Original source URL: http://www.alternet.org/stories/52891/ Hysterical Western Media Hype Flimsy Cyber War Against Estonia By Mark Ames and Alexander Zaitchik, AlterNet Posted on June 2, 2007, Printed on June 2, 2007 http://www.alternet.org/story/52891/ There's been a lot of bleating in the West lately about Putin stomping on the last remnants of Russia's free press, but after witnessing Western coverage of last month's cyber-attacks on the websites of Estonian banks and government offices, it's hard to say how the Western press is superior or even much different from the sleaziest Kremlin mouthpieces. By now everyone and their iGrandma is quaking in their workstations over reports of "the world's first massive cyberstrike by a superpower on a tiny and almost defenseless neighbor," as Newsweek delicately described the attacks. Most outlets' versions were slightly more subtle, emphasis on "slightly." For example, this May 17 ABC News lead paid minimum lip service to journalism ethics: Estonia: Ground Zero for World's First Cyber War? By Tomek Rolski It didn't take long for the problem to be diagnosed as a cyber-attack by another country or a very well-organized entity. While no one at this stage will point blaming fingers at any one country, Estonians have little doubt that it's Russia taking revenge. But some were willing to point "blaming fingers." Multiple, throbbing, blaming fingers. For the Washington Post, the story worked like a megadose of Cialis. The daily published not one, not two, but three denunciations of "Kremlin cyber-attacks on official Estonian websites," in the words of Post opinion page editor Fred "Bomb Iraq Now!" Hiatt. And who could possibly suspect the Estonians of being the world's biggest cyber-bullshitters? What motive could the poor beleaguered Estonians possibly have for hyping the storyline of a Kremlin plot? Everyone knows that the Russkies are liars, but the Estonians? They're so cute 'n cuddly and vulnerable! And they all bank online! If Estonia was in fact the victim of a Kremlin-coordinated attack, as Tallin first suggested and many reporters took on faith, then the cyber-assaults represent a serious incident indeed. Estonia is a member of NATO, and according to Article V of the NATO charter, alliance members, including the United States, are obliged to respond to an attack on a member state. While NATO doctrine is not clear on whether cyberwar constitutes a trigger for Article V -- or even what constitutes cyberwar -- to bring up collective security and Kremlin aggression in the same breath has dead-serious implications. And so it gave us pause when the Washington Post editorialized against "Russian President Vladimir Putin's Š flagrant if novel aggression against a peaceful state." That the attacks were neither flagrant nor novel didn't slow down Post/Slate columnist Anne Applebaum, who a few days after the Post editorial all but expressed disappointment that U.S., British and German forces weren't already carving up their occupation sectors in Smolensk, Pskov and Vologda. Applebaum admits that while the perpetrators of the cyber-attacks "aren't exactly unknown, their identities can't be proved, either." It's sort of like a known unknown that's really a known known. But even though their identities "can't be proved," Applebaum is quick to raise the specter of Article V, slamming what she considers NATO's slack response "despite the alliance's treaty, which declares that an armed attack on one of its members is 'an attack against them all.'" "Armed attack," Anne? It wasn't just usual suspects like the Post and the U.S. networks that jumped on the Kremlin cyberwar bandwagon. Even the Guardian included the cyber-attacks in an editorial litany of Russian polices toward Eastern Europe, taking for granted a Kremlin connection and thus raising disturbing questions about the appropriate NATO response. But what if Estonia's original claims of Kremlin involvement are wrong? What if the Western media swallowed a hook that made no sense? What if, say, the Washington Post wrongfully accused a country of aggression, suggesting America and its allies should respond with vigor, even if the case against that country "can't be proved"? Surely the Post had learned its lesson from the WMD fiasco, when it pushed incessantly for Bush to attack Iraq on the basis of unproven claims of WMD stockpiles and programs. No way would the Post, or the rest of the media, make that same mistake twice! We decided to do what journalists are supposed to do in a story this serious: We called up some cyber experts who don't have Estonian last names and aren't "unnamed NATO