The student, Dmitri Galushkevich, reportedly admited to initiating the attacks from his own computer. After Galushkevich's DoS took place, the
Estonia government claimed that
Russia was either directly or indirectly involved, which the Russian government denied.
However, a report posted on Friday by Heise Security in the United Kingdom said that last year's attack on the Estonian websites deployed parts of a botnet that had been previously used to mount attacks on servers hosting sites for opponents of the Russian government and the former world chess champion Gary Kasparov, now an outspoken critic of Russian President Vladimir Putin.
Galushkevich, a native Estonian reportedly of Russian ethnic origin, was said to be angry over his government's controversial plans to move a World War II-era memorial known as the Bronze Soldier from the center of Tallin in
Estonia to the outskirts of the city and initiated the attacks as a protest.
The proposed move of the statue – erected by a Communist government when
Estonia was part of the
Soviet Union – and a decision by the Estonian government to relocate the graves of several Soviet soldiers who died in World War II – ignited a variety of protests, most often led by members of the country's ethnic Russian minority.
Galushkevich attacks, which not only took down a wide range of websites, including banks and schools as well as those for political organisations.
While some reports expressed surprise that a single individual could create so much disruption, it came as no major shock to Jose Nazario, a senior security researcher with Arbor Network's ASERT team, which investigates web-based threat activity.
"Bear in mind that many of these attacks appeared to be coming from botnets, or compromised personal computers, which grow organically, then wait for commands to send traffic," Nazario told SCMagazineUS.com.
"We track thousands of these a day, and it's a very effective mechanism for an individual to have thousands and even hundred of thousands individual PCs doing their bidding," he said. "With just a couple of keystrokes, one individual can tell tens of thousands of computers around world to send traffic to one computer," generating a DoS attack.
What's not so effective, Nazario pointed out, is controlling one of the key elements in denial of service attacks: the independent server used by attackers to control their botnets. These are typically servers at third-party web hosting sites that have been taken over by individuals such as Galushkevich.
"We see [co-opted servers] all over the place," Nazario said. "A hosting site makes a good choice because the servers there are generally up and running as long as possible."
Nazario said he isn't pleased with the relatively small fine Galushkevich paid.
"I'd like to see the punishment upscaled, but I'm not sure of [the] extent of law in
Estonia in regard to this kind of crime," he said.
"There clearly were real damages associated with the attack, including lost productivity for the people who use the networks and loss of productivity to protect the networks by the people who run the networks."
He noted that the
U.S. "has stricter penalties and more case law for this kind of attack, and the
U.K. has even more significant laws with regard to this kind of computer abuse
See original article on scmagazineus.com