Analysis: Who cyber smacked Estonia?

WASHINGTON, June 11 (UPI) -- The recent cyber attacks on Estonian government networks were likely carried out by politically motivated hacker gangs, not Russian security agencies as some early reports suggested, according to assessments conducted by the U.S. government and the private sector.

The attacks were crude so-called distributed denial of service, or DDoS, attacks, utilizing global networks, or botnets, of compromised computers, known as slaves, or zombies, often owned by careless individuals, "including some in the United States," according to a statement from Mike Witt, deputy director of the U.S. Cyber Emergency Response Team.

The team, known by the acronym U.S.-CERT, is the element within the Department of Homeland Security that "coordinates defense against and responses to cyber attacks across the nation," according to its Web site.

"U.S.-CERT became involved after NATO, of which Estonia is a member, contacted the U.S. for computer incident response assistance to a cyber attack," said Witt in the statement. His team "worked with an international group -- the Forum of Incident Response and Security Teams, or FIRST -- to coordinate a global response to the attacks, which were carried out by computers scattered across the globe," he said.

The Witt statement did not address the question of the origin of the attacks, but former senior U.S. cybersecurity official Bruce Brody said analysts in both the private sector and the U.S. government had told him "the prevailing assessment" was that no "state actor" was behind the attacks.

"This was a brute force, crude attack," he told UPI, "without the elegance and precision" characterizing the sophisticated cyber-warfare capabilities of major powers.

Professor James Hendler, former chief scientist at the Pentagon's Defense Advanced Research Projects Agency, described the attacks as "more like a cyber riot than a military attack."

Such politically motivated attacks by organized hacker networks -- known to specialists as "hactivism" -- were also seen against Danish Web sites after the publications of cartoons of the Prophet Mohammed in a magazine there.

"The size of the cyber attack, while it was certainly significant to the Estonian government, from a technical standpoint is not something we would consider significant in scale," said Witt, adding he believed the United States would be able to defend itself easily against attacks on a similar scale.

"While no one is immune to cyber attacks," he said U.S. government networks were "more sophisticated, extensive and diverse," making them "less susceptible to disruptions or attacks."

DDoS attacks work by getting the networks of slave computers to bombard the systems being attacked with requests for information -- overloading them and causing the Web servers to crash.

Hendler told UPI that DDoS attacks "are moving lower and lower down the list of (cyber) threats," but added this was generally because they are poorly targeted.

Like any other weapon, he said, the effectiveness of DDoS attacks could be maximized by careful targeting -- for instance, of a crucial system at a particular time it was likely to be very busy, or vulnerable to overload for some other reason.

"You could do it surgically," he said. "If you did some work, you could probably find information-critical (U.S. government) systems that could be brought down ... with a big enough attack."

On the other hand, he said, "the government is pretty attuned to the possibilities of these types of attacks" and had taken extensive counter-measures.

Witt said a key challenge in countering botnets was identifying the source, "in part because of sophisticated new peer-to-peer type structures now being adopted by hackers."

By employing so-called peer-to-peer technology, "where the network is recruited and organized horizontally, from one compromised computer to another, rather than vertically, with each reaching back to the origin, it is much more difficult to track and source the hackers behind the attacks," he said.