Last month, a disagreement between Estonia and Russia resulted in a debilitating attack on some of Estonia’s most-used government, banking and media websites. The attackers remain anonymous and many suspect Russia. Is it cyber-warfare? Arbor Networks' senior security researcher Jose Nazario explains.
BROOKE GLADSTONE: This is On the Media. I'm Brooke Gladstone. BOB GARFIELD: And I'm Bob Garfield. Since the small Baltic nation of Estonia cast off Soviet rule in 1991, it has emerged as one of the world's most digitally advanced nations. Estonians use Wi-Fi all over the country. They shop, bank and even vote on the Net. Of course, this heavy dependence on technology can leave you vulnerable, a point driven home to Estonians last month after a disagreement with Russia.
In April, the Estonian Parliament voted to remove a World War II-era statue of a Soviet soldier from the capital, Tallinn. For Russians, the act showed a shocking disregard for Russia's fight to free the country from the Nazis. But for many Estonians, the statue symbolized years of oppression under Soviet rule.
The conflict itself is an old story, but the retaliation against Estonia was new. It took the form of a highly organized, highly destructive cyber-attack on Estonia's websites. Senior security researcher at Arbor Networks, Jose Nazario, says the attacks focused on Estonia's most important sites. JOSE NAZARIO: These include the Ministries of Finance, the Ministry of Agriculture, the Parliament. A number of key government websites were, in fact, targeted in what we call a distributed denial of service attack. It's distributed because it comes from multiple sources around the world – in this case, thousands of sources – and it's a denial of service attack because what they're trying to do is overwhelm the systems, both the network and the servers, with so many requests and so much traffic that they're unable to provide service to legitimate users.
BOB GARFIELD: This is not done necessarily by individuals sitting there at their computers and clicking on Estonian websites. This is a robotic attack. JOSE NAZARIO: Correct. In most cases, it is what we call a botnet attack, a network of computers that have been compromised, essentially turning them into robots or zombies, where they receive these attack commands and they follow them blindly. BOB GARFIELD: As you mentioned, these attacks seem to be emanating from hither and yon – Vietnam, Brazil, you name it. But, you know, you have to assume that there would be no actual motive for the random Brazilian [LAUGHS] to be incensed at Estonians removing a Soviet monument from Tallinn. So what is happening here? JOSE NAZARIO: It's important to remember that a lot of these computers around the world participating in the attack are doing so without any of the owners' knowledge or consent. The people behind the attacks, however, that's a much different story. And these people often hide their tracks, especially in very high-profile attacks, and to discover that really requires a lot of traditional detective work. And right now we have no evidence that the Russian government was behind any of this. BOB GARFIELD: Hmm. You've observed that Estonia is particularly advanced in terms of digital infrastructure and yet was quite vulnerable to this denial of service assault. What about the United States? Are we at national security risk from Russia or anybody else? JOSE NAZARIO: We don't think so. Every day we track thousands of these kinds of attacks. The American government has really much, much beefier network resources available to it to withstand such attacks, because they have been dealing with these for quite a while. And so it would take a very determined adversary to actually disrupt this. BOB GARFIELD: I call this cyber-warfare. Maybe it's more like cyber-civil disobedience. I mean, is it even illegal? JOSE NAZARIO: It depends on the country. It is illegal in some countries for such attacks to take place. I think the U.K. has probably the most stringent computer security and attacker laws on the books. There have been some efforts to try and get some of these regulations codified around the world with some success, but not a whole lot. So it really depends on the jurisdiction. BOB GARFIELD: Let's just say that this turns out not to have been either begun or facilitated by the Russian government but that it's more or less a spontaneous response from ethnic Russians in Estonia and elsewhere in the diaspora. Which, though, is the greater threat?
JOSE NAZARIO: You can, of course, negotiate with a government. Dealing with the individuals can be much tougher. And if they're loosely grouped, that they simply just share a nationalistic streak as opposed to taking orders from a central organization, it's much harder, I think, to shut down such an effort, because you have to go after each of those groups individually. BOB GARFIELD: In a world in which dissidents are poisoned with polonium in foreign [LAUGHS] restaurants and Scotland Yard is rebuffed in its investigation, is there any reason to think that we'll ever get to the bottom of this particular episode? JOSE NAZARIO: The good news is that while it's easy for some nations to block access to resources within their jurisdictions, the Internet, because it transcends a lot of national boundaries, there's a lot of data that can be gathered outside of those boundaries, really easing data collection. We don't physically have to go, for example, to Russian territory to find out if, indeed, the Russian government was behind these attacks. BOB GARFIELD: Well, Jose, thank you very much for joining us. JOSE NAZARIO: Thank you. It's been my pleasure. BOB GARFIELD: Jose Nazario is a senior security researcher at Arbor Networks in Ann Arbor, Michigan.