Russian Hide-and-Seek with Routers

So what exactly happened with the allegedly Russian-orchestrated DDOS attack on Estonian Internet interests? Some people have been talking about the first act of “cyberwar” against a sovereign state, others about a bizarre fuss about nothing. AFOE asked Gadi Evron, a world expert on botnets who runs Israel’s CERT and who took part in the international response effort, exactly what was going on.

How large was the DDOS attack on Estonian interests? How many different sites were targeted?

The DDoS attacks themselves were relatively small compared to some
past attacks we have seen, such as those on the root servers, but it
was significant for them and their infrastructure.

2. EE-CERT was presumably the first responder. How did other CERTS and agencies get involved, and what support did you/they provide?

There were 4 CERTs from Europe (Finland, Germany and Slovenia) who
helped directly with the response outside of Estonia, serving as an
escalation point for reporting attacking sources outside of Estonia.
I was there to help in whatever was needed, and later was also asked
to write a post-mortem of the attacks and defense for the Estonians,
covering preparedness for the next time.

Inside the country what saved the day was close coordination between
the CERT, ISPs, banks, etc. who all responded in semi real-time and
helped each other out.

3. Did the attackers attempt to compromise network infrastructure, or just end hosts?

They mostly left the network infrastructure alone, however, one
misconfigured router was attacked directly and another couldn’t take
the stress.

4. How much disruption was actually caused?

Considering Estonia is more advanced than most of us (they even held
the last elections online) the impact of the attack was significant
with some down-time for the banks, government sites, etc. It could
have been more serious, but while their Internet infrastructure as a
quiet country was not prepared for such an attack, the response and
mitigation worked for them. They stood the risk of losing their
ability to buy gas, for example, and for a short time, they did.

5. How unusual were the mitigation techniques used – just BCP38 etc, or spookier?

The fascinating thing is that in Estonia BCP38 is considered best
practice and implemented widely, which likely prevented some more
mess. As to mitigation, it ranged from basics such as using mitigation
devices to extremes such as blocking connections to certain networks
from abroad. Nothing any of us haven’t done before ourselves, however
mundane or extreme.

6. What fraction of the traffic came from within Russia? Or was it typical botnet activity, globally distributed?

The botnet traffic was distributed globally, with some of the botnets
being bought. However, many of the attacks were not by a botnet, but
rather by a mass of home users using commands such as ping to manually
attack Estonian sites. As they coined in Estonia, this was a riot, and
not just in the streets. Many different Russian-speaking forums and blogs (the Russian
blogosphere?) encouraged people to attack Estonia using crude commands
or simple tools. Others used more advanced techniques.

7. What was the role of ENISA?

“Who?”

8. Did the attack attempt to compromise/darkout other Internet-connected systems?

What other systems? Sorry, I don’t follow.

“Other systems” here was intended to mean such things as telco networks, embedded control systems, and the like.

Telco’s were affected for sure, as they hosted or were transit. There
was no attack on control systems that I know of, but the Internet is
critical infrastructure enough. The civilian infrastructure proved to
be more critical than any SCADA system.

Thanks!

Winners of the Third Annual Satin Pajama Awards

Here are the winners of the Third Annual Satin Pajama Awards.

Best Writing: Le Blagueur à Paris
Best Weblog from the UK: Johnny Billericay
Best Weblog about Southeastern Europe: Balkan Baby
Best Weblog about the CIS: New Eurasia
Best Expatriate Weblog: Isoglossia
Best Personal Weblog: Petite Anglaise
Best Political Weblog: Slugger O’ Toole
Best Weblog from Germany: Ahoi Polloi
Best Weblog from France: Eolas
Best Culture Weblog: DA…NCE
Best Non-European Weblog: Pharyngula
Best Expert or Scholar Weblog: Real Climate
Best Economics Weblog: New Economist
Best Food Weblog: Chocolate and Zucchini
Most Underappreciated Weblog: Kosmopolit
Best New Weblog: Not Saussure
The 2007 Satin Pajama for Lifetime Achievement: Mick Fealty, founder of Slugger O’Toole.

And finally…

Best European Weblog of 2007: Petite Anglaise

You can still see all the finalists and their share of votes on the poll page. They’re all worth a visit.
I again thank Michael Manske and Clive Matthews for helping out.

Congratulations, everyone!

The Disunited States: America’s Collapse?

Gideon Rachman of the FT gives a sound thrashing to Mark Steyn and the other participants in a conference on “The Collapse of Europe” somewhere in Florida California. It’s always good to see the racist buffoon Steyn getting fisked, but there’s a deeper point here. What if it was the United States that was threatened by “collapse”?

After all, it is a society that faces some grave problems. Oil-intensity of GDP is surpassed only by China among industrialised economies, meaning that the US has a lot of distance to make up on its competitors on the way towards sustainability. The long-term population shift into Florida and the South-West was famously the result of air conditioning, which doesn’t look such a cracking idea any more. The Western states have always had problems with water, which so far have been coped with. Will they always be, especially with reduced snowpack in the Rockies hitting water supply and hydroelectric generation?

The economy, meanwhile, faces gargantuan twin deficits and a dollar sustained by the conditional support of the People’s Bank of China. In the event of a devaluation, how quickly can resources shift into exporting and import-competing sectors? Gigantic sums – hundreds of billions of dollars – are projected to be necessary to restore the US Army after it finally leaves Iraq.

But perhaps the most worrying feature is the increasingly vicious political polarisation, and its corollary, the increasing efforts each side of the partisan divide makes to withdraw into its own version of reality. We mentioned the re-direction of resources into the tradable sector of the economy, but will those resources be available in a nation of creationist “science” fairs? Solutions like this one aren’t for duffers. More importantly, the same distinction late Pentagon strategists like Thomas Barnett make between the “integrated core” and the “nonintegrating gap” was making itself plain in the US. (What else, after all, does the famous and prescient “United States of Canada/Jesusland” map illustrate?) Can a society include Intel ISEF and the Christian Soda Volcano show without tearing itself apart?

Similarly, exactly the same trends were making themselves felt demographically as in Europe, with a low birth rate among the existing population being masked by immigration, which is bitterly – and violently – resented by some sections of society. Perhaps they realise that, in the long run, immigration only strengthens the remaining outward-looking sections of society. US publicists boasted that Muslim immigrants to the United States were “more integrated” than in Europe, but on closer inspection this simply meant that nothing bad had happened yet.

These problems tested the constitutional fabric to the limit – consider the ugly confrontation between Alberto Gonzales and Thomas Comey by John Ashcroft’s hospital bed. Comey found it necessary to have his FBI security detail ordered to resist Gonzales’s Secret Service guards by force if necessary. By 2007, was it already too late for the United States to avoid its second Civil War? Even though the outbreak of violence on the California-Nevada line was unexpected, the forces that led to it had been around for years, and it is a truism that nobody ever realises it is happening to them until it happens. Hence the scenes of people going about their business as foreign nationals were evacuated on the EU amphibious assault ships.

It is certainly no more ridiculous than “Eurabia.”

Satin Pajama 2007 Banners

Just link to the images or save the HTML below to your server, or, if you prefer, grab a copy of the file and save it on your server.

Banner 1, 137x60px

Banner 2, 137x60px

Banner 3, 88x31px

Banner 4, 200x26px

…David adds: I just noticed Tobias prepared a bunch of banners before he went on holiday. It’s a bit late now, but maybe someone will find some use for them.

Highly charged polonium

“I have today concluded that the evidence sent to us by the police is sufficient to charge Andrei Lugovoy with the murder of Mr. Litvinenko by deliberate poisoning,” [UK] Director of Public Prosecutions Ken Macdonald said, immediately setting off a diplomatic confrontation between London and Moscow.

This of course has gone over like the proverbial heavy-isotope balloon in Moscow, where authorities and lawyers have alternately blustered, denied, denigrated the British court system and pointed to the Russian constitution, which appears to make extradition a dead letter. Still, an EU-wide warrant is likely to follow, and Lugovoy’s travel prospects will surely be limited.

Foreign relations tests will come fast and furious in the early part of Gordon Brown’s term as prime minister…

Business Week loves immigrants

As long as they’re in Spain, that is..

Less snarkily, the article asks the very important question whether this is an answer to the problem of aging populations, and contrasts Spain with Denmark and Nicolas Sarkozy’s election campaign. And it even tackles Edward Hugh’s concerns that the Spanish construction boom may pop with unpredicted consequences.

Meanwhile, Margaret Hodge successfully bears out Barnett’s crack that the British and French are “fearful” on this. The story is here:

At present we prioritise the needs of an individual migrant family over the entitlement that others feel they have to resources in the community,’ Hodge writes. ‘So a recently arrived family with four or five children living in a damp and overcrowded privately rented flat with the children suffering from asthma will usually get priority over a family with less housing need who have lived in the area for three generations and are stuck at home with the grandparents.

‘We should look at policies where the legitimate sense of entitlement felt by the indigenous family overrides the legitimate need demonstrated by the new migrants.

To put it another way, more people should die of carbon monoxide poisoning in Rachmanesque squalor to save Labour/BNP swing votes in constituencies like…Margaret Hodge’s! You can’t begin to guess how much I despise this woman.

Bunkers of the DDR

British urban-exploration geeks report on their tour of a wealth of cold-war and Nazi bunkers in the former East Germany back in 2003. Thrilling and uncomfortable stuff—they were the first to revisit the ultimate DDR fortress, the bunker that was built as an alternate seat of government for Erich Honecker and the rest of the Zentralkomitee. That is merely tankerpunk, of course, but I thought this was very cool indeed..

After many hours beneath the surface, we emerged from the gloom and after thanking our guide, headed off to the next site, nearly 150 miles away, the former East German PTT (Post Office Telecom, basically) satellite uplink station ‘Intersputnik’ at Neu Golm to the south east of Berlin.

The site came into service 1976 as the first (and only) ground satellite station in the GDR. Then part of the integrated international telecommunications network, ‘Intersputnik’, (which has nothing to do with the Sputnik remote transmitter sites mentioned elsewhere in this report) was one of 15 INTERSPUTNIK sites which were in service in 13 countries. These sites used to transmit telephone, fax, TV and data signals. In the Former Times, this site‘s services were also used by the then West German PTT services for satellite links to the Soviet Union, i.e. it was a non-military complex. Later, it used the Soviet satellites Stationar 4 and 5 in geostationary orbit 36,000 km over the equator, but initially used the four Soviet Molniya satellites, which were in a non-stationary orbit, i.e. the dish had to be oriented towards each of the four in turn as they came into view for a 6-hour “period of duty”. The dish could rotate through 360° and was so finely balanced that a 250 W drive is sufficient to rotate it. However, the entire site is now a conference centre, even if the redundant original dish (12 m in diameter and weighing, with its base, 60 tonnes) is still on the roof.

Note especially that Deutsche Telekom shared the installation with the East Germans and the Russians, a fine example of what used to be called the DDR’s secret membership in the EEC, and the difficult moral position the West Germans were regularly pressed into – between doing things that would improve life in the East (but perhaps reinforce the regime) and the desire to put pressure on the DDR leadership.

Team Europe: World Police!

Over at the Small Wars Journal‘s blog, they’re wondering if part of the problem in dealing with failed states, the aftermath of wars, peacekeeping and the like is that it’s nobody’s job to provide a police force, and specifically a real civilian one that does things like investigating crimes.

This was, of course, a bitter problem in the Balkans, and one that was never really solved. To begin with, the job simply devolved on IFOR (and later, KFOR)’s provost units and whatever troops were nearby. Later, a UN police force was constituted for Bosnia, but the less said, the better – arguably it was the source of more crime than it solved, and it was eventually wound up and replaced by an EU police mission. Kosovo was a similarly bad experience.

However, John Sullivan writes, neither the US nor NATO-as-an-organisation have any answers. He praises the EU for setting up a (putative) rapid reaction police force that can call on member states for up to 5,500 cops. And it certainly seems like a task that the EU is suited to, whilst not touching too many of the constitutional pressure points. It’s not specifically military, it’s not “an EU police” although no doubt the Sun would call it one if any of its editor knew it existed, it doesn’t annoy the Poles or Russians specifically, nor does it touch on the subsidy world. It also fits nicely with the wide variety of governmental tasks the EU can take on, alone among international institutions.

Mind you, I have my doubts. European official circles, institutions, thinktanks and so on have been pushing this around the plate since Maastricht without making many decisions. It used to be fashionable enough that NATO also got in on it – I recall a briefing at NATO SHAPE in late 2000 which concentrated almost entirely on enlargement, policing, and civil operations, something borne out by the fact the briefers included a French gendarmerie colonel, a Polish air force officer, and a British civil servant.