Impact of Alleged Russian Cyber Attacks A Monograph by MAJOR William C Ashmore U S Army School of Advanced Military Studies United States Army Command and General Staff College Fort Leavenworth Kansas AY 08 09 Approved for Public Release Distribution is Unlimited REPORT DOCUMENTATION PAGE Form Approved OMB No 0704-0188 Public reporting burden for this collection of information is estimated to average 1 hour per response including the time for reviewing instructions searching existing data sources gathering and maintaining the data needed and completing and reviewing this collection of information Send comments regarding this burden estimate or any other aspect of this collection of information including suggestions for reducing this burden to Department of Defense Washington Headquarters Services Directorate for Information Operations and Reports 0704-0188 1215 Jefferson Davis Highway Suite 1204 Arlington VA 22202-4302 Respondents should be aware that notwithstanding any other provision of law no person shall be subject to any penalty for failing to comply with a collection of information if it does not display a currently valid OMB control number PLEASE DO NOT RETURN YOUR FORM TO THE ABOVE ADDRESS 1 REPORT DATE DD-MM-YYYY 2 REPORT TYPE 3 DATES COVERED From - To 21-05-2009 SAMS Monograph July 2008 – May 2009 4 TITLE AND SUBTITLE 5a CONTRACT NUMBER Impact of Alleged Russian Cyber Attacks 5b GRANT NUMBER 5c PROGRAM ELEMENT NUMBER 6 AUTHOR S 5d PROJECT NUMBER Major William C Ashmore U S Army 5e TASK NUMBER 5f WORK UNIT NUMBER 7 PERFORMING ORGANIZATION NAME S AND ADDRESS ES 8 PERFORMING ORG REPORT NUMBER School of Advanced Military Studies SAMS 250 Gibbon Avenue Fort Leavenworth KS 66027-2134 9 SPONSORING MONITORING AGENCY NAME S AND ADDRESS ES 10 SPONSOR MONITOR’S ACRONYM S Foreign Military Studies Office Command and General Staff College Director FMSO 731 McClellan Ave Fort Leavenworth KS 66027-1350 FMSO CGSC 11 SPONSOR MONITOR’S REPORT NUMBER S 12 DISTRIBUTION AVAILABILITY STATEMENT Approved for Public Release Distribution is Unlimited 13 SUPPLEMENTARY NOTES 14 ABSTRACT High profile cyber attacks against Estonia and Georgia have brought the subject of cyber security from the realm of internet magazines to main stream media outlets The cyber attacks advanced the perceptions of animosity between the Russian Federation and former Soviet satellites The cyber attacks that have occurred in the last few years have shown the vulnerabilities of using the internet and the weaknesses of cyber defenses There is little concrete proof of involvement of the Russian Federation government in any cyber attacks The circumstantial evidence does lead to the perception that the Russian government was behind or supported recent cyber attacks When countries or organizations stand in opposition to Russia they are likely to receive a cyber attack in order to influence their position Government and organizational leaders need to ensure that their cyber defenses are ready to protect private information internet services and electrical grids that rely on internet technology to function Former Soviet satellites the United States and international organizations need to strive to increase international co-operation in order to defeat cyber crime Without a legal international framework cyber criminals will continue to operate in areas where there are no laws or agreements concerning cyber security 15 SUBJECT TERMS Cyber Security Cyber Warfare Estonia Georgia Russian Federation Cyber Strategy Convention on Cybercrime NATO Center of Excellance for Cyber Defense 16 SECURITY CLASSIFICATION OF U a REPORT U 17 LIMITATION OF ABSTRACT 18 NUMBER OF PAGES b ABSTRACT c THIS PAGE U U 19a NAME OF RESPONSIBLE PERSON Stefan J Banach COL U S Army 19b PHONE NUMBER include area code U 48 913-758-3302 Standard Form 298 Rev 8-98 Prescribed by ANSI Std Z39 18 SCHOOL OF ADVANCED MILITARY STUDIES MONOGRAPH APPROVAL MAJ William C Ashmore Title of Monograph Impact of Alleged Russian Cyber Attacks Approved by __________________________________ Timothy L Thomas FMSO Monograph Director __________________________________ Thomas Langowski COL LG Monograph Reader ___________________________________ Stefan Banach COL IN Director School of Advanced Military Studies ___________________________________ Robert F Baumann Ph D Director Graduate Degree Programs Abstract IMPACT OF ALLEGED RUSSIAN CYBER ATTACKS by MAJOR William C Ashmore U S Army 48 pages High profile cyber attacks against Estonia and Georgia have brought the subject of cyber security from the realm of internet magazines to main stream media outlets The cyber attacks advanced the perceptions of animosity between the Russian Federation and former Soviet satellites The cyber attacks that have occurred in the last few years have shown the vulnerabilities of using the internet and the weaknesses of cyber defenses The international framework either through regional organization such as the North Atlantic Treaty Organization NATO and the European