From: InfoSec News (alertsinfosecnews.org)
Date: Tue Jun 12 2007 - 02:02:57 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.cbw.cz/phprs/2007061112.html

By Pavla Kozkov
11.06.2007

Not so long ago Estonia made the headlines as the first country to hold
its national elections via Internet. Now the country has taken center
stage due to a different but much less pleasant first, and one which
could hit closer to Czech homes than Czechs would like.

Estonia is one of the most advanced countries in its use of Internet and
e-government in Europe. An attack on its virtual world hit society where
it counts the most. Estonia, which became independent of the former
Soviet Union in 1991, pulled down a bronze statue of a Red Army soldier
in the center of the capital city of Tallin at the end of April. The
move provoked strong words from Russia and the largest riots among the
Russian minority in Estonia since the collapse of the Soviet bloc.
During the protests some 1,300 people were arrested, 100 injured and one
person killed.

The political row escalated in May when Estonia endured a two-week
cyberwar that disabled Web sites of government, political parties,
newspapers, banks and companies. The damage caused by the shutdowns
hasnt been calculated yet. These attacks are the first known incidence
of an assault on such a wide scale and caused alarm across the countries
of North Atlantic Treaty Organization (NATO), which is examining the
offensive and its implications. NATO even sent some of its top
cyber-terrorism experts to the Estonian capital to investigate and
strengthen the countrys electronic defenses.

While no one is pointing fingers openly at Russia, all heads are turned
in that direction. So far there has been no proof of Russias official
involvement. The hackers have been disrupting Estonian Web sites using
distributed denial of service attacks (DDoS), which swamp Web sites with
tens of thousands of visits. The huge number of visits exceeds the
capacity of the server and disables the sites.

Estonian authorities claimed that one of the addresses sending the DDoS
belonged to an official who works with Russian President Vladimir Putin,
but the Russian government denied any involvement. According to online
publication Boing Boing, a Russian youth group called Nashi, which has
strong ties to Putin, claimed responsibility for the attacks. Whether it
is the Russian state or some patriotic group that orchestrated this
cyberwar isnt as important as that it alerted attention to possibilities
and ramifications of Web aggression.

The Czech angle

The second largest city in the Czech Republic, Brno, South Moravia, is
considering removing a memorial above the tomb of Red Army soldiers in
Brnos district Kralovo Pole. The Russian general consulate in Brno
already stated it would consider the removal of the memorial as a breach
of interstate treaty and as a hostile step.

The debate was started by Brno Deputy Mayor Ren Pelan who, in the
district newsletter, called the structure a monster. The monument is
shaped like a stone pyramid with a Cyrillic inscription saying that 326
Red Army soldiers, who died during Brnos liberation in 1945, are buried
there. At the base of the monument is a flowerbed thats supposed to
symbolize a grave.

Pelan wants the space cultivated and proposed removing the memorial and
replacing it with an irregular piece of rock. The new stone monument
would bear the inscription to the memory of all victims of World War II,
he suggested. It would make no specific reference to the Red Army.

The Russian consulate said that victory in World War II was attained at
the cost of huge Russian sacrifices, and thats why the attempts in a
number of countries to rewrite the history of the war and to distort the
importance of the victory are absolutely unacceptable. The consulate,
however, said that it believes that the Czech Republic is not trying to
rewrite the history, according to the Czech News Agency (CTK).

Estonias lesson

The events in Estoniataken seriously, not only by the country directly
affected, but also by NATO officialsgives Czechs and other nations a
flavor of what might happen if they anger another state. The memorial is
scheduled for repair this year and apart from cleaning up the obelisk,
it will get back the Russian symbols of a hammer and sickle, according
to an agreement between the Ministry of Defense and Brnos City Hall. The
symbols of the communist Soviet Union were originally part of the
memorial and will most likely return, despite the protests from leaders
in the Kralovo Pole district. This should serve to make the Russians
happy.

But there is another issue that for the past couple of months irks the
Russians to such degree that they stated they would be willing to point
their missiles at the Czech Republic: the U.S. radar base. The first
round of the Czech-U.S. talks on the possible hosting of the U.S. radar
base in the Czech Republic were completed in May. The talks are expected
to last another several months but Russia is coming up with strongly
worded comments on the issue almost daily. While so far the threats
circle around the use of the conventional, old-fashioned missiles, the
Estonian experience shows a way that countries can express
dissatisfaction and cause damage without reverting to brute force.

What would be the effects of such a shutdown in the Czech Republic? Even
though the country isnt very advanced in e-government services yet, a
cyber attack on the government Web sites would still result in
significant inconvenience for officials and citizens. The attack could
shut down portals for Web applications such as public transport
schedules, for example. Shutdowns could also affect advertising income
for portals.

The effects of such a shutdown would be equally lethal for a company
that generates its sales revenues from business deals closed solely on
the Internet, such as Internet shops. The Czech largest online retailer
in terms of revenue Internet Mall posted its sales exceeding Kc 1.37
billion ( 48.5 million) in 2006 and one day out of operation might cost
the company almost Kc 3.8 million in lost revenues. The amount,
naturally, would be lower for slow seasons such as summer and higher for
high seasons such as December holidays but it gives us an idea what the
cost of even a limited cyber attack could be.

_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas,
the world's premier technical event for ICT security
experts. Featuring 30 hands-on training courses and
90 Briefings presentations with lots of new content
and new tools. Network with 4,000 delegates from
70 nations. Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on
June 1 so register today. http://www.blackhat.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]