Disinformation: Russian ‘Cyber War’ against Estonia

2007-06-04

Richard Moore

Original source URL:
http://www.alternet.org/stories/52891/

Hysterical Western Media Hype Flimsy Cyber War Against Estonia
By Mark Ames and Alexander Zaitchik, AlterNet
Posted on June 2, 2007, Printed on June 2, 2007
http://www.alternet.org/story/52891/

There's been a lot of bleating in the West lately about Putin stomping on the 
last remnants of Russia's free press, but after witnessing Western coverage of 
last month's cyber-attacks on the websites of Estonian banks and government 
offices, it's hard to say how the Western press is superior or even much 
different from the sleaziest Kremlin mouthpieces.

By now everyone and their iGrandma is quaking in their workstations over reports
of "the world's first massive cyberstrike by a superpower on a tiny and almost 
defenseless neighbor," as Newsweek delicately described the attacks. Most 
outlets' versions were slightly more subtle, emphasis on "slightly." For 
example, this May 17 ABC News lead paid minimum lip service to journalism 
ethics:

Estonia: Ground Zero for World's First Cyber War?

By Tomek Rolski

It didn't take long for the problem to be diagnosed as a cyber-attack by another
country or a very well-organized entity.

While no one at this stage will point blaming fingers at any one country, 
Estonians have little doubt that it's Russia taking revenge.

But some were willing to point "blaming fingers." Multiple, throbbing, blaming 
fingers. For the Washington Post, the story worked like a megadose of Cialis. 
The daily published not one, not two, but three denunciations of "Kremlin 
cyber-attacks on official Estonian websites," in the words of Post opinion page 
editor Fred "Bomb Iraq Now!" Hiatt.

And who could possibly suspect the Estonians of being the world's biggest 
cyber-bullshitters? What motive could the poor beleaguered Estonians possibly 
have for hyping the storyline of a Kremlin plot? Everyone knows that the 
Russkies are liars, but the Estonians? They're so cute 'n cuddly and vulnerable!
And they all bank online!

If Estonia was in fact the victim of a Kremlin-coordinated attack, as Tallin 
first suggested and many reporters took on faith, then the cyber-assaults 
represent a serious incident indeed. Estonia is a member of NATO, and according 
to Article V of the NATO charter, alliance members, including the United States,
are obliged to respond to an attack on a member state. While NATO doctrine is 
not clear on whether cyberwar constitutes a trigger for Article V -- or even 
what constitutes cyberwar -- to bring up collective security and Kremlin 
aggression in the same breath has dead-serious implications. And so it gave us 
pause when the Washington Post editorialized against "Russian President Vladimir
Putin's Š flagrant if novel aggression against a peaceful state."

That the attacks were neither flagrant nor novel didn't slow down Post/Slate 
columnist Anne Applebaum, who a few days after the Post editorial all but 
expressed disappointment that U.S., British and German forces weren't already 
carving up their occupation sectors in Smolensk, Pskov and Vologda. Applebaum 
admits that while the perpetrators of the cyber-attacks "aren't exactly unknown,
their identities can't be proved, either." It's sort of like a known unknown 
that's really a known known. But even though their identities "can't be proved,"
Applebaum is quick to raise the specter of Article V, slamming what she 
considers NATO's slack response "despite the alliance's treaty, which declares 
that an armed attack on one of its members is 'an attack against them all.'"

"Armed attack," Anne?

It wasn't just usual suspects like the Post and the U.S. networks that jumped on
the Kremlin cyberwar bandwagon. Even the Guardian included the cyber-attacks in 
an editorial litany of Russian polices toward Eastern Europe, taking for granted
a Kremlin connection and thus raising disturbing questions about the appropriate
NATO response.

But what if Estonia's original claims of Kremlin involvement are wrong? What if 
the Western media swallowed a hook that made no sense? What if, say, the 
Washington Post wrongfully accused a country of aggression, suggesting America 
and its allies should respond with vigor, even if the case against that country 
"can't be proved"? Surely the Post had learned its lesson from the WMD fiasco, 
when it pushed incessantly for Bush to attack Iraq on the basis of unproven 
claims of WMD stockpiles and programs. No way would the Post, or the rest of the
media, make that same mistake twice!