Union EU or through international organizations such as the United Nations UN has been inadequate for preventing cyber attacks for political purposes or for bringing cyber criminals to justice There is little concrete proof of involvement of the Russian Federation government in any cyber attacks The circumstantial evidence does lead to the perception that the Russian government was behind or supported recent cyber attacks When countries or organizations stand in opposition to Russia they are likely to receive a cyber attack in order to influence their position The high likelihood of future cyber attacks the ease of conducting cyber attacks and the amount of networks to conduct the attacks make this monograph relevant for study Government and organizational leaders need to ensure that their cyber defenses are ready to protect private information internet services and electrical grids that rely on internet technology to function Former Soviet satellites the United States and international organizations need to strive to increase international co-operation in order to defeat cyber crime Without a legal international framework cyber criminals will continue to operate in areas where there are no laws or agreements concerning cyber security Nations can build their own defenses but co-operation and the sharing of technical data will enable a safer internet environment for everyone The computer user can be the weakest link in an Information Technology IT structure Individuals must ensure that they are following best computer practices in order to accept the responsibility of being the first line of defense against future cyber attacks Approved for Public Release Distribution is Unlimited TABLE OF CONTENTS I   II   III   IV   V   VI   VII   VIII IX   X   XI   XII   XIII Introduction 1  Research Question 2  Working Hypothesis 2  Significance of Research 3  Literature Review 3  Paper Organization 3  Cyber Attack on Estonia 5  Implications for Estonia 8  Cyber concerns for Former Soviet Satellites 11  Georgian Cyber Attack 11  Lithuanian Cyber Attack 13  Kyrgyzstan Cyber Attack 13  Compelling realities for the North Atlantic Treaty Organization 15  Multilateral Initiatives 18  Convention on Cybercrime 18  Organization for Security and Co-operation in Europe 19  The European Union 20  The United Nations 22  Relevance of Multilateral Initiatives 23   Implications for the United States 24  The Weakest Link –The Computer User 29  The Russian Federation 33  The Future of Russian Cyber Warfare 39  Countermeasures 45  Conclusion 47  BIBLIOGRAPHY 49  Approved for Public Release Distribution is Unlimited I Introduction During a two week period in April and May of 2007 Estonia was the victim of a sustained massive cyber attack on its information infrastructure While the cyber attack was not the first nor was it the largest it was the first cyber attack that was directed at the national security of a country 1 The significance of a cyber attack on a small country can be difficult to measure for a casual observer Estonia is a small country that can be seen as a model for the future Estonians have developed and used internet technology for voting education security and banking ninetyfive percent of banking operations are done electronically 2 It is not uncommon to see a sign for free Wi-Fi internet access at a pub restaurant or on public transportation 3 Imagine going to an Automated Teller Machine ATM while on a business trip to get money for meals and lodging and the system is down Restaurants and hotels are unable to process your credit card You try to send a message to your bank your work and your family but the computer servers are all down The government is unable to communicate with the public and its different departments News agencies are having difficulties publishing information The aftermath of a cyber attack can impact anyone that uses the internet whether it is an individual business or government that has been affected By investigating the attack how it happened and Estonia’s reaction states can decide whether their internet defenses and strategies are adequate 4 1 Joshua Davis Hackers Take Down the Most Wired Country in Europe Wired Magazine Issue 15 09 2 Mike Collier Estonia Cyber Superpower Business Week 2007 http www businessweek com globalbiz content dec2007 gb20071217_535635 htm chan globalbiz_europe index page_top stories accessed August 27 2008 3 4 Personal recollection of the author who lived in Estonia from July 2007 to June 2008 Multiple sources were used along with the author’s personal recollections of living in Estonia Three of the main sources that describe the attack are Joshua Davis Hackers Take Down the Most Wired Country in Europe Wired Magazine Issue 15 09 Binoy Kampmark Cyber Warfare Between Estonia And Russia Contemporary Review Autumn 2003 p 288-293 Jaak Aaviksoo Address by the Minister of 1 The cyber attacks on Estonia have implications for both its allies and adversaries This monograph is not meant to establish a