I'll just like to share about a digital onslaught which happened around April last year that i just read last night. Although its quite long please bear with me.
The Estonian Minister of Defence stared at the Web-error message: the site for Postimees, the country's leading newspaper, wasn't responding. He attempted to pull up the sites of a couple of other pages. They were all down. Government communications were going down. The leading bank was under siege. Government web sites and the police communication were affected. Atm's were down. Hand phones were jammed because the hackers had flooded the system with spam mail. An enemy had invaded and was assaulting dozens of targets. His aide explained that they were under attack from a rogue computer network otherwise known as bot net, and it had slipped into the country through its least protected border- the Internet.
Welcome to Web War One.
The cause
The event that sparked this war was the removal of a two metre tall bronze statue in central Tallinn, the capital of Estonia a day earlier. The soviets had built the monument in 1947to commemorate their war dead after driving out the Nazis. But the Russians settled in and soon masses of Estonians were deported to Siberia. This was a symbol oppression to the citizens of Estonia. And now through 16 years of independence the Estonian government have ignored the protest of the Russian government and have removed the monument and placed it in a military cemetery. Riots occurred on the streets, mostly by Russians where they broke windows, flipped cars and went against the police. Hundreds of them were arrested. But as a result, a different kind of aggression began to sweep the country.
As the minister met with the cabinet about how the government would repel the bot net attack, the head of IT at the postimees Ago Vaarsi, watched with alarm as his newspaper's server were swamped with 2.3million page views. The servers had already crashed 20 times.
A flat panel monitor on the wall of his office displayed bandwidth consumption - the amount of traffic that flowed into the newspaper from within Estonia and abroad. Usually it hovered in the green zone - 20 to 30 % of capacity unused. Now the numbers ticked down: 20, 10, 5 % unused. If it reached zero the site would become inaccessible. Nobody would be able to read the news online.This would have a major impact on Estonia as many people read the news online. The country was saturated with free Wi-Fi.
Automated computer programs continued to spew posts onto the Postimees' commentary pages, overloading the servers' processors. Vaarsi discovered that the attackers were constantly tweaking their malicious server requests to evade the filters he wrote. Whoever was behind this assault was sophisticated, fast, and intelligent. For 5 days he struggled to keep up his servers. On Wednesday May 2, traffic rose again. The traffic was mostly coming from Egypt, Vietnam and Peru followed. At noon available bandwidth hit zero. The site went down. He had only one choice: to sever the Internet connection. He keyed in a few lines of code and pressed Enter - all international requests to the paper were blocked. In the eyes of the world Postimees site disappeared. instantaneously the bandwidth turned green, but at a cost. Estonia's leading news outlet could not tell the world what was going on in its country. It was as if an invisible hand Had pressed a button and Estonia had vanished.
Clandestine Alliance
The same day, a tough ex-beat cop turned digital detective named Aeralaid was having dinner at an extravagant restaurant near Tallinn. Aeralaid heads the Estonian computer emergency response team(CERT), the de facto Estonian internet defence force. Across the dinner table sat Kurtis Lindqvist, one of the man in charge of running Stockholm Netnod, one of the world's 13 root domain name servers, which direct global traffic. Lindqvist belonged to a clandestine alliance of Internet elite with the power to cut off global Internet flows. He is one of the so-called Vetted: the selected few who are trusted by the world's largest Internet Service Providers(ISPs) and can ask then to kick rogue computers off the net. ( Now that's what you call The Man.) By a stroke of luck he and some others were in Tallinn for a meeting. Aeralaid explained that to beat back the bots he needed help tracing their origins. Then he needed to persuade ISPs around the world to blacklist the people attacking computers that would otherwise overwhelm. But most international ISPs had never heard of Aeralaid. He could be a hacker for all they knew. That's where the Vetted would come in- they would make calls on Aeralaid's behalf.
By the end of dinner Lindqvist agreed to help. Patrick Falstrom from Sweden and Bill Woodcock from the US- two more of the Vetted- would soon agree to join him.
Multiple Fronts
The cyberattacks continued on and off over the next week, unfolding across multiple fronts. The foot soldiers were called script kiddies - relatively unsophisticated troublemakers who copied program line for line off hacker websites. Their primary weapon was the "ping" attack, a simpe request for response from a Web server, repeated hundreds of time in a second. When deployed by masses of attackers, the "pings" could overwhelm a server.
Then there was the air force: botnets. These giant squadrons were made up of hundreds of individual computers from around the world that had been hijacked previously by hackers. The computer known as zombies could be made to flood designated addresses with a variety of useless net-work clogging data. It was the digital version of carpet bombing and is known as distributed denial of service or DDoS.
Finally there was the special forces-the hackers who would infiltrate individual Websites, delete legitimate content and post their own messages.
The dream team
At 10pm on Tuesday May 8, Lindqvist, Falstrom and Woodcock arrives at CERT headquarters. It was like a geek dream team. Woodcock wore bison skin boots handcrafted for him. Falstrom, a pony tailed former programmer for the Swedish Navy. Lindqvist flipped open his Powerbook G4 and plugged in. Woodcock hoisted his laptop into the air, called Aeralaid and Lindqvist over, took a picture with the built in camera and sent it out to the network to prove to the Vetted that Aeralaid was for real.
At exactly 11pm, Estonia was rocked with traffic coming in at more than 4 million packets per second, a 200-fold surge from the normal 20000packets per second. Globally nearly 1 million computers suddenly navigated to a multitude of Estonian websites. The entire country's bandwidth was squeezed.
Aeralaid and his team started chasing the sources upstream. In a matter of minutes they tracked down a botnet comprising mostly hijacked computers in the US. As aeralaid identified a special address, Woodcock and Lindqvist sent rapid fire emails to network operators throughout the world asking for the IP to be blocked at the source. One by one, they picked off the bots. By dawn they had deflected most of the attacks and the bandwidth hovered just above normal.
Thus the Web War One ended.
No comments:
Post a Comment