Estonia 2007 Cyberattakcs

Similar documents
Legal Issues / Estonia Cyber Incident

ESTABLISHING A NATIONAL CYBERSECURITY SYSTEM IN THE CONTEXT OF NATIONAL SECURITY AND DEFENCE SECTOR REFORM

Cyber Security & Role of CERT-In. Dr. Gulshan Rai Director General, CERT-IN Govt. of India grai@mit.gov.in

Cybersecurity: Thailand s and ASEAN s priorities. Soranun Jiwasurat

Promoting Network Security (A Service Provider Perspective)

Fighting Cyber Crime in the Telecommunications Industry. Sachi Chakrabarty

CYBER SECURITY THREATS AND RESPONSES

NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA

Country Case Study on Incident Management Capabilities CERT-TCC, Tunisia

Denial of Service Attacks

What legal aspects are needed to address specific ICT related issues?

Information Security Threat Trends

How To Perform A Large Scale Attack On A Large Network

The EU s approach to Cyber Security and Defence

CERT Collaboration with ISP to Enhance Cybersecurity Jinhyun CHO, KrCERT/CC Korea Internet & Security Agency

OVERVIEW BY THE US-CCU OF THE CYBER CAMPAIGN AGAINST GEORGIA

NATO & Cyber Conflict: Background & Challenges

CYBER SECURITY. ADVISORY SERVICES Governance Risk & Compliance. Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts

Distributed Denial of Service Attacks

Intro to Firewalls. Summary

The Importance of a Multistakeholder Approach to Cybersecurity Effectiveness

DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS

Security Incidents And Trends In Croatia. Domagoj Klasić

White Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation

Cyber Security Strategy

Stop DDoS Attacks in Minutes

Keynote: FBI Wednesday, February 4 noon 1:10 p.m.

Enterprise Cybersecurity: Building an Effective Defense

Distributed Denial of Service (DDoS) attacks. Imminent danger for financial systems. Tata Communications Arbor Networks.

TLP WHITE. Denial of service attacks: what you need to know

SUMMARY OF THE ESTONIAN INFORMATION SYSTEM S AUTHORITY ON ENSURING CYBER SECURITY IN 2012

Lith Networking and Network Marketing Safety

Anthony Minnaar Dept of Criminology & Security Science School of Criminal Justice College of Law University of South Africa

Cybersecurity Global status update. Dr. Hamadoun I. Touré Secretary-General, ITU

How To Protect A Dns Authority Server From A Flood Attack

V-ISA Reputation Mechanism, Enabling Precise Defense against New DDoS Attacks

Surveillance and Security Systems

The Hillstone and Trend Micro Joint Solution

Home Security: Russia s Challenges

Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望

ORDER OF THE DIRECTOR OF THE COMMUNICATIONS REGULATORY AUTHORITY OF THE REPUBLIC OF LITHUANIA

Surviving a DDoS Attack

Romanian National Computer Security Incident Response Team CERT-RO.

Data Centers Protection from DoS attacks. Trends and solutions. Michael Soukonnik, Radware Ltd Riga. Baltic IT&T

First Line of Defense

The FBI and the Internet

SPECIFIC TERMS AND CONDITIONS ON THE RENTAL OF A KS (KIMSUFI) DEDICATED SERVER

How To Protect Yourself From A Dos/Ddos Attack

Chapter 11 Manage Computing Securely, Safely and Ethically. Discovering Computers Your Interactive Guide to the Digital World

Protecting critical infrastructure from Cyber-attack

REPORT on the cyber security alerts received by CERT-RO during 2013

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

Denial of Service Attacks, What They are and How to Combat Them

TDC s perspective on DDoS threats

Tunisia s experience in building an ISAC. Haythem EL MIR Technical Manager NACS Head of the Incident Response Team cert-tcc

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam

Why Device Fingerprinting Provides Better Network Security than IP Blocking. How to transform the economics of hacking in your favor

Firewall Architecture

DDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT

Complete Protection against Evolving DDoS Threats

Stop DDoS Attacks in Minutes

Zscaler Internet Security Frequently Asked Questions

Cyber Security and Critical Information Infrastructure

ASEAN Regional Forum Cyber Incident Response Workshop Republic of Singapore 6-7 September Co-Chair s Summary Report

Defending Against Data Beaches: Internal Controls for Cybersecurity

DNS amplification attacks

Public Private Partnerships and National Input to International Cyber Security

Keynote. Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation.