complete strategy for cyber defense but to create a better understanding of how a cyber attack can have far reaching consequences beyond the immediate aftermath of a targeted infrastructure What are the implications for Estonia Is the framework of the North Atlantic Treaty Organization NATO appropriate for cyber defense Is an attack against one really an attack against all Does the Organization for Security and Co-operation in Europe OSCE have the ability to react to cyber attacks Lastly does the Russian Federation have a coherent cyber strategy that it is willing to use and what have been the consequences for Russia Research Question What implication does the Russian Federation’s use of a cyber strategy have for itself its former Soviet satellites and international organizations Working Hypothesis Any country that uses the internet as part of its infrastructure needs to be aware of the vulnerabilities and consequences of a cyber attack on their system A coherent strategy must include internet defenses that are set-up in conjunction with technical defenses Currently legal definitions for cyber crimes do not exist in all countries The international community must examine treaties and update them to better define assistance and common defense in the event of a cyber attack Russians have shown the ability and the desire to use cyber warfare Cyber strategy by in defense of or against Russia affects more than computer networks Although attacks that originate in China Japan or the United States may have similar implications they are outside of the scope of this monograph Defense of the Republic of Estonia delivered to the Center for Strategic International Studies Washington D C November 28 2007 2 Significance of Research Internet attacks occur on a daily basis throughout the world How Nations prepare themselves for an internet attack will determine the impact of a cyber attack on their infrastructure The significance of this monograph is a greater understanding of alleged Russian cyber strategy and possible counter measures that can be used to prevent or mitigate cyber attacks This awareness could possibly prevent a tactical defeat during conflict when a cyber attack targeting command and control and communications infrastructure is blocked Literature Review Internet trade magazines and mass media reports were used to gather evidence on the events surrounding the cyber attack on Estonia Internet sources were a major source of information on the subject of cyber security because of the amount of information that is new and has not yet been published in books Several Estonian government officials have spoken on the issue of cyber attacks at great lengths Estonian government documents were also used to analyze the Estonian response to the cyber attack Media accounts along with documents from the North Atlantic Treaty Organization NATO and the Organization for Security and Co-operation in Europe OSCE were used to analyze the aftermath of the Estonian cyber attack on organizations and other states Analysis of Russian involvement was conducted using western documents Published books were used for a greater understanding of cyber defense and cyber warfare Information technology has its own language that is not understood by everyone The literature is used to build greater understanding of the language and internet culture Paper Organization In order to understand the reasons behind the Estonian cyber attack Section II explores the social tensions and the cyber attack itself The third through the ninth sections deal with the 3 impacts of different actors that are affected by cyber attacks Sections flow from the implications for Estonia and other former Soviet satellites to the compelling reality for NATO and the OSCEto develop a coherent cyber strategy Sections VII focuses on the significance of Russia’s cyber strategy for the United States Section VIII investigates the individual computer user and how they are linked to cyber attacks Sections IX and X discuss the implications of cyber attacks for the Russian Federation and the future of Russian involvement in cyber warfare The final sections cover possible countermeasures to a cyber attack and the conclusions of the research 4 II Cyber Attack on Estonia The social tensions between Estonians and Estonia’s Russian minority are key to understanding why there was a cyber attack Estonia is made up of 1 3 million people where 25 6 percent of the population is Russian 5 In 1918 the Estonians gained their independence from Russia and in 1940 they were forced into the Soviet Union From 1940 until they regained their independence in 1991 Estonia viewed Russia’s presence as an illegal occupation Mass deportations were made people were summarily executed and the population was resettled by ethnic Russians Russians on the other hand view the Estonians as ungrateful because they were saved by Russians from the Nazi German fascists Today there exists significant animosity between the Russians and the Estonians