.org

You can also find it on The World’s site later in the day and on my site if you miss the broadcast.

Update: Audio is here.

AFP: Estonian tourist trade turns to IT to fight recession

AFP, February 1 2009:

But Estonia slid into recession in 2008 as rampant inflation dented domestic consumption.

The global economic crisis compounded the bleak picture by hitting exports — as well as the tourist trade, as many would-be foreign visitors stay at home.

The economy contracted by an estimated 2.8 percent in 2008. Authorities expect it to shrink by 4.5 percent this year, although analysts say it may plunge by as much as 7.0 percent.

Dozens of hotels built in the picturesque capital Tallinn during the boom are now struggling and are slashing costs by firing staff, closing for the winter and offering hefty discounts via their websites.

One of Tallinn’s newest hotels is trying to draw visitors by offering free unlimited international calls via the Skype Internet service, which has more than 370 million users worldwide.

[Feliks Magus, chairman of the Estonian Hotel and Restaurant Association] said other hotels were following suit.

Kyrgyzstan under cyberattack

First Estonia. Then Georgia. Now Kyrgyzstan.

Computerworld:

A Russian “cybermilitia” has knocked the central Asian country of Kyrgyzstan off the Internet, a security researcher said today, demonstrating that the hackers are able to respond even faster than last year, when they waged a digital war against another former Soviet republic, Georgia.

Since Jan. 18, the two biggest Internet service providers in Kyrgyzstan have been under a “massive, sustained distributed denial-of-service attack,” said Don Jackson, the director of threat intelligence at SecureWorks Inc.

The attacks, which are ongoing, have knocked most of the country offline and disrupted e-mail to and from a U.S. air base there, Jackson said. The public affairs officer at Manas Air Base in Kyrgyzstan was not immediately available to answer questions about whether the attacks have disrupted operations or other activities.

According to Jackson, the distributed denial-of-service (DDoS) attacks — essentially a flood of requests that overwhelm servers and effectively knock them off the Internet — can be traced to the same groups of Russian and ethnic Russian hackers who assembled in militia-like fashion last August to launch similar attacks against Georgia.

In a related matter, check Lauri Almann‘s (permanent undersecretary of defense for the Republic of Estonia from 2004 to 2008) new piece in Stanford’s Policy Review:

The main ddos attack lasted ten days, from May 8 to May 18. During the period between May 10 and May 15, Estonia’s banks came under fire from the cyber warriors; two major banks had to stop their online services. Ninety-four percent of banking transactions in Estonia are conducted online, and so the attacks had a crippling effect on financial dealings in the country. Most Estonians do not have checkbooks. When the banking system was set up after the nation regained independence in 1991, the decision was made to skip the issuance of checkbooks in favor of direct, online banking. This, of course, made Estonia even more vulnerable to damage from attacks.

Of course, a ddos attack against online banking lasting several days is enough time to do a great deal of damage to an economy. The attack was not continuous, but came in waves, suggesting that it was not a riot of hackers, but a well coordinated attack. It appears from the pattern of attack that one bot herder was controlling the intensity of the attacks. This demonstrates clearly that there was a single point of control. It is important to note that when the attack began, Estonia had no way of knowing how long the attack would last or whether it would be ongoing.

“Echolocation” and “Cold”

Rebecca’s back (again!), with yet another potent pairing of poems, this time in Octopus.

I will say that I’m a big fan of “Cold,” as it mentions one of my favorite countries, Estonia!

ECHOLOCATION

Most days I wear
the hunched run

of an animal, darting
until caught

in net or claw—
and that’s fine.

Trapped, I noise
and flap, send you

pressed air,
let you forge

toward me.
Let you touch me.

Let you cut
through net and claw.

COLD

I like my shadow when I’m in this coat.

I look like a Russian soldier or I’m wearing a dress.

I need to be more friendly. I need to treat Estonians better.

Updated: Estonia approves voting via mobile phone. (Not exactly.)

The Estonian parliament (pictured) has just approved a bill to let Estonian citizens vote via their mobile phone. This makes the country the first country in the world to do so, and comes about 20 months after Estonia held its first nation-wide election where the electorate could cast their ballots online.

Mobile phone voting, which likely will come via a new secure SIM card to be used in conjunction with the country’s digital ID card system, will take effect in the 2011 parliamentary elections.

[via Russian News and Information Agency]

Update: Kris Haamer points me to a TV ad previewing EMT’s mobile voting system that aired about 20 months ago.

