Known as the Estonian Cyber war.

Cyber war involves the actions by a nation-state or international

organization to attack and attempt to damage another nation's computers
or information networks

 in 2007 Estonia fell under a cyber attack lasting a total of 22 days. Starting
from April 27 to 18th may.

The attacks were part of a wider political conflict between Estonia and
Russia . In April 2007, Russia-based attackers launched a series of attacks
against Estonian public and private sector organizations.

TYPE OF ATTACK was Denial of Service (DoS) or Distributed Denial of

Service (DDoS) attacks which my teammate just discussed about. Basically
Denial-of-Service attacks focus on making a service unavailable to intended
users.
Weeks of cyber attacks followed, targeting government and banks,
ministries, newspapers and many other Web sites of Estonia. They
Used hundreds or thousands of "zombie" computers and
bombarded Estonian Web sites with thousands of requests every
second, this boosted the traffic far beyond normal levels. Attacker
commanded other computers to bombard a web site with
requests for data, causing the site to stop working. Some web site
were also shut down by the attacker for some time. They also
spammed bigger news portals commentaries and defacements
including that of the Estonian Reform Party website also occurred.
Access to the banks, government agencies website become
unavailable such as Estonian national Web sites, including those
of government ministries and the prime minister's Reform Party.
A flood of junk messages was thrown at the e-mail server of the
Parliament, shutting it completely down.
• The trigger for the event was the Estonian government’s
decision to relocate a monument to Soviet troops. The
monument was Soviet-era World War II memorial from a busy
intersection in central Tallinn to a nearby military cemetery.

• Aside from the cyber attacks, the most notable events

transpired at the Estonian embassy in Moscow. During the
protest they prevented Estonian embassy workers and
diplomats from entering or exiting the building.

• The Russian government issued continues threats to Estonian

officials and institutions in various ways.
• 27 April 2007, Konstantin Goloskov a commissioner from
Republic of Moldova who organized DDoS attacks to Estonia’s
ISP (internet service provider) and governmental websites.

• The demands of attackers that were….Commands of ICMP

(Internet Control Message Protocol) attacks posted to various
boards, blogs and websites in Estonia and also chats on
Russian Internet.

• These commands were later converted into a batch file and

uploaded to this web address below:
“http://fipip.ru/raznoe/pingi.bat
• 30 April 2007, Live journal users and zombie computer
users posted a list of email address of Estonia’s
parliament workers and deputies.

• These posts were urging the users to share the list of

emails and cause multiple letters to the Estonia’s
deputies and officials with “congratulations of the Victory
Day”.

• This action resulted millions of letters being sent to the

Estonian server and led to mail servers mainframe
complete failure for 2 days.
 this is a post containing email
address of Estonia’s parliament
deputies
• between 3 – 9 May 2007, Estonia’s were been attacked with
various tools such as SQL injections which are known vulnerabilities.

• Now what IS an sql injection…..

SQL injection is a type of cyber attack. This is a code injection
 technique used to attack data-driven applications, in which  SQL
 statements which are the coded statements are inserted into a
device and the attacker can  access the information that was
not intended to be displayed.

• The attack heavily affected infrastructures of all network:  Routers

were damaged.  Routing tables were changed.  DNS servers were
overloaded with traffic.  Email servers mainframes failure, and etc.
• Some web sites were Defaced. This is an
examples of Estonian website that was deface
by Russian crackers
• Inoperability of the following state and commercial bodies:
1 The Estonian presidency and its
parliament.
2 Almost all of the country’s government
ministries.
3 Political parties.
4 Three news organizations.
5 Two biggest banks and communication’s
firms.
6 Governmental ISP.
7 Telecom companies.

• Continues attack caused processing and buffer of the system which slowed down the devices.

• Use of bot/zombie effected by botnet effected the performance, response time and resulted
in complete loss of connection.
• Hackers broke into the Web site of the Reform
Party, posting a fake letter of apology from the
prime minister, Andrus Ansip, for ordering the
removal of the highly symbolic statue.

• Attackers can clog not only the country’s

servers, but also its routers and switches, the
specialized devices that direct traffic on the
network. This is shown in this pic in which
attackers have clogged country's server
• Estonia's Computer Emergency Response Team (CERT) acted
as a coordinating unit as they concentrated its efforts on
protecting the most vital resources. They Close down the sites
under attack for foreign internet addresses and users and kept
the sites only accessible to their domestic users. Cutting 99%
of bogus traffic which was originated outside Estonia.

• they Implemented an online "diversion" strategy that made

attackers hack sites that had already been destroyed.

• They Implemented advanced filters to the traffic which is that

Cisco Guard was installed to lower malicious traffic. Cisco guar
is basically a Denial of Service attack mitigation device that
diverts suspect traffic from its normal network path for
cleaning.
• The Estonian ISP Identified and further blocked
the bots from their DNS server roots. And also
ISPs persuaded around the world to blacklist
attacking computers which overwhelm Estonia’s
bandwidth.

• Germany, Slovakia, Latvia, Italy, Spain and many

other countries supported and funded the
computer emergency response team the hub in
the Estonian capital to protect the security.
• Blocked all .ru domains that means….. And also The
president gave up his own website and let them continue
to attack it so that they would not be able to destroying
more critical things.

• The Estonian CERT analyze server logs and data to find out
who is behind the attacks.

• NATO (North Atlantic Treaty Organization)also assisted

Estonia in combating the cyber attacks and has voted to
work with member governments to improve cyber
security.
• The only problem with launching the DDoS and Zombie
attack is that you need to send out the virus first, that leaves
a signal of your IP.

• Once it is downloaded to your zombielike computer which

needs to receive instructions, so the creator of the virus will
send out the target and they start attacking the website by
using up lots of data, in fact too much that it even crashes it.

• But to send out the command you will need to send out a
signal which also contains your IP which has been spoofed.

• CIA and the MI6 tech boffs will have to find the IP of the
attacker that went to spoof the IP for years.