sources." What we wanted to check was Estonia's "evidence," which consisted of a list of IP addresses of the computers that bombarded and shut down their sites, including one IP address in the Russian presidential administration. Would an official Russian cyberwar against Estonia leave that kind of trail? And if Russia launched a cyberwar, would it really consist of something as obviously geeky and easy as flooding a handful of sites into temporary shutdown mode? "That would be stupid," was the assessment of a Finnish cyber security expert named Mikko Hypponen. According to him, fake IP addresses are a routine part of any hack attack anywhere in the world, and that, if the Kremlin really wanted to mess with Estonia's e-infrastructure, it would have done much more than send forth a few waves of annoying spam tsunamis. Hypponen, chief security officer for F-Secure in Helsinki, added that it was highly unlikely the Kremlin would use its own computers, as Tallin originally claimed. He also sent us the "proof" that Estonia distributed. "There were thousands and thousands of attack sources," said Hypponen. "This could have been the kid of a janitor of some government building in Moscow. This is not a government-run information warfare attack." Another expert, Daniel Golding of the well-regarded U.K.-based Hellbound Hacker collective, agreed. In an email interview, he wrote, "The way Estonia has reacted is just absurd. These attacks have literally (forgive my stereotype) been initiated by some 15-year-old teenage boy in his bedroom, who clicked a button saying 'attack this Estonian bank.'" As for the alleged evidence, the Kremlin IP address, he wrote, "No experienced hacker will use his own IP address. For many attacks they will use a proxy which is another computer setup to bounce their connection. So they can access the internet by another computer, thus completely hiding their own address." The attacks on Estonia were DDoS attacks (Distributed Denial of Service). This is when a large collection of computers bombard the victim with more data than it can handle, thus crashing the site. "With these kinds of attacks, none of the computers being used will be from the hackers," says Golding. "It will be coming from a collection of thousands of infected machines, many of which won't even know their infected are attacking a website/network. To say an ISP in the Kremlin was used in an attack is probably very true, but so were hundreds of other computers from literally all over the world." The case against the Kremlin in the "world's first-ever state cyberwarfare" is so flimsy that it makes the Iraqi WMDs look like a slam-dunk by comparison, even with 20/20 hindsight. And yet the only English-language publication that could be bothered to debunk Estonia's initial claims was the online journal SearchSecurity.com in a May 18 article entitled, "Experts doubt Russian government launched attacks." That article did the incredible, something Newsweek, the Washington Post, ABC News or a score of others never bothered doing: actually interviewing experts. Such as Graham Cluley, a senior technology consultant for a major U.K.-based security software company, who told SearchSecurity, "I think it is extremely unlikely that the attacks are being sponsored by the Russian government." The SearchSecurity article even quotes the chief of Estonia's Computer Emergency Response Team, Hillar Aarelaid, who "expressed skepticism that the attacks were from the Russian government, noting that Estonians were also divided on whether it was right to remove the statue." You read that right: Estonia's top cyber-chief didn't buy his own country's story! So here's what we now know about the cyber-attack: Cyber-security pros, as well as any hacker-geek you talk to, agree that the cyber-attack on Estonia was (a) untraceable, and (b) so low tech and old school that it was almost certainly carried out by angry individual Russian hackers, who are famously legion. And contrary to numerous breathless Western reports, this is not the first time that patriotic cyber-geeks have attacked another country's vital websites in the wake of an international incident. (The attacks followed the controversial removal of a Red Army memorial in downtown Tallin.) As Johannes Ullrich, chief researcher at the Bethesda, Md.-based SANS Internet Storm Center, told SearchSecurity.com, "It may as well be a group of bot herders showing 'patriotism,' kind of like what we had with web defacements during the U.S.-China spy-plane crisis [in 2001]." Guess every reporter forgot to check Google to see if this really was the first instance of "cyberwar" or not, because in 2001, after the Chinese downed an American spy plane, angry Chinese net-nerds attacked U.S. sites. Lots of them. Then they did it again on the anniversary, the following year. During these attacks on U.S. sites, we don't remember Ann Applebaum, or anyone else, claiming that Beijing was behind the attacks. Nor did anyone make much of a stink when, at the beginning of Gulf War II, DDoS attacks shut down Al Jazeera's website, something that was chalked up at the time to "patriotic" American hackers, and not the American government itself (which preferred to simply bomb Al Jazeera, as it did on April 8, 2003, killing its Baghdad correspondent, Tariq Ayoub). What this all means is that the biggest, most harrowing, hysterical news story to come out of these parts in the past few months -- Russia launching "the first ever state cyberwarfare" against NATO-EU member Estonia -- stands as an example of Western journalism at its most sloppy and sinister. There are good reasons for the West to be concerned about what the Kremlin might be up to these days, but playing with Estonian websites is not one of them. The reason this story is so maddening is not simply because po' Russia done got blamed for something she didn't do. Pity is not exactly the first emotion that comes to our minds when we think of Russia these days. No, what's infuriating is how a sleazy Estonian P.R. exercise, designed to deflect the world's attention from its mistreatment of its Russian-speaking minority, succeeded, thanks to the collusion of so many powerful Western media players. The Estonians have been working desperately to maintain the West's protection, which they need not only to succeed, but also to allow them to continue getting away with abusing their Russian minority. To maintain the West's protection, Estonia needs the world to see them as "defenseless" against Russia, as Newsweek dutifully does, even though calling a NATO country "defenseless" is about as insane an inversion of reality as calling Sophia Coppola "profound." The crude manner in which the bronze statue in Tallin was removed and the Pinochet-like police response to the Russian minority's riots set in the context of 16 years of official racist policies against its minority, threatened Estonia's position as the EU's greatest lil' victim. Estonia, and its EU and NATO minders, desperately needed to make its Western overlords forget about the riots, which threatened to raise serious questions about Estonia's human rights record. Even notorious Russophobe/Baltiphile Edward Lucas, formerly the Economist's correspondent in Moscow, expressed disgust at Estonia's handling of the bronze statue on his personal blog. Estonia needed to avoid the kinds of articles and inquiries that look into the "root causes" of the riots and keep the West focused instead on the "external causes." The lie in early May about secret Kremlin agents fomenting the riots didn't work well enough, because it kept people focused at least partially on the riots and hence on the plight of Estonia's Russian minority. Estonia needed to change the narrative away from the unpleasant domestic story to the more palatable international spin. With the tale of Russia's cyberwarfare against Estonia, they struck P.R. gold: the riots, the disenfranchised Russian minority, the police brutality -- all of it vanished overnight, replaced by a new story about tiny, defenseless e-Stonia getting cyber-attacked by giant, menacing Russia, "the first ever attack of its kind," an attack that the West was not prepared for. Of course, when we think of "attacks we're not prepared for," we think of 9/11. Congratulations to Estonia, its P.R. goons and, most of all, to the Western media tools who made it all possible. If there's any lesson here, it's that much of the Western press has "moved on" from its post-WMD-stockpile syndrome. Thank god for freedom. Mark Ames and Alexander Zaitchik are editors of a Moscow English alt weekly, The eXile. Ames is the author of "Going Postal: Rage, Murder, and Rebellion: From Reagan's Workplaces to Clinton's Columbine and Beyond." © 2007 Independent Media Institute. All rights reserved. -- -------------------------------------------------------- Posting archives: http://cyberjournal.org/show_archives/ Escaping the Matrix website: http://escapingthematrix.org/ cyberjournal website: http://cyberjournal.org Community Democracy Framework: http://cyberjournal.org/DemocracyFramework.html Subscribe cyberjournal list: •••@••.••• (send blank message) cyberjournal blog (join in): http://cyberjournal-rkm.blogspot.com/ Moderator: •••@••.••• (comments welcome)