We decided to do what journalists are supposed to do in a story this serious: We
called up some cyber experts who don't have Estonian last names and aren't 
"unnamed NATO sources." What we wanted to check was Estonia's "evidence," which 
consisted of a list of IP addresses of the computers that bombarded and shut 
down their sites, including one IP address in the Russian presidential 
administration.

Would an official Russian cyberwar against Estonia leave that kind of trail? And
if Russia launched a cyberwar, would it really consist of something as obviously
geeky and easy as flooding a handful of sites into temporary shutdown mode?

"That would be stupid," was the assessment of a Finnish cyber security expert 
named Mikko Hypponen. According to him, fake IP addresses are a routine part of 
any hack attack anywhere in the world, and that, if the Kremlin really wanted to
mess with Estonia's e-infrastructure, it would have done much more than send 
forth a few waves of annoying spam tsunamis.

Hypponen, chief security officer for F-Secure in Helsinki, added that it was 
highly unlikely the Kremlin would use its own computers, as Tallin originally 
claimed.

He also sent us the "proof" that Estonia distributed. "There were thousands and 
thousands of attack sources," said Hypponen. "This could have been the kid of a 
janitor of some government building in Moscow. This is not a government-run 
information warfare attack."

Another expert, Daniel Golding of the well-regarded U.K.-based Hellbound Hacker 
collective, agreed. In an email interview, he wrote, "The way Estonia has 
reacted is just absurd. These attacks have literally (forgive my stereotype) 
been initiated by some 15-year-old teenage boy in his bedroom, who clicked a 
button saying 'attack this Estonian bank.'"

As for the alleged evidence, the Kremlin IP address, he wrote, "No experienced 
hacker will use his own IP address. For many attacks they will use a proxy which
is another computer setup to bounce their connection. So they can access the 
internet by another computer, thus completely hiding their own address."

The attacks on Estonia were DDoS attacks (Distributed Denial of Service). This 
is when a large collection of computers bombard the victim with more data than 
it can handle, thus crashing the site.

"With these kinds of attacks, none of the computers being used will be from the 
hackers," says Golding. "It will be coming from a collection of thousands of 
infected machines, many of which won't even know their infected are attacking a 
website/network. To say an ISP in the Kremlin was used in an attack is probably 
very true, but so were hundreds of other computers from literally all over the 
world."

The case against the Kremlin in the "world's first-ever state cyberwarfare" is 
so flimsy that it makes the Iraqi WMDs look like a slam-dunk by comparison, even
with 20/20 hindsight. And yet the only English-language publication that could 
be bothered to debunk Estonia's initial claims was the online journal 
SearchSecurity.com in a May 18 article entitled, "Experts doubt Russian 
government launched attacks." That article did the incredible, something 
Newsweek, the Washington Post, ABC News or a score of others never bothered 
doing: actually interviewing experts.

Such as Graham Cluley, a senior technology consultant for a major U.K.-based 
security software company, who told SearchSecurity, "I think it is extremely 
unlikely that the attacks are being sponsored by the Russian government."

The SearchSecurity article even quotes the chief of Estonia's Computer Emergency
Response Team, Hillar Aarelaid, who "expressed skepticism that the attacks were 
from the Russian government, noting that Estonians were also divided on whether 
it was right to remove the statue."

You read that right: Estonia's top cyber-chief didn't buy his own country's 
story!

So here's what we now know about the cyber-attack: Cyber-security pros, as well 
as any hacker-geek you talk to, agree that the cyber-attack on Estonia was (a) 
untraceable, and (b) so low tech and old school that it was almost certainly 
carried out by angry individual Russian hackers, who are famously legion.

And contrary to numerous breathless Western reports, this is not the first time 
that patriotic cyber-geeks have attacked another country's vital websites in the
wake of an international incident. (The attacks followed the controversial 
removal of a Red Army memorial in downtown Tallin.)

As Johannes Ullrich, chief researcher at the Bethesda, Md.-based SANS Internet 
Storm Center, told SearchSecurity.com, "It may as well be a group of bot herders
showing 'patriotism,' kind of like what we had with web defacements during the 
U.S.-China spy-plane crisis [in 2001]."

