Peter's Technology Trumpet : Security

Web World Order and the Baltic Border

SmallCountry — Wed, 13 May 2009 13:30:08 GMT

With global recession in the foreground threatening ruin for many in the developed World, it’s easy to forget other clear and present threats to commerce, society and our way of life.

However, the growing threat of vandalism, crime and even espionage perpetrated using computer and network systems should certainly be higher up the agenda of your average UK citizen.

Whilst prioritising the global war on terror, western countries have generally been poorly prepared to defend against the growth of organised Internet crime. Cyber Warfare and online terrorism are even more disturbing prospects as, in our increasingly connected world, computer and network systems we all depend on can be penetrated wreaking widespread havoc equivalent to any violent terrorism.

In 2007 the world saw the first Cyber-attack on a sovereign state in the form of small EU member Estonia. A diplomatic spat with its powerful neighbour Russia quickly evolved into concerted Internet attacks including massive SPAM attacks on government email servers, distributed denial of service (DDoS) attacks on key Internet banking sites, and hacking/defacement of significant websites such as the ruling political parties homepage.

In 2008 as the Russian military annexed the province of South Ossetia, a co-ordinated cyber-attack blocked key Georgian Government websites.

Whilst there was evidence that these attacks were Russian orchestrated, as any Internet security expert will tell you, the use of Botnet's and Zombies around the World makes the ultimate source of attacks almost impossible to identify. The Kremlin, with Litvinenko-esque brass neck, denied all involvement.

Whilst the plight of small nations in Eastern Europe is of some concern here in Scotland, its worth remembering that the World Order is generally shaped by those nations and organisations with access to new weapons technologies and military strategies. Consider the 2^nd World War - Superior German tank technology and mastery of armoured warfare allowed the Nazi powers to quickly “Blitzkreig” across Poland in 1939 despite stronger Allied forces. The deployment of the nuclear fission bomb in 1945 ended this war and defined World order for the next 45 years.

Even now, the world order is largely subservient to the United States, whose economic powerhouse allows it to deploy more aircraft carriers and accurate, high speed projectiles than any other nation. Whilst this could be considered reassuring to the national security of its close ally the United Kingdom, it seems likely that future international power struggles will feature the Cyber battlefield as an important theatre of operations, and those nation-states with mastery of its weapons and techniques will prevail.

The USA’s new administration is aware that economic might and ocean borders cannot defend from cyber security threats. The Pentagon recently revealed it was on the back foot with cyber attack damage limitation costing $100M in last 6 months alone. The Wall Street Journal reported last month that Chinese and Russian spies had penetrated the U.S. electrical grid to leave “sleeper” software which could be used to disrupt key infrastructure.

Again, the embassies of both countries vehemently denied any knowledge of this. It is extremely difficult to trace and prove the identity of an attacker, and therefore nigh on impossible to prove whether an attack is government sponsored. However, the league table of malware producing nations show that China and Russia together are responsible for well over half of the Internet’s spyware and malicious code.

No surprise then that since election Barack Obama earmarked $335M for private and public sector cyber infrastructure, not including any secret funding for the National Security Agency, and is about to appoint a cabinet level “cyber-czar”.

Finding the perpetrators of Internet crimes and aggression is notoriously difficult and requires painstaking detective work. The conviction in May of 8 men on child pornography charges in the High Court at Edinburgh, following a long, multi-agency investigation codenamed Operation Algebra and a 10 week trial, was only possible because of the dedication of Lothian and Borders Police, and the aid of leading edge techniques made available by academia and Microsoft.

As many nations wake up to the need for improved Cyber defences, tiny Estonia has emerged as the worldwide leader in the field.

Estonia is possibly the most switched on of the EU countries in terms of penetration of paperless government, web-based banking and ambitious plans for country-wide WiMAX networks. Whilst 2007’s Russian internet attacks were underway the Estonian government called in the top Internet security spooks from NATO, US Security agencies and elsewhere.

Subsequently the Co-operative Cyber Defence Centre has been established in Tallinn as the NATO centre of excellence for this key area of defence. The U.S. Secretary of defence Robert Gates announced the USA would join the Cyber Defence Centre as a sponsor. And just last week, Shawn Henry the FBI Assistant Cybercrime Director revealed that the he would be basing his top cybercrime agents in the Baltic State.

