When Cyber Terrorism Becomes State Censorship

One year ago, hundreds of thousands of bogus requests for information poured into Estonia's data networks, knocking government, media and banking Web sites offline. Local officials were quick to point fingers at the Russian government, declaring Estonia the first victim of cyber warfare. Now, a year of analysis has shown that it was nothing so straightforward.

The difference between government-sponsored attacks and grassroots cyber terrorism is growing increasingly fuzzy, even as researchers try to sift through who did what on Estonia's Web. And the difficulty of tracing responsibility for even massive cyber attacks suggests that such maneuvers may become an effective tool not just for indiscriminate vandalism, but also for stealthy cyber censorship.

In the case of Estonia, security researchers agree on few details. Some have traced the attack to machines housed in the Kremlin. Others counter that those sources were likely PCs hijacked by hidden software, along with the majority of computers used in the attack.

In Pictures: Cyber Attack Hot Spots

Ivar Tallo, Estonia's director of eGovernance, now calls the event a mass "cyber riot," and has discounted theories about the involvement of the Russian government. Cambridge researcher Ross Anderson attributes the entire event to a single individual: 20-year-old Dmitri Galushkevich, who was the only person to be convicted for the attacks. Still another investigator, Rafal Rohozinski, a researcher with the SecDev Group, argues that he sees signs of government sponsorship in the malicious traffic. He points to armies of hijacked computers that started and stopped attacks in exact coordination after one-week periods, implying they'd been rented.

All that murky information may itself be a lesson, says John Palfrey, a researcher at Harvard Law School's Berkman Center for Internet and Society. Estonia shows that a political cyber attack can have widespread influence even while the perpetrators remain anonymous.

Because so-called "distributed denial of service" attacks use armies of thousands of unwitting PCs corrupted with invisible software to send fraudulent requests for information at Web servers, an attack's source is often hidden by several layers of redirected commands. That means it can become a deft form of information control for governments, says Palfrey. "To prove a distributed denial of service attack is virtually impossible," he says. "All you can say is that a large number of incoming requests brought a site down at a crucial moment."

Palfrey says that the tactic is increasingly used by political movements or authoritarian regimes to shut down the sites of advocacy groups or opposition parties at a key instant. Russian opposition party leader Gary Kasparov's Web site, for instance, was taken offline by a two-week denial of service attack in late December in the midst of the Russian presidential campaign. Ukrainian president Victor Yuschenko suffered a similar attack two months before, which was met with a retaliatory attack on the Party of Regions, a group opposing Yuschenko.

In the past year, Palfrey says, several other organizations have been struck with stealthy attacks before major events including protests or elections, but have avoided publicizing the incidents to avoid further retaliation.

A more vocal victim is Radio Free Europe. Last month, the U.S.-sponsored Web radio site suffered distributed denial of service attacks that knocked out eight of its sites in languages ranging from Belarusian to Tajik. The attacks were timely: Radio Free Europe was planning coverage of protests by Belarusian opposition groups on the 22nd anniversary of the Chernobyl, hoping to highlight the lack of compensation for victims of the nuclear disaster and the Belarusian government's plan to build a new nuclear reactor. That broadcast was cut off by a flood of traffic that reached 50,000 fraudulent requests for information per second at its peak.

The site's administrators say they suspect the regime of Belarusian leader Alyaksandr Lukashenka, but haven't come to any conclusions. "It was hugely distributed," says Radio Free Europe spokesman Martin Zvaners. "The nature of these things is that they come from all over the place at once."

All these incidents of Web sabotage, says the SecDev group's Rafal Rohozinski, are what he calls "just-in-time" censorship. Instead of filtering the Web to block citizens from accessing controversial Web sites, as countries like China and Pakistan routinely do, an untraceable attacks pulls the offending site off the Web temporarily at a key moment. Unlike typical Web censorship, that tactic avoids any trace of government involvement.

While Rohozinski and other researchers argue that this subtler form of censorship is on the rise, traditional Web filtering isn't going away. According to the Open Net Initiative, more than 50 countries around the world block their citizens' access to portions of the Web the governments deem politically or culturally undesirable. In September, Myanmar went even further. During the government's crackdown on a monk uprising that opposed its military junta, the country cut off its Internet connection altogether. (See "Myanmar Blackout.")

Myanmar's digital blackout lasted only a week, a fact some researchers take as evidence that extreme Web filtering is too difficult and politically embarrassing for governments to keep up for long. (See "Myanmar's Net Curtain Begins to Lift.") The "just-in-time" censorship taking place in the former Soviet states and Eastern Europe, on the other hand, is nearly invisible, says Ron Deibert, a professor at the University of Toronto and director of the Open Net Initiative.

Deibert suggests that the Internet needs a series of watchdog groups to monitor and trace denial of service attacks--the digital equivalent of the systems of sensors built to detect underground nuclear tests around the world. The Open Net Initiative, he says, would be a good starting place for that monitoring network.

Without those safeguards, Deibert worries that state-sponsored cyber attacks--which typically enlist grassroots supporters--have the potential to spin out of control. He believes the attack on Estonia, for instance, may have begun with modest government encouragement but grew into a blitzkrieg as patriotic hackers joined the attack. "Once this is seen as a legitimate tool for state actors, it will have very drastic results," he says. "It's like a cyclone in cyberspace. Someone hires a few hackers, and the attack can take on a life of its own with consequences far greater than those intended."

Reprodução de: https://www.forbes.com/2008/05/14/cyberattacks-terrorism-estonia-tech-security08-cx_ag_0514attacks/?sh=4c05adbd822d'