![[info]](http://l-stat.livejournal.com/img/userinfo.gif?v=91.6){kind=small}
By Mark Ames and Alexander Zaitchik, AlterNet
Posted on June 2, 2007, Printed on June 2, 2007
http://www.alternet.org/story/52891/
There's been a lot of bleating in the West lately about Putin stomping
on the last remnants of Russia's free press, but after witnessing
Western coverage of last month's cyber-attacks on the websites of
Estonian banks and government offices, it's hard to say how the Western
press is superior or even much different from the sleaziest Kremlin
mouthpieces.
By now everyone and their iGrandma is quaking in their workstations
over reports of "the world's first massive cyberstrike by a superpower
on a tiny and almost defenseless neighbor," as Newsweek delicately
described the attacks. Most outlets' versions were slightly more
subtle, emphasis on "slightly." For example, this May 17 ABC News lead
paid minimum lip service to journalism ethics:
Estonia: Ground Zero for World's First Cyber War?
By Tomek Rolski
It didn't take long for the problem to be diagnosed as a
cyber-attack by another country or a very well-organized entity.
While no one at this stage will point blaming fingers at any one
country, Estonians have little doubt that it's Russia taking revenge.
But some were willing to point "blaming fingers." Multiple, throbbing,
blaming fingers. For the Washington Post, the story worked like a
megadose of Cialis. The daily published not one, not two, but three
denunciations of "Kremlin cyber-attacks on official Estonian websites,"
in the words of Post opinion page editor Fred "Bomb Iraq Now!" Hiatt.
And who could possibly suspect the Estonians of being the world's
biggest cyber-bullshitters? What motive could the poor beleaguered
Estonians possibly have for hyping the storyline of a Kremlin plot?
Everyone knows that the Russkies are liars, but the Estonians? They're
so cute 'n cuddly and vulnerable! And they all bank online!
If Estonia was in fact the victim of a Kremlin-coordinated attack, as
Tallin first suggested and many reporters took on faith, then the
cyber-assaults represent a serious incident indeed. Estonia is a member
of NATO, and according to Article V of the NATO charter, alliance
members, including the United States, are obliged to respond to an
attack on a member state. While NATO doctrine is not clear on whether
cyberwar constitutes a trigger for Article V -- or even what
constitutes cyberwar -- to bring up collective security and Kremlin
aggression in the same breath has dead-serious implications. And so it
gave us pause when the Washington Post editorialized against "Russian
President Vladimir Putin's flagrant if novel aggression against a
peaceful state."
That the attacks were neither flagrant nor novel didn't slow down
Post/Slate columnist Anne Applebaum, who a few days after the Post
editorial all but expressed disappointment that U.S., British and
German forces weren't already carving up their occupation sectors in
Smolensk, Pskov and Vologda. Applebaum admits that while the
perpetrators of the cyber-attacks "aren't exactly unknown, their
identities can't be proved, either." It's sort of like a known unknown
that's really a known known. But even though their identities "can't be
proved," Applebaum is quick to raise the specter of Article V, slamming
what she considers NATO's slack response "despite the alliance's
treaty, which declares that an armed attack on one of its members is
'an attack against them all.'"
"Armed attack," Anne?
It wasn't just usual suspects like the Post and the U.S. networks that
jumped on the Kremlin cyberwar bandwagon. Even the Guardian included
the cyber-attacks in an editorial litany of Russian polices toward
Eastern Europe, taking for granted a Kremlin connection and thus
raising disturbing questions about the appropriate NATO response.
But what if Estonia's original claims of Kremlin involvement are wrong?
What if the Western media swallowed a hook that made no sense? What if,
say, the Washington Post wrongfully accused a country of aggression,
suggesting America and its allies should respond with vigor, even if
the case against that country "can't be proved"? Surely the Post had
learned its lesson from the WMD fiasco, when it pushed incessantly for
Bush to attack Iraq on the basis of unproven claims of WMD stockpiles
and programs. No way would the Post, or the rest of the media, make
that same mistake twice!