that permeate personal relationships and political interactions within the country and between the two nations 6 The actual events that occurred in Estonia centered on the Soviet Bronze Soldier monument The Bronze Soldier monument is a World War II Soviet War memorial which memorialized the graves of Soviet Soldiers who died during World War II However over time ethnic Russians had used the memorial as a rallying site for demonstrations and other forms of protest against the Estonian government This led to a decision by the Estonian government to move the monument to an area that was less public 7 The decision to move the statue led to actual riots in the capital city of Tallinn on April 27 2007 The demonstrations degraded into criminal activities involving looting and the destruction of private and public property Hundreds of demonstrators were arrested most of 5 Central Intelligence Agency The World Fact Book Estonia page updated as of December 4 2008 https www cia gov library publications the-world-factbook geos en html accessed December 13 2008 6 Priit Vesilind The Singing Revolution Tallinn Varrak Publishers Ltd 2008 15 78 172 This reference offers an Estonian view of its history and underlines the reasons behind the friction between Russia and Estonia 7 15 09 5 Joshua Davis Hackers Take Down the Most Wired Country in Europe Wired Magazine Issue whom were ethnic Russians The civil unrest was contained order was restored to the streets by the Estonian government and most of the physical damage was repaired by the next morning 8 During this period of civil unrest computers in the Estonian government and the Estonian national media were hacked into with significant affect Some of the attacks on the system were vandalism of sites and some were distributed denial of service attacks a cyber attack that disrupts internet service so that a user cannot access a given computer service The attacks started small with a major attack culminating on the Estonian internet system on May 9 2007 This date coincidentally corresponded to the day the Russians celebrate their victory over the Germans in World War II During this time a Russian youth-group conducted protests against the Estonian Ambassador to Russia and against the Estonian Embassy in Moscow The protests against the Ambassador and the embassy didn’t end until the ambassador left the country as part of a deal that was negotiated by Germany The Russian government even suspended passenger rail services between Tallinn and St Petersburg The riots the protests the stopping of rail service and the cyber attacks led to an increasingly tense relationship between Estonia and Russia 9 The Estonians were able to respond to the cyber attacks in a very proficient manner as they were able to coordinate responses that only caused relatively short term outages instead of any permanent damage to their IT infrastructure The Estonian government was able to employ its Computer Emergency Response Team CERT which coordinated IT responses among government and civilian specialists However due to the ambiguous nature of the internet and the 8 9 Ibid Joshua Davis Hackers Take Down the Most Wired Country in Europe Wired Magazine Issue 15 09 and Binoy Kampmark Cyber Warfare Between Estonia And Russia Contemporary Review Autumn 2003 p 288-293 6 use of fake internet protocol IP addresses the Estonian’s were unable to conclusively prove who initiated the cyber attacks 10 The cyber attacks themselves were not very sophisticated as the attackers used techniques that had been in existence for several years The focus of the cyber attack was to completely shut down the IT structure of Estonia The cyber attackers used botnet attacks to perform a distributed denial of service rendering systems that use the internet useless Botnets are hijacked computers that send out mass amounts of information which overwhelm an internet server The increase in internet traffic will cause a server to exceed its bandwidth capabilities and cause it to shut down The botnets can be installed well in advance of a planned cyber attack and they can be placed in any computer anywhere in the world If the computer user has not installed appropriate protective software on their computer they will not even know that they have been hijacked and that they are participating in a cyber attack The botnet attacks on the Estonian IT structure ended as abruptly as they began leading Estonian officials to conclude that the attack was a planned and coordinated 11 The cyber attacks on Estonia illustrates the vulnerability of IT structures that rely on the internet The use of technology can improve personal business and government interactions but it is still vulnerable to attacks and interruptions The next section of this monograph will concentrate on the implications for Estonia in the aftermath of the cyber attacks 10 Mike Collier Estonia Cyber Superpower BusinessWeek December 17 2007 http www businessweek com globalbiz content dec2007 gb20071217_535635 htm