Meanwhile it seems that the UK is waking up to the threat and will take some steps to consolidate responsibility for the cybercrime remit currently spread across multiple agencies. David Davis, the shadow Home Secretary, announced that the Conservatives would follow Barack Obama’s lead and appoint a Cabinet-level CyberSecurity Minister if elected into Governement.

Likewise, the Commons Defence Comittee trip to Estonia’s Cyber Defence Centre in April suggests that the UK will be next to join the Americans in the Cyber defence trenches at the Baltic Border.

Baiting the Bear and Zapping the Zombies

SmallCountry — Tue, 29 May 2007 18:59:50 GMT

The internal affairs of the small Baltic republic of Estonia hit the global news headlines in April when its ethnic Russian minority rioted in protest of the removal of a Red army war memorial.

As a resident of another small country, I know that the weight of history can cause a difficult relationship with a more powerful neighbor. But Culloden was 350 years ago - for some ethnic Estonians the demise of the 1st Estonian republic and mass deportations following the 2nd World War are still within living memory. (Disclaimer: Regular readers of this column will know that as Mrs Ferry hails from Estonia, I may express some bias.)

The Kremlin's response to these events bordered on the sinister, with threatened sanctions and a failure to defend the Estonian embassy in Moscow against pro-Kremlin youth groups. Its all a bit scary for a country of 1.3 million people positioned next to the Kremlin's military might, which perhaps Estonian PM Andrus Ansip should have considered before he started baiting the Russian bear by removing the statue of the Red Army soldier.

Meanwhile back in the UK the Baltic political situation is of some interest to any follower of international news, but more significantly we may just have witnessed the first CyberWar on record. By mid-May it became apparent that Estonian government, media, email and commercial web servers were under a deliberate and targeted attack. These took the form of massive spam attacks on government email servers, distributed denial of service attacks on key Internet banking sites, and hacking/defacement of significant websites such as the ruling political parties homepage.

Estonia is possibly the most switched on of the EU countries in terms of penetration of paperless government, web-based banking and ambitious plans for country-wide WiMAX networks. So the Estonian government considered this a substantial threat to national security, and didn't take long to call in the Internet security spooks from NATO, Israel and elsewhere. The attacks peaked around the time of the Russian Victory Day public holiday on May 9th. The most damaging attack was probably on national bank Hansapank's website, which was forced to shut down for an hour - and for a week or so afterwards, I found that along with all foreign IP addresses, I had been blocked from their Internet banking site - a simple but effective line of defence. The skills and preparedness of Estonian companies, their IT security experts, and the swift response of international partners were all instrumental in avoiding more serious consequences.

Whilst there was some evidence that these attacks were Kremlin sponsored, as any Internet security expert will tell you, the use of Botnet's and Zombies around the World makes the ultimate source of the attack almost impossible to identify. But its clear that this was an orchestrated and organised attack, and was a highly successful terrorist attack on a sovereign state. The Kremlin has denied all involvement, but conspiracy theorists will point the finger at Putin following the Alexander Litvinenko affair. And now there is even now some evidence of counter-attacks from Estonia

What this situation has graphically illustrated is that IT Security is no longer an issue which is only important to Chief Security Officers and IT Security propeller-heads. Scotland's top technology journalist Bill Magee pointed out that "CORPORATE Scotland [...] could be hit by exactly the same sort of cyber criminal attack that brought state and commercial website systems crashing to a halt"

Here in Microsoft Scotland, we continue to invest in our network of Partner companies with the Security Solutions competency. These companies have proven skills and experience in design and deployment of the security infrastructure, policy and tools. With the availability of Forefront Client Security, Microsoft is unique in providing a comprehensive line of business security tools which can help Corporate Scotland establish robust Internet defenses.

Only with the right partners, skills and tools will we keep the zombies at bay.

Link to The St. Petersburg Times - Top Stories - Estonian Claims Kremlin Behind Attacks on Web Sites

Link to Scotland Warned of attack by Zombies