Kaspersky DDoS Prevention

REPUBLIC OF LATVIA MINISTRY OF DEFENCE NATIONAL ARMED FORCES CYBER DEFENCE UNIT (CDU) CONCEPT

Into the cybersecurity breach

STATE OF CYBER SECURITY IN ETHIOPIA

the Council of Councils initiative

Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM

Security Threats on National Defense ICT based on IoT

DDoS Attacks Can Take Down Your Online Services

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

As global mobile internet penetration increases the cybercrime and cyberterrorism vector is extended

Michael Yakushev PIR-Center, Moscow (Russia)

Impact of Alleged Russian Cyber Attacks

Korea s experience of massive DDoS attacks from Botnet

Who s Doing the Hacking?

Roles and Responsibilities of Cyber Intelligence for Cyber Operations in Cyberspace

Transcription:

Estonia 2007 Cyberattakcs 2010

Agenda Background April 2007 What is cyberattack Estonia as an information society Cyberattacks Protection measures used Lessons learned What are we doing - measures

Background 1939 Soviet military bases were placed on the territory of Estonian Republic 1940 Estonian government was replaced 1940 Estonia joined (was forced to) Soviet Union 1941 1944 Nazi occupation 1944 Soviet army entered Estonia Second period of Soviet occupation started 1991 Estonia restored it's independance

Background For 46 years of occupation the population structure changed Descendants of citizens of Estonia Descendants of Soviet peoples Understanding of 1944 is different One occupation changed to another Liberation from nazi occupation

Backround

Background The Bronze Soldier was considered to be: The monument for occupants The monument for liberators of Tallinn

Background The Bronze Soldier as identity symbol

April 2007 Problems with the Bronze soldier: Both sides had extremists The statue was located in the very center of the town There had been conflicts already Real danger of violent clashes The Estonian government decided to move the monument to cemetery

April 2007 To defend the Bronze Soldier the night guard was organized

April 2007

April 2007

April 2007 Monument in cemetery

Cyberattack Types: Dos DDos Defacing Spamming Breaking IT infrastructure components DNS Routers

DoS

DDoS

Botnet

Botnet Computer networks owned by criminals: Overtaken by use of viruses Located all aver the world (18M computers in conficker botnet) Used for illegal purposes Rented for illegal use

Routers, DNS

Estonia as an information society State to citizen services eesti.ee Law and enforcement services Identification Permits, permissions, documents Economic services Banks (98% of transactions), insurance Medical services E-health, health insurance Recipes All of them are based on public key infrastructure (ID-card)

Estonia as an information society Citizens are dependent on IT services Law and enforcement relies on IT services State procedures rely on IT services

Attack phases Emotional phase - 27 th to 29 th of April Main attack Wave 1-1 st of May Wave 2-9 th to 11 th of May Wave 3-15 th of May Wave 4-18 th of May

Attack targets Internet infrastructure servers and equipment Government and political targets Private sector services Personal and random targets Critical infrastructure objects (transport, energy) were not targeted

Emotional phase Mainly DoS and defacing

Emotional phase 1 ISP down

Emotional phase

Emotional phase

Emotional phase

Emotional phase

Emotional phase

Main attack 4 th to 10 th of May

Main attack

Main attack Botnets were used DDoS was used Proxies, to hide the origin, were used Geography of attackers includes 178 countries DNS and routers were attacked Temporary disruptions Government e-mail servers were attacked

Technical countermeasures Phase I Phase II bandwith was increased (several times over normal) Incoming traffic was reduced IP address ranges were blacklisted Soft- and firmware were patched Attack patterns were used for filtering Some servers were configured to lightweight mode, i.e. static content

Organisational measures 30.04 informal national crisis committee was formed (ISPs, telcos, banks, intelligence, police, CERT) Network organizational structure (no single point) Real time communication Border control Zoning Readiness for lights out Connections to intelligence Calm down Estonian hackers

Organisational measures 02.05 corrections Keep population informed and calm No lights out At any costs keep running Milk, bread and gasoline Newsfeed to people

What helped us cert.fi Realtime communication Media attention Political attention NATO call for 'urgent work' against cyberwarfare Merkel's calls to our prime minister and to mr. Putin

Lessons learned Laws are inadequate concerning cyberworld Some need additions Some need to be done Critical ICT infrastructure needs to be defined Plans for emergency actions need to be prepared beforehand Cooperation and communication between public and private sector cyberdefense experts should be maintained

Measures Widening the scope of criminal law Adopting Cyber Security Strategy Defining critical IT infrastructure Emergancy law Including defense plan for extensive cyberattacks Developing virtual situation room, lead by CERT Cyberdefense Guard Staff training on e-voting Cooperation with US National Guard Cybersecurity Unit

Golden Soldier

Danke. jung@smit.ee

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information