accessed August 27 2008 11 15 09 7 Joshua Davis Hackers Take Down the Most Wired Country in Europe Wired Magazine Issue III Implications for Estonia After the cyber attacks in 2007 there were several implications for Estonia as they recovered from the cyber wake-up call Some had immediate impacts on the people and the government of Estonia while others were more long term and required a deliberate strategy The immediate implication for Estonia was the loss of services for government communication and banking What emerged from the attack was Estonia’s ability to counter and minimize the effects of the attack There was no permanent damage to the information technology IT structure and financial losses were minimal but the significance was frightening 12 One of the long term implications is the continued strain on Estonia’s relationship with Russia Members of the Estonian government and outside observers believe that the attacks originated in Russia but that fact remains unproven The finger pointing between Estonia and Russia began immediately after the attacks and continues today Dmitry Peskov Deputy Press Secretary for the Russian President said “Russia can no way be involved in cyber terrorism and all claims to the contrary are an absolute lie ” 13 Andrus Insup the Estonian Prime Minister and others have accused the Russian government because of the identification of Russian internet protocol IP addresses used in the attack To date Russian involvement has never been proven but the implications and belief that they were involved continues to influence and affect the relationship between Russia and Estonia 14 After the attacks and recovery Estonia has been heralded as a leader in technological security According to Alexander Ntok head of Corporate Strategy at the International 12 Mike Collier Estonia Cyber Superpower BusinessWeek December 17 2007 http www businessweek com globalbiz content dec2007 gb20071217_535635 htm accessed August 27 2008 13 From wire reports Kremlin denies involvement in cyber attacks on Estonia The Baltic Times May 18 2007 http www baltictimes com news articles 17908 accessed December 19 2008 14 From wire reports Estonian PM justice minister insist that cyber attacks came from Kremlin computers The Baltic Times June 8 2007 http www baltictimes com news articles 18038 accessed December 19 2008 8 Telecommunication Union “it was imaginative responses that allowed Estonia to emerge from the spring cyber attack relatively unscathed ” 15 As a result Estonia has capitalized on the internet security market They are called upon to assist during attacks and to speak to different business and IT groups on internet security issues Estonian government leaders have spoken to allies regional organizations and international organizations to improve IT security and cooperation 16 When Georgia’s IT infrastructure was attacked in August 2008 specialists from Estonia’s Computer Emergency Response Team CERT traveled to Georgia and assisted response efforts to counter the attacks 17 This example demonstrates how Estonia has established itself as a major player in an emerging field as they are too small to make a large impact on the international scene through the use of economic or military power Estonia has been able to establish itself as a major player in Europe and among NATO members as an expert in cyber security and cyber war Their expertise has allowed them to lobby for increased IT awareness and for increased cooperation to defeat or deter future cyber attacks 18 In 2003 Estonia proposed a cyber excellence center in Tallinn even before it became a member of NATO In light of Estonia’s expertise in IT the NATO Cyber Defense Center was approved In May 2008 the center opened in Tallinn with Estonia providing the leadership and 15 Mike Collier Estonia Cyber Superpower BusinessWeek December 17 2007 http www businessweek com globalbiz content dec2007 gb20071217_535635 htm accessed August 27 2008 16 Ibid 17 DPA Estonia sends experts to Georgia to help combat cyber attacks The Earth Times August 11 2008 http www earthtimes org articles show 224942 Estonia-sends-experts-to-georgia-to-helpcombat-cyber-attacks html accessed August 27 2008 18 IIya Nikiforov Hot Fellows in Saakashvili’s Service Tallinn Exports Specialists in Intelligence and Democracy trans Open Source Center Moscow Nezavisimaya Gazeta September 29 2008 https www opensource gov Document ID CEP20080929021009 accessed December 18 2008 9 personnel to man the center Estonia emerged as a leader within NATO and leads the effort to protect the IT structure of NATO 19 The continuous threat of cyber attacks against its IT structure and the dedication of public officials to improve IT security resulted in a comprehensive national cyber security strategy This strategy developed by the Ministry of Defense was adopted by the Estonian government in May of 2008 just over a year after the attack on its IT systems The main measures of its strategy included IT security measures that strengthened