Some details from TERENA on how various CERT teams throughout Europe are helping Estonia deal with the ongoing attacks against its Internet infrastructure as a result of civil unrest. It is a great example as to how the information security community can work together to tackle Internet crime.
“A prolonged and large-scale denial of service attack on Estonia’s websites continues to be fended off thanks to the support of Computer Security Incident Response Teams (CSIRTs) based in various countries.
The attacks have been perpetrated as part of wider civil unrest after Estonia relocated a statue of a Soviet Russian soldier at the end of April. The CSIRTs have been helping to defend Estonia’s public and government websites since Thursday, 3 May, when Hillar Aarelaid of the Estonian incident response team CERT-EE joined the delegates at the TERENA Task Force meeting TF-CSIRT in Prague.Mr Aarelaid made an impassioned plea to the gathered security experts after explaining that the attacks were crippling his country’s Internet activities. In response, the Task Force chairman, Gorazd Boži? of ARNES (Slovenia), sent out a request for assistance to TI Accredited Teams and FIRST Teams, and within 24 hours the situation was immensely improved.However, during a telephone conversation with TERENA staff on Thursday this week, Mr Aarelaid said that since Tuesday May 8th the attacks had escalated again, with a wider range of websites and services now coming under increasing fire. “If you have lost government sites, newspaper sites, bank sites and so on, it’s quite awful,” he said.Sounding remarkably cheerful despite the situation, Mr Aarelaid expressed enthusiastic thanks to TERENA and to his CSIRT colleagues around the world. “They’re all still helping,” he explained. “I really appreciate every single team that has been working with us”.”
Update 17th May 2007
A number of news sources (The Guardian “Russia accused of unleashing cyberwar to disable Estonia” and “Estonia and Russia A cyber-riot”) are claiming that the above attacks may be originating from Russia with some state sponsorhip behind them. Russia denies these accusations while NATO is quoted to be concerned over the level and sophistication of the attacks.
Arbor Network show some interesting analysis of traffic relating to the above attacks on thier Blog.