Threat Level: green Handler on Duty: Russ McRee

SANS ISC: InfoSec Handlers Diary Blog - Estonia, Botnets, and Economic Warfare InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Estonia, Botnets, and Economic Warfare

Published: 2007-05-21
Last Updated: 2007-05-21 21:38:32 UTC
by John Bambenek (Version: 1)
0 comment(s)
Now that the Estonia cyber attacks have waned somewhat, a wealth of discussion is being had on the implications of electronic warfare. Arbor Networks has a good technical analysis available on this. In this case, Russia tends to be blamed for the attacks over a row between Estonia and Russia over a cold-war era statue. My personal hunch is that this is more of a case of hacktivism. There was plenty of protest and boycotts from the pro-Russian side to indicate there were plenty of people spun up with fervor over the issue to put their botnets to work. Running a botnet and firing off an ICMP DDoS isn't difficult to pull off compared to say, poisoning a critic with Polonium 210. This is more likely a case of a bunch of people getting really torqued off and wanting a piece of the action (call it the "Blue Security treatment").

However, now that this has happened on a national scale, there will likely be more incidents of hacktivism on a large scale trying to take down organizations in the wake of some political or social controversy. I'd bet money that we'll see some of this with the general election in 2008 in the United States on a larger scale, certainly if the candidates are in any way controversial. Since botnets are only growing and will likely branch away from IRC-based controllers to other methods that are more quiet, it'll be a persistent problem for a long time... at least as long as it takes for us to figure out how to harden consumer PCs that often have no protection at all and are the low-hanging fruit for gibbering packet apes wanting to spew ICMP love.

--
John Bambenek - bambenek /at/ gmail (dot) com
Keywords:
0 comment(s)
Diary Archives