their defensive posture as well as developed their expertise and awareness in the IT field Estonia now looks to strengthen the international legal framework to ensure that the IT system is protected by laws and that violators of the law will be prosecuted Estonia has also taken the charge of increasing international co-operation not just to protect their systems but to protect the global cyber system 20 19 Vladimir Socor NATO Creates Cyber Defense Center In Estonia Eurasia Daily Monitor May 15 2008 http www jamestown org single no_cache 1 tx_ttnews tt_news 33636 accessed December 18 2008 20 10 Estonian Ministry of Defense Cyber Security Strategy Tallinn May 2008 3 IV Cyber concerns for Former Soviet Satellites What do the countries of Estonia Georgia Lithuania and Kyrgyzstan have in common They are all former Soviet satellites and have all been allegedly cyber attacked by Russia This section looks closely at the concerns for IT structures of former Soviet satellites Georgian Cyber Attack On July 20 2008 the website of the Georgian president came under a denial of service cyber attack The attack shut the website down for 24 hours and was a precursor to a larger cyber attack that would come less than a month later 21 On August 8 2008 a coordinated distributed denial of service attack was made against the Georgian government websites at the same time that Russian forces were engaged in combat with Georgian forces As the ground attacks increased so did the cyber attacks This was the first time that a cyber attack was done in conjunction with armed conflict 22 The cyber war between Georgia and Russia focused on shaping public opinion on the internet Georgian and Russian supporters used a variety of cyber techniques including distributed denial of service attacks and the creation of fake web sites to control how their version of the “truth” was delivered to the public 23 Georgia’s IT infrastructure was not very advanced so the disruption of service was not as complicated as it was in Estonia Banking media and government websites were blocked disrupting the flow of information throughout Georgia and to the outside world The websites of the Ministry of Foreign Affairs and the National Bank were vandalized by adding pictures of the 21 Alexander Melikishvili Recent Events Suggest Cyber Warfare Can Become New Threat WMD Insights December 2008 January 2009 Issue http www wmdinsights com I29 I29_G3_RecentEvents htm accessed February 19 2009 22 Ibid 23 Timothy Thomas The Bear Went Through the Mountain Russia Appraises its Five-Day War in South Ossetia Journal of Slavic Military Studies Taylor Francis Group LLC 2009 55-59 11 Georgian President and Adolph Hitler 24 The cyber attacks against Georgia were different from the cyber attacks on Estonia as these attacks included distributed denial of services using botnets but they also included SQL injection attacks that are harder to identify than a botnet attack because they require less computers than a botnet attack The SQL injection attack shows a greater expertise in the ability to conduct a cyber attack than the cyber attacks on Estonia’s IT infrastructure 25 Georgia received a lot of assistance to counter the cyber attacks and to communicate internally and internationally Google provided domain space to protect the websites of the Ministry of Foreign Affairs and Civil ge a Georgian Daily online news service A private American internet service provider the head of the company is an ethnic Georgian assisted the Georgian government by hosting the Georgian President’s website The President of Poland also assisted the Georgian government by placing official press releases on his website Estonia even sent two information security specialists from its Computer Emergency Response Team to assist Georgia in countering the cyber attacks According to outside investigators there is no direct proof of any Russian government involvement in the cyber attacks But what is undeniable is that even without proven Russian government involvement it remains clear that the Russian government benefited from the cyber attacks 26 24 Alexander Melikishvili Recent Events Suggest Cyber Warfare Can Become New Threat WMD Insights December 2008 January 2009 Issue http www wmdinsights com I29 I29_G3_RecentEvents htm accessed February 19 2009 25 Secure Works Press Release Compromised US and Chinese Computers Launch Greatest Number of Cyber Attacks according to SecureWorks’ Data September 22 2008 http www secureworks com media press_releases 20080922-attacks accessed February 19 2009 26 Alexander Melikishvili Recent Events Suggest Cyber Warfare Can Become New Threat WMD Insights December 2008 January 2009 Issue http www wmdinsights com I29 I29_G3_RecentEvents htm accessed February 19 2009 12 Lithuanian Cyber Attack Lithuania faced its own attacks in June 2008 three days after it passed a law outlawing the use of Soviet and communist symbols over 300 websites were attacked Some were denial of service attacks while other sites were