Russian continued cyberattacks on Estonia and their implications for the Internet governance

May 11, 2007

Russian Federation continues to wage cyberattacks agains Estonian government websites. The attacks come at least partly from IP addresses connected with Russian Federation government agencies and when continued, may have a potential to harm the functioning of Estonian economy and society, as Estonia currently and increasingly relies on the Internet to conduct its daily life and business.

Previously, Shel and Sten have covered the subject.

Moral qualification of the aggression

Before proceeding any further, I feel that I must morally qualify the current events and specifically the cyber-aggression from my own perspective. I have also previously posted about recent Estonian events, please read these posts and their comments to develop your own view.

In short: Russian Federation continues to actively demonstrate that she is not able and/or willing to act as a well-behaving member of the international community. Russia continues hostile activities against its neighbouring countries, including Estonia. The aim of such activities is to destabilize the situation, instead of promoting cooperation and building bridges and understanding. As my colleague Sten, I am deeply saddened by this, as I would really like to live in a free democratic world where countries respect each other and demonstrate a willingness and ability to cooperate with each other, instead of spreading lies, biased history interpretation and conflict.

I am happy that everyone living in Estonia is united in their willingness to cooperate in continuing to build the happiness and prosperity in this country through means of peaceful cooperation and dialogue. A clear indicator of this is the lack of violence on the streets of Estonia after the shocking events of two April "bronze nights". This clearly shows that the issue we have to deal with is NOT conflict between ethnicities in Estonia, as some provocateurs would have wished. It is rather having to deal with the challenge of Russian Federation wishing to dominate over her neighbouring countries and disrespecting their sovereignity. One of the tools being utilized by Russian Federation are coordinated, well-orchestrated and government-mandated DDoS cyberattacks.

Tyically, such DDos, spam and phishing attacks and similar cybercimes are done by private criminal actors for commercial purposes in conjunction with other cybercrime such as spamming and phishing. The aim of such attacks is commercial gain, such as getting access to someone's PayPal funds. To conduct these attacks, the criminals take precautions such as masquerading their true origins and identities by means of bouncing through different hosts before reaching their end destination. In contrast, at least a portion of the current attacks against Estonia can be clearly and directly traced back to Russian government agencies. This indicates the especially blatant and cynical nature of such attacks, as the attackers have not even bothered to conceal their identity. There may also be practical considerations to this, such as perhaps not having access to sufficent amounts of computing and networking power when conducting proxied attacks. But I personally consider this more of a (blatant but failed) demonstration of superiority.

A final, yet most important question about the attacks is their motive and end goal. What will Russian Federation gain by cyberattacking Estonia (or any other closeby country)? Will it do any good to her own economy? Is this truly the best use of the intellectual capacity of the country that's always limited and could be spent on better things such as, uh, building products that the world market would be willing to pay for to advance Russia's IT industry? Is this really a good signal to possible future investors that the country's IT potential is willing to engage in orchestrating such attacks together with the authorities?

Internet governance and the bad guys

But what I really wanted to get to is the implication of these hostilities to Internet governance.

I'm pretty sure that in 50 or 100 years, such aggressions would result in an immediate invocation of Article 5 of the NATO treaty. The problem currently is that the whole "cyber" thing is still relatively new to the political scene, and there is some confusion about what constitutes an "armed" attack. I'm sure that there will be many discussions around this as the Internet continues to become a part of many people's and organizations' and governments' daily lives. But for now, there remains an ambiguity around this on the government and political level.

So if someone misuses the Internet, and you cannot resolve it on a political level, what do you do?

The Internet originally was built to retain communication capacity in case of a nuclear attack that could have otherwise decapacitated a country, specifically the US. (Well, this is not entirely true. The Internet had also other design objectives. But it's not entirely false to say that the above was one part of the Internet's design objectives, and I'll use it in this discussion.) This of course assumes that the "bad guys" are using conventional and nuclear weapons and other non-cyber-weapons and the Internet is entirely under the control of "good guys". Remember that it was originally used for communication between academic institutions who all had a common goal of furthering science and research. I can't imagine the original designers of the Internet imagining a situation where they would have had to deal with well-organized, well-funded, long-lasting and government-mandated hostilities. Normally you would deal with such abuse using law enforcement. But in case of Russian Federation and her current cyber-aggression against Estonia, I believe it is safe to assume that the law enforcement apparatus and IT capacity is part of the problem instead of solution, and participates in conducting the attacks or at least quietly approves those instead of taking law enforcement action.

So, in the framework of Internet governance and a government-mandated attack, and if the "bad guys" are an inherent part of the Internet as it has become global and open to everyone, what do you do?

I don't believe in international Internet governance. It doesn't exist currently and setting it up will be a lengthy process. This may eventually happen, but we in Estonia need answers here and today.

Rather, let's look at how the Internet currently functions -- on a basis of agreements between NGO-s dealing with the governance and regional authorities allocating the address blocks, stemming from the US Department of Commerce, most notably the ICANN.

I haven't studied the exact framework to detail, but I believe there is a framework and a set of regulations in place in delegating responsibility for allocating blocks of IP addresses from ICANN to regional authorities like the RIPE NCC that is the relevant one in Russia-Estonia case, and from the regional authorities down to the government- and privately-owned ISP-s who allocate the addresses to end users. And being naive as I am, I believe that these frameworks and agreements contain provisions for enforcing the allocated address spaces being used for "fair use" purposes and not trashing the experience of other Internet users.

If the given ISP does not honour its commitments in forcing its users to use the Internet only for non-aggressive purposes, one real outcome of this conflict could be that the RIPE NCC or ICANN authorities get together and simply deallocate the IP blocks from the ISP-s who are unwilling to enforce the fair use policy and are permitting their customers to conduct hostilities against other international actors on a country and global level. This would mean that portions of Russian Federation and its government agencies could be simply disconnected from the Internet if they fail to capture and prosecute the offenders.

I'm sure there's a lot more detail to this that I have missed, and I should study the delegation procedures in more detail. But this is a challenge and good opportunity for the Internet community to get together and demonstrate that they are willing to enforce the use of Internet for its original purposes, to further science, development and thereby national and international learning and understanding, instead of hostilities between countries.

I hope that the ICANN, RIPE-NCC and other relevant bodies will take action on this if the Russian Federation hostilities continue.