Guess every reporter forgot to check Google to see if this really was the first 
instance of "cyberwar" or not, because in 2001, after the Chinese downed an 
American spy plane, angry Chinese net-nerds attacked U.S. sites. Lots of them. 
Then they did it again on the anniversary, the following year. During these 
attacks on U.S. sites, we don't remember Ann Applebaum, or anyone else, claiming
that Beijing was behind the attacks.

Nor did anyone make much of a stink when, at the beginning of Gulf War II, DDoS 
attacks shut down Al Jazeera's website, something that was chalked up at the 
time to "patriotic" American hackers, and not the American government itself 
(which preferred to simply bomb Al Jazeera, as it did on April 8, 2003, killing 
its Baghdad correspondent, Tariq Ayoub).

What this all means is that the biggest, most harrowing, hysterical news story 
to come out of these parts in the past few months -- Russia launching "the first
ever state cyberwarfare" against NATO-EU member Estonia -- stands as an example 
of Western journalism at its most sloppy and sinister. There are good reasons 
for the West to be concerned about what the Kremlin might be up to these days, 
but playing with Estonian websites is not one of them.

The reason this story is so maddening is not simply because po' Russia done got 
blamed for something she didn't do. Pity is not exactly the first emotion that 
comes to our minds when we think of Russia these days.

No, what's infuriating is how a sleazy Estonian P.R. exercise, designed to 
deflect the world's attention from its mistreatment of its Russian-speaking 
minority, succeeded, thanks to the collusion of so many powerful Western media 
players.

The Estonians have been working desperately to maintain the West's protection, 
which they need not only to succeed, but also to allow them to continue getting 
away with abusing their Russian minority. To maintain the West's protection, 
Estonia needs the world to see them as "defenseless" against Russia, as Newsweek
dutifully does, even though calling a NATO country "defenseless" is about as 
insane an inversion of reality as calling Sophia Coppola "profound."

The crude manner in which the bronze statue in Tallin was removed and the 
Pinochet-like police response to the Russian minority's riots set in the context
of 16 years of official racist policies against its minority, threatened 
Estonia's position as the EU's greatest lil' victim. Estonia, and its EU and 
NATO minders, desperately needed to make its Western overlords forget about the 
riots, which threatened to raise serious questions about Estonia's human rights 
record. Even notorious Russophobe/Baltiphile Edward Lucas, formerly the 
Economist's correspondent in Moscow, expressed disgust at Estonia's handling of 
the bronze statue on his personal blog. Estonia needed to avoid the kinds of 
articles and inquiries that look into the "root causes" of the riots and keep 
the West focused instead on the "external causes."

The lie in early May about secret Kremlin agents fomenting the riots didn't work
well enough, because it kept people focused at least partially on the riots and 
hence on the plight of Estonia's Russian minority. Estonia needed to change the 
narrative away from the unpleasant domestic story to the more palatable 
international spin.

With the tale of Russia's cyberwarfare against Estonia, they struck P.R. gold: 
the riots, the disenfranchised Russian minority, the police brutality -- all of 
it vanished overnight, replaced by a new story about tiny, defenseless e-Stonia 
getting cyber-attacked by giant, menacing Russia, "the first ever attack of its 
kind," an attack that the West was not prepared for.

Of course, when we think of "attacks we're not prepared for," we think of 9/11.

Congratulations to Estonia, its P.R. goons and, most of all, to the Western 
media tools who made it all possible. If there's any lesson here, it's that much
of the Western press has "moved on" from its post-WMD-stockpile syndrome. Thank 
god for freedom.

Mark Ames and Alexander Zaitchik are editors of a Moscow English alt weekly, The
eXile. Ames is the author of "Going Postal: Rage, Murder, and Rebellion: From 
Reagan's Workplaces to Clinton's Columbine and Beyond."

© 2007 Independent Media Institute. All rights reserved.
-- 

--------------------------------------------------------
Posting archives: http://cyberjournal.org/show_archives/
Escaping the Matrix website: http://escapingthematrix.org/
cyberjournal website: http://cyberjournal.org

Community Democracy Framework: 
http://cyberjournal.org/DemocracyFramework.html

Subscribe cyberjournal list: •••@••.•••  (send blank
message)

cyberjournal blog (join in): http://cyberjournal-rkm.blogspot.com/

Moderator: •••@••.•••  (comments welcome)