vandalized with the Soviet hammer and sickle Prior to the attacks and the passage of the law Russian and Lithuanian ties had deteriorated because of Russia’s refusal to compensate Lithuanian victims of Soviet labor camps and Russia’s leveraging of energy resources for political gain Lithuania also blocked talks on an EU-Russia partnership The animosities between the two countries have provided observers with a clear motive that the attacks were by the Russians The reason for the cyber attacks against Lithuania was similar to the cyber attacks against Estonia both attacks were in response to a government action that was unpopular to the Russian people 27 Kyrgyzstan Cyber Attack The latest country that has come under a cyber attack from computers in Russia is Kyrgyzstan On January 18 2009 Kyrgyzstan’s two main internet servers came under a denial of service attacks shutting down websites and email within the country The originators of the attacks were traced back to Russia 28 The attacks occurred on the same day that the Russian government was pressuring Kyrgyzstan to stop U S access to the airbase at Bishkek at Manas The airbase is a key logistics center that supports the U S war efforts in Afghanistan According to Don Jackson a senior security researcher at SecureWorks 29 the distributed denial of service 27 Daniel McLaughlin Lithuania accuses Russian hackers of cyber assault after collapse of over 300 websites Irish Times July 2 2008 10 http lumen cgsccarl com login url http proquest umi com pqdweb did 1503762091 sid 2 Fmt 3 cl ientld 5094 RQT 309 VName PQD accessed February 20 2009 28 29 Christopher Rhoads Kyrgyzstan Knocked Offline Wall Street Journal January 28 2009 10 SecureWorks is an internet security firm based out of Atlanta The company tracks suspicious activities throughout the internet 13 attacks are believed to be directed towards any opposition that is not in favor of the closure of the airbase While it is unproven whether the government was behind the attacks the implication is that cyber attacks will be used against any opposition to the Russian government 30 The cyber attacks on Georgia Lithuania and Kyrgyzstan have two characteristics in common The first characteristic is that the cyber attacks were initiated because of opposition to the Russian government and secondly that there is no proof that the Russian government was involved in the cyber attacks Regardless of who is initiating the attack it is clear that opposition to the Russian government could result in a cyber attack which could disrupt critical government infrastructure 30 Danny Bradbury The fog of cyberwar The Guardian February 5 2009 http www guardian co uk technology 2009 feb 05 kyrgyzstan-cyberattack-internet-acess accessed March 22 2009 14 V Compelling realities for the North Atlantic Treaty Organization Cyber defense is a critical issue for NATO U S General James Mattis NATO’s Supreme Allied Commander for Transformation articulates the importance of cyber defense for NATO by stating “We cannot say that we are not going to defend the Web that everybody needs ” 31 Nations that are party to the North Atlantic Treaty agree on Article 5 “that an armed attack against one or more of them in Europe or North America shall be considered an attack against them all… ” 32 Does a cyber attack fit the requirement of an armed attack A senior NATO official asked “If a member state’s communications centre is attacked with a missile you call it an act of war So what do you call it if the same installation is disabled with a cyberattack ” 33 However the current political reality is that they are not the same Prior to the cyber attacks on Estonia NATO’s cyber strategy was focused on NATO’s ability to protect its own IT infrastructure Now the current reality is is that the NATO’s strategy must focus on assisting allies as they protect their own IT infrastructure during an attack 34 Members of NATO have taken several steps in defining a cyber strategy and implementing a cyber defense As early as 2002 at the Prague Summit cyber defense appeared on NATO’s agenda At the Prague Summit NATO leaders agreed to the implementation of a NATO Cyber Defense Program The program consisted of a NATO Computer Incident Response 31 Jari Tanner and Gary Peach NATO allies sign agreement on cyber defense center International Herald Tribune May 14 2008 www iht com articles ap 2008 05 14 europe EU-GEN-NATO-CyberDefenses php accessed February 24 2009 32 The North Atlantic Treaty Washington D C April 1949 http www nato int docu basictxt treaty htm accessed February 17 2009 33 Economist A Cyber-Riot Economist May 12 2007 55 http lumen cgsccarl com login url http search ebscohost com login aspx direct true db a9h AN 25048355 site ehost-live accessed December 19 2008 34 North Atlantic Treaty Organization Defending against cyber attacks NATO Topics undated http www nato int issues cyber_defence practice html accessed February 18 2009 15 Capability and for NATO to use the latest cyber defense