Update (Dec 17.): I spoke with Silver Meikar, an Estonian MP, who told me that this actually isn’t quite mobile phone voting. In fact, this is using Estonia’s digital ID card infrastructure to use your phone as an ID tool instead of your ID card and reader. You still need a computer and an Internet connection to vote online, but you now can just have your phone instead of your ID card. So, not as sexy.

IDG News Service has more.

News from Estonia

1) Estonia’s minds key, says president, Wales Online, October 16 2008:

[Estonian President Toomas Hendrik Ilves] does not believe the collapse of Icelandic banks has doomed the concept of small, “clever” countries.

He said: “In terms of small countries, it’s basically how you do things. The financial sector in Estonia represents 4% of GDP.

“The financial sector in Iceland represented 25% of GDP.”

Boasting of Estonia’s economic progress, he said: “We started out with a GDP of about $800 a year, and the last we measured was $21,600, which is basically the same as Portugal – that’s since independence to 2006.”

He added: “We’re less corrupt than half of the EU. We had to impose tariffs to join the EU.”

2) Estonia’s Let-It-Be Economy Is Rattled by Worldwide Distress, The New York Times, October 10 2008:

The government cut the state budget by 1 percent of gross domestic product to avoid running a deficit this year, even though Estonia has hefty fiscal reserves invested outside the country.

Fiscal stimulus and specified assistance, Estonian officials said, would only delay the inevitable.

In that, the Estonian response to economic distress contrasts sharply with the United States, where Washington is borrowing freely and desperately trying to prevent the housing bust from wreaking havoc across the economy.

“The economy needs to adjust,” said Märten Ross, deputy governor of the Bank of Estonia. “There is no sense in policies that try to keep construction workers in construction.”

Whatever the approach, both business executives and government officials agree that Estonia needs to become much more export-oriented — though right now being unburdened with foreign debt has saved it from being another Iceland. With 1.3 million people and a G.D.P. of $29.4 billion, only about 18 percent of the country’s companies export anything at all.

3) Bush: South Korea, six others get visa waiver, AFP, October 18 2008:

WASHINGTON (AFP) — US President George W. Bush announced Friday that citizens of South Korea and six other US allies would enjoy visa-free travel to the United States beginning about one month from now.

The other countries are the Czech Republic, Estonia, Hungary, Latvia, Lithuania, and Slovakia, all of which have reached agreements with the United States, which has broadened security measures in the wake of the September 11, 2001 attacks.

4) Estonia’s Cyber Security Policy, Cyber Law Update, October 17 2008

A year-and-a-half after the coordinated denial-of-service attacks against its government and commercial computer systems, Estonia has released a national cyber security strategy that includes details about the attacks and offers recommendations for preventing attacks in the future and for a global stance toward cyber security. The report identifies four “policy fronts”:

1) application of a graduated system of security measures in Estonia;

2) development of Estonia’s expertise in and high awareness of information security to the highest standard of excellence;

3) development of an appropriate regulatory and legal framework to support the secure and seamless operability of information systems;

4) and promoting international cooperation aimed at strengthening global cyber security.

NPR: Estonia Seeks Stronger EU Response To Russia

NPR: All Things Considered, September 9, 2008 · The European Union has been split about how to respond to Russia’s attack on Georgia. Estonia is one of the EU members to have argued for a stronger response to Russia. It says NATO and EU membership must now be offered to Georgia and Ukraine.

Slate: How I became a soldier in the Georgia-Russia cyberwar

Big ups to Evgeny Morozov for penning this oft-lauded piece for Slate, “An Army of Ones and Zeroes: How I became a soldier in the Georgia-Russia cyberwar.” (Not to toot my own horn, but I played a small role in this piece, in that Evgeny asked me who to contact at Slate for the piece, and he took care of the rest.)

He writes:

I had a much simpler research objective: to test how much damage someone like me, who is quite aloof from the Kremlin physically and politically, could inflict upon Georgia’s Web infrastructure, acting entirely on my own and using only a laptop and an Internet connection. If I succeeded, that would somewhat contradict the widely shared assumption—at least in most of the Western media—that the Kremlin is managing this cyberwarfare in a centralized fashion. My mission, if successful, would show that the field is open to anyone with a grudge against Georgia, regardless of their exact relationship with state authorities.

Of course, the fact that Estonia is providing technical expertise and web hosting to Georgia after having gone through similar attacks last year by legions of anonymous Russian hackers definitely piques my interest.