We decided to do what journalists are supposed to do in a story this
serious: We called up some cyber experts who don't have Estonian last
names and aren't "unnamed NATO sources." What we wanted to check was
Estonia's "evidence," which consisted of a list of IP addresses of the
computers that bombarded and shut down their sites, including one IP
address in the Russian presidential administration.
Would an official Russian cyberwar against Estonia leave that kind of
trail? And if Russia launched a cyberwar, would it really consist of
something as obviously geeky and easy as flooding a handful of sites
into temporary shutdown mode?
"That would be stupid," was the assessment of a Finnish cyber security
expert named Mikko Hypponen. According to him, fake IP addresses are a
routine part of any hack attack anywhere in the world, and that, if the
Kremlin really wanted to mess with Estonia's e-infrastructure, it would
have done much more than send forth a few waves of annoying spam
tsunamis.
Hypponen, chief security officer for F-Secure in Helsinki, added that
it was highly unlikely the Kremlin would use its own computers, as
Tallin originally claimed.
He also sent us the "proof" that Estonia distributed. "There were
thousands and thousands of attack sources," said Hypponen. "This could
have been the kid of a janitor of some government building in Moscow.
This is not a government-run information warfare attack."
Another expert, Daniel Golding of the well-regarded U.K.-based
Hellbound Hacker collective, agreed. In an email interview, he wrote,
"The way Estonia has reacted is just absurd. These attacks have
literally (forgive my stereotype) been initiated by some 15-year-old
teenage boy in his bedroom, who clicked a button saying 'attack this
Estonian bank.'"
As for the alleged evidence, the Kremlin IP address, he wrote, "No
experienced hacker will use his own IP address. For many attacks they
will use a proxy which is another computer setup to bounce their
connection. So they can access the internet by another computer, thus
completely hiding their own address."
The attacks on Estonia were DDoS attacks (Distributed Denial of
Service). This is when a large collection of computers bombard the
victim with more data than it can handle, thus crashing the site.
"With these kinds of attacks, none of the computers being used will be
from the hackers," says Golding. "It will be coming from a collection
of thousands of infected machines, many of which won't even know their
infected are attacking a website/network. To say an ISP in the Kremlin
was used in an attack is probably very true, but so were hundreds of
other computers from literally all over the world."
The case against the Kremlin in the "world's first-ever state
cyberwarfare" is so flimsy that it makes the Iraqi WMDs look like a
slam-dunk by comparison, even with 20/20 hindsight. And yet the only
English-language publication that could be bothered to debunk Estonia's
initial claims was the online journal SearchSecurity.com in a May 18
article entitled, "Experts doubt Russian government launched attacks."
That article did the incredible, something Newsweek, the Washington
Post, ABC News or a score of others never bothered doing: actually
interviewing experts.
Such as Graham Cluley, a senior technology consultant for a major
U.K.-based security software company, who told SearchSecurity, "I think
it is extremely unlikely that the attacks are being sponsored by the
Russian government."
The SearchSecurity article even quotes the chief of Estonia's Computer
Emergency Response Team, Hillar Aarelaid, who "expressed skepticism
that the attacks were from the Russian government, noting that
Estonians were also divided on whether it was right to remove the
statue."
You read that right: Estonia's top cyber-chief didn't buy his own
country's story!
So here's what we now know about the cyber-attack: Cyber-security pros,
as well as any hacker-geek you talk to, agree that the cyber-attack on
Estonia was (a) untraceable, and (b) so low tech and old school that it
was almost certainly carried out by angry individual Russian hackers,
who are famously legion.
And contrary to numerous breathless Western reports, this is not the
first time that patriotic cyber-geeks have attacked another country's
vital websites in the wake of an international incident. (The attacks
followed the controversial removal of a Red Army memorial in downtown
Tallin.)
As Johannes Ullrich, chief researcher at the Bethesda, Md.-based SANS
Internet Storm Center, told SearchSecurity.com, "It may as well be a
group of bot herders showing 'patriotism,' kind of like what we had
with web defacements during the U.S.-China spy-plane crisis [in 2001]."
Guess every reporter forgot to check Google to see if this really was
the first instance of "cyberwar" or not, because in 2001, after the
Chinese downed an American spy plane, angry Chinese net-nerds attacked
U.S. sites. Lots of them. Then they did it again on the anniversary,
the following year. During these attacks on U.S. sites, we don't
remember Ann Applebaum, or anyone else, claiming that Beijing was
behind the attacks.
Nor did anyone make much of a stink when, at the beginning of Gulf War
II, DDoS attacks shut down Al Jazeera's website, something that was
chalked up at the time to "patriotic" American hackers, and not the
American government itself (which preferred to simply bomb Al Jazeera,
as it did on April 8, 2003, killing its Baghdad correspondent, Tariq
Ayoub).
What this all means is that the biggest, most harrowing, hysterical
news story to come out of these parts in the past few months -- Russia
launching "the first ever state cyberwarfare" against NATO-EU member
Estonia -- stands as an example of Western journalism at its most
sloppy and sinister. There are good reasons for the West to be
concerned about what the Kremlin might be up to these days, but playing
with Estonian websites is not one of them.
The reason this story is so maddening is not simply because po' Russia
done got blamed for something she didn't do. Pity is not exactly the
first emotion that comes to our minds when we think of Russia these
days.
No, what's infuriating is how a sleazy Estonian P.R. exercise, designed
to deflect the world's attention from its mistreatment of its
Russian-speaking minority, succeeded, thanks to the collusion of so
many powerful Western media players.
The Estonians have been working desperately to maintain the West's
protection, which they need not only to succeed, but also to allow them
to continue getting away with abusing their Russian minority. To
maintain the West's protection, Estonia needs the world to see them as
"defenseless" against Russia, as Newsweek dutifully does, even though
calling a NATO country "defenseless" is about as insane an inversion of
reality as calling Sophia Coppola "profound."
The crude manner in which the bronze statue in Tallin was removed and
the Pinochet-like police response to the Russian minority's riots set
in the context of 16 years of official racist policies against its
minority, threatened Estonia's position as the EU's greatest lil'
victim. Estonia, and its EU and NATO minders, desperately needed to
make its Western overlords forget about the riots, which threatened to
raise serious questions about Estonia's human rights record. Even
notorious Russophobe/Baltiphile Edward Lucas, formerly the Economist's
correspondent in Moscow, expressed disgust at Estonia's handling of the
bronze statue on his personal blog. Estonia needed to avoid the kinds
of articles and inquiries that look into the "root causes" of the riots
and keep the West focused instead on the "external causes."
The lie in early May about secret Kremlin agents fomenting the riots
didn't work well enough, because it kept people focused at least
partially on the riots and hence on the plight of Estonia's Russian
minority. Estonia needed to change the narrative away from the
unpleasant domestic story to the more palatable international spin.
With the tale of Russia's cyberwarfare against Estonia, they struck
P.R. gold: the riots, the disenfranchised Russian minority, the police
brutality -- all of it vanished overnight, replaced by a new story
about tiny, defenseless e-Stonia getting cyber-attacked by giant,
menacing Russia, "the first ever attack of its kind," an attack that
the West was not prepared for.
Of course, when we think of "attacks we're not prepared for," we think
of 9/11.
Congratulations to Estonia, its P.R. goons and, most of all, to the
Western media tools who made it all possible. If there's any lesson
here, it's that much of the Western press has "moved on" from its
post-WMD-stockpile syndrome. Thank god for freedom.
Mark Ames and Alexander Zaitchik are editors of a Moscow English alt
weekly, The eXile. Ames is the author of "Going Postal: Rage, Murder,
and Rebellion: From Reagan's Workplaces to Clinton's Columbine and
Beyond."