measures 35 In the spring of 2006 cyber defense was made a priority for NATO during the Riga Summit The issue of cyber security gained even more attention when Estonia a NATO member was cyber attacked in 2007 36 NATO conducted a thorough assessment of its IT structure and how it would defend itself against a cyber attack This assessment led to an October 2007 report on cyber defense that was issued to the Allied Defense Ministers The report recommended measures to improve protection against cyber attacks 37 What followed was a cyber defense policy in early 2008 and the creation of a NATO Center of Excellence for cyber defense in May 2008 38 In April 2008 during the Bucharest Summit cyber defense was part of the summit declaration The declaration emphasizes the need to protect key information systems the sharing of best practices and for Allied nations to provide assistance to counter a cyber attack 39 Even though not all NATO nations are part of the Cyber Defense Center the center works to enhance the cyber defense capabilities of all NATO members The center itself is not even funded by NATO but by the nations that participate in the running of the center of excellence The center has been charged with doctrine and concept development awareness and training 35 North Atlantic Treaty Organization Defending against cyber attacks NATO Topics undated http www nato int issues cyber_defence practice html accessed February 18 2009 36 EU News Policy Positions EU Actors online NATO agrees common approach to cyber defence EurActiv com April 4 2008 http www euractiv com en infosociety nato-agrees-commonapproach-cyber-defence article-171377 accessed February 18 2009 37 North Atlantic Treaty Organization Defending against cyber attacks NATO Topics undated http www nato int issues cyber_defence practice html accessed February 18 2009 38 North Atlantic Treaty Organization NATO opens new centre of excellence on cyber defence NATO News May 14 2008 http www nato int docu update 2008 05-may e0514a html accessed February 18 2009 39 North Atlantic Treaty Organization Bucharest Summit Declaration Bucharest April 3 2008 Item 47 accessed February 18 2009 16 research development analysis and lessons learned The experts at the center also serve as cyber defense consultants for NATO members 40 The compelling reality for NATO is that cyber warfare has affected member nations and continuous to be a realistic threat for the organization and for its members NATO members are continuing to develop ways to counter future threats by sharing best practice information information on technical cyber defenses and by agreeing to assist member nations in countering a cyber attack 40 North Atlantic Treaty Organization Official website of the Cooperative Cyber Defence Centre of Excellence http transnet act nato int WISE TNCC CentresofE CCD accessed 18 Feb 2009 17 VI Multilateral Initiatives Only a few international treaties on cyber security exist making international cooperation to prevent cyber attacks extremely difficult Even finding and then holding accountable a person that commits a cyber crime is almost impossible without some international cooperation 41 In the aftermath of the cyber attacks on Estonia the European Union commissioned a study to examine the issues concerning cyber security facing members of the European Union This section will examine the European Union study and other multinational initiatives that have an impact on the cyber security of former Soviet satellites and Russia 42 Convention on Cybercrime The Council of Europe has established a treaty on cybercrime that entered into force 43 in 2004 Twenty-two Council of Europe member nations along with the United States have ratified the treaty agreeing to international cooperation concerning cyber crime issues The Russian Federation has not agreed to the treaty making it difficult for states to resolve issues with Russia concerning cyber crimes in an international forum 44 This treaty is still significant because it is the first international treaty on crimes committed on the internet 45 41 Organization for Security and Co-Operation in Europe OSCE can play important role in cyber security says Estonian Defence Minister on-line press release Vienna June 4 2008 http www osce org pc item_1_31483 html accessed February 19 2009 42 Paul Cornish Cyber Security and Politically Socially and Religiously Motivated Cyber Attacks Brussels European Parliament February 2 2009 2 http www europarl europa eu activities committees studies do language EN accessed February 19 2009 43 Entered into force refers to the date that the treaty becomes enforceable according to the provisions of the treaty by the members that have agreed to the treaty 44 Council of Europe Convention on Cybercrime Chart of signatures and ratifications http conventions coe int Treaty Commun ChercheSig asp NT 185 CM DF CL ENG accessed February 19 2009 45 Council of Europe Convention on Cybercrime Summary of the treaty http conventions coe int Treaty en Summaