Russian Hide-and-Seek with Routers

So what exactly happened with the allegedly Russian-orchestrated DDOS attack on Estonian Internet interests? Some people have been talking about the first act of “cyberwar” against a sovereign state, others about a bizarre fuss about nothing. AFOE asked Gadi Evron, a world expert on botnets who runs Israel’s CERT and who took part in the international response effort, exactly what was going on.

How large was the DDOS attack on Estonian interests? How many different sites were targeted?

The DDoS attacks themselves were relatively small compared to some
past attacks we have seen, such as those on the root servers, but it
was significant for them and their infrastructure.

2. EE-CERT was presumably the first responder. How did other CERTS and agencies get involved, and what support did you/they provide?

There were 4 CERTs from Europe (Finland, Germany and Slovenia) who
helped directly with the response outside of Estonia, serving as an
escalation point for reporting attacking sources outside of Estonia.
I was there to help in whatever was needed, and later was also asked
to write a post-mortem of the attacks and defense for the Estonians,
covering preparedness for the next time.

Inside the country what saved the day was close coordination between
the CERT, ISPs, banks, etc. who all responded in semi real-time and
helped each other out.

3. Did the attackers attempt to compromise network infrastructure, or just end hosts?

They mostly left the network infrastructure alone, however, one
misconfigured router was attacked directly and another couldn’t take
the stress.

4. How much disruption was actually caused?

Considering Estonia is more advanced than most of us (they even held
the last elections online) the impact of the attack was significant
with some down-time for the banks, government sites, etc. It could
have been more serious, but while their Internet infrastructure as a
quiet country was not prepared for such an attack, the response and
mitigation worked for them. They stood the risk of losing their
ability to buy gas, for example, and for a short time, they did.

5. How unusual were the mitigation techniques used – just BCP38 etc, or spookier?

The fascinating thing is that in Estonia BCP38 is considered best
practice and implemented widely, which likely prevented some more
mess. As to mitigation, it ranged from basics such as using mitigation
devices to extremes such as blocking connections to certain networks
from abroad. Nothing any of us haven’t done before ourselves, however
mundane or extreme.

6. What fraction of the traffic came from within Russia? Or was it typical botnet activity, globally distributed?

The botnet traffic was distributed globally, with some of the botnets
being bought. However, many of the attacks were not by a botnet, but
rather by a mass of home users using commands such as ping to manually
attack Estonian sites. As they coined in Estonia, this was a riot, and
not just in the streets. Many different Russian-speaking forums and blogs (the Russian
blogosphere?) encouraged people to attack Estonia using crude commands
or simple tools. Others used more advanced techniques.

7. What was the role of ENISA?

“Who?”

8. Did the attack attempt to compromise/darkout other Internet-connected systems?

What other systems? Sorry, I don’t follow.

“Other systems” here was intended to mean such things as telco networks, embedded control systems, and the like.

Telco’s were affected for sure, as they hosted or were transit. There
was no attack on control systems that I know of, but the Internet is
critical infrastructure enough. The civilian infrastructure proved to
be more critical than any SCADA system.

Thanks!

Chirac has a transient dishonesty malfunction

Everyone’s now blogged about Jacques Chirac’s unexpected remarks about Iranian nuclear weapons.

But I think there may still be some angular momentum to be had. Chirac stated that, should a hypothetically nuclear Iran launch a nuclear weapon, Tehran would be destroyed before it had gone 200 metres. This is a pretty basic statement of nuclear deterrence, with the further point that in a sense, having one or two nuclear bombs makes you weaker than having zero nuclear bombs but the capacity to make them. Once you fire the one bomb, you have no further deterrent, and you’re definitely going to be nuked.

Quite a range of powers have credible deterrence against Iran – there’s the US, obviously, Israel, obviously, but less obviously France, Britain, Russia, India, China, and Pakistan. So, Chirac argued, the real danger wasn’t so much from a North Korean-style couple of bombs, but that this would lead to a nuclear arms race in the Middle East, with Saudi Arabia and possibly Egypt also rushing to obtain nukes as a counterdeterrent. (In yesterday’s Libération, Francois Heisbourg, the director of the IISS, restates this point adding Jordan to the list of presumed possible proliferators.)

He was of course right. Saudi Arabia has been quietly and consistently making noises about nuclear bombs for years, and it has close military-to-military ties with Pakistan. Some say Saudi money financed the Pakistani bomb project, and alone among nations they are in a position to actually buy the bomb. Egypt would probably see a Saudi bomb as unacceptable, and start using its own considerable scientific-technical establishment to work on going nuclear. (Chirac saw this differently – he suggested rather that the Saudis would finance Egyptian efforts – but I doubt this due to the historic competition for Arab leadership between the two states, and the Pakistani option.) Gah.
Continue reading

So what does the US *really* think of EU defence?

Getting away from the eternal baboon threat displays and absurd disinformation for a moment, what do we know about EU and US defence? The lazy/cowardly/decadent/anti-imperialist Euros refuse to do anything, spend any money, or fight, and the US is permanently and increasingly stronger, right? Let’s see what the professionals think. The latest issue of Parameters, the journal of the US Army War College’s Strategic Studies Institute at Fort Carlisle, is out and it’s a special on Europe. (Mmm, a treat.)

Stephen J. Coonen writes that the EU’s efforts in the security arena should not be seen as competitive with NATO, but complementary and providing means to act if NATO does not – something which cannot be overemphasised enough, in my opinion. He assesses EU and US capabilities and concludes that the power gap is small, and specifically concentrated in a few areas such as strategic airlift and satellite reconnaissance. He argues that “sound plans” exist to reduce the gaps, for example, the NATO C-17 purchase and the SALIS project, which jointly leases Antonov-124 aircraft to support NATO and EU-RRF operations, the Anglo-French Stormshadow missile and more (see note 29, if you’re like that, or for a more sensational argument read all about France’s latest ICBM test).
Continue reading

No to Non-Euro NATO Bureau

For some reason, there is hardly ever any NATO coverage on this blog, despite the fact it’s the other pan-European institution. The Euro-Atlantic alliance is having a summit next month, to be held in Riga. Now, one of the main topics for this gathering is the long-running one of adapting NATO to challenges other than that of defending the North German plain from the Red Army. Role-of-the-week is, of course, fighting terrorism. A wider view might point out that the so-called “emerging security threats” predate the War On Terrorism, and that many of the capabilities required for “fighting terrorism” abroad are equally applicable to regional peacekeeping or even expeditionary warfighting.

Anyway, it’s long been thought in some circles that NATO’s radius of action ought to be increased. During the Cold War, NATO was quite intimately connected with other Western allies outside the North Atlantic, both via the Americans and also other multilateral mechanisms. The overlap between NATO, the EU, and other security communities and economic areas has often, then and now, been seen as a sort of “community of democracies” or (as Raymond Aron put it) “world of order”. On the other hand, E.P. Thompson savaged what he saw as a sick complacency in the face of nuclear dread and capitalist exploitation on the part of the “Natopolitans” in an article entitled Inside the Whale, and today’s rabid right wants to have a “Democratic Union” made up of NATO and EU states, Japan, India and Australia – but not France, naturally. NATO, meanwhile, has expanded in Europe and taken on a mission to Afghanistan, which is well out-of-area in NATOspeak.

The latest proposal was supported by the US and UK, and foresaw regular bilateral meetings between NATO and allied states outside Europe, with a shortlist of Australia, New Zealand, South Korea and Japan. In a sense, it would have brought a sort of “secret NATO” or “virtual NATO” into the tent – the UK, Canada, New Zealand and Australia have separate alliances among themselves and with the US, including the UKUSA, CAZAB and Echelon intelligence cooperation agreements, ANZUK and ANZUS.

So what happened?
Continue reading

Why reform has become a dirty word.

This anniversary guest post was written by the indispensable Jérôme Guillet, who normally writes for The European Tribune.

Laurence Parisot, the head of MEDEF, the French business
organisation, recently complained that:

There is one word who meaning for the public has changed in the past 25 years: “reform”. It used to be synonymous with progress, and now it means social regression.

One wonders why. Or not. As I’ve written incessantly over the past year at European Tribune (for instance here), “reform” has come to mean only one thing: less regulation of corporations, lower wages, fewer rights for workers, and weaker unions, i.e. the elimination of anything that can impede corporations’ freedom to make profits in the short term.
Continue reading

Vienna: The End of the Beginning

So the latest round of talks on Kosovo begin in Vienna today.

There have already been seven rounds of talks since February. The result: the two sides have utterly failed to reach any agreement on anything whatsoever.

But this is not just an eighth round. No, this is a new “phase” of the talks. Now, instead of special negotiating teams, the political leadership of both Kosovo and Serbia will be coming in. On the Serb side will be President Tadic, Prime Minister Kostunica, and Foreign Minister (sort of) Draskovic. On the Albanian side, President Sejdiu and Prime Minister Agim Ceku will lead a team that includes representatives from all major Albanian political parties.

What will this accomplish?

Almost certainly nothing.
Continue reading

Flexicurity – a working model for Europe?

Before moving in to the nitty-gritty of flexicurity; what it is and whether it can work as a universal European labour market model I should take the time to thank the AFOE team for allowing me a spell as a guest-writer here at the blog in the coming two weeks. In terms of presentation my name is Claus Vistesen and I am a Danish student at the BLC program at Copenhagen Business School. For further info I invite you to visit my personal blog Alpha.Sources, which deals with a wide range of topics of my interest.

There is a lot of talk and flurry at the moment about labour market reforms in Europe, notably in France, but also Germany has been struggling with how to reform the labour market and here as well as here.

Looking to the north we find the Nordic countries who seemingly have the best of two worlds; low uemployment coupled with a high degree of security but what is it exactly that the Nordic countries are doing, and could others potentially follow their example?
Continue reading

Burn your hard drives.

The day is approaching fast (likely the release date of Microsoft’s next version of its Windows operating system, called Windows Vista) on which a so-called trusted platform module on your computer’s motherboard will be able bar you from accessing the data on your computer, or at least bar you from doing with it what you want to do, if what you want to do does not comply with the rules embedded in it.

This is on the one hand a consequence of the entertainment industry’s global strategy to reduce the utility of their products to be able to command higher prices for them, and on the other an attempt to increase the security of data on a computer – in case you would not be able to access your files, it would be rather certain that no one else would be either.

Well, don’t be too sure.
Continue reading

The battle of Wobbly Knee: Dutch troops in Afghanistan

The Netherlands is talking about sending an additional 1,200 troops to Afghanistan’s Uruzgan province. The Dutch already have 540 people working in Afghanistan under the umbrella of the ISAF (International Security Assistance Force) peace mission and another 674 under the umbrella of Operation Enduring Freedom. For other Dutch international deployments look here.

Why is it hard for the Dutch to finally make good on a promise their government made back on December 22nd 2005?
Continue reading

Breaking The Seals

Leafing through the comments on Brussels Gonzo’s last post, I can’t help getting the feeling that this news about Iran’s decision to resume its nuclear programme may well serve to focus our energy debate a little.

Britain yesterday vowed to report Iran to the United Nations Security Council, intensifying diplomatic pressure over Tehran’s nuclear programme.

Responding to Iran’s decision to resume limited uranium enrichment research, Tony Blair, the UK prime minister, told parliament: “I think the first thing to do is to secure agreement for a reference to the Security Council, [if] that is indeed what the allies jointly decide, as I think seems likely.”

British, French and German foreign ministers meeting in Berlin on Thursday are expected to call for an emergency session this month of the International Atomic Energy Agency, the United Nations’s nuclear watchdog, which would then discuss a referral of the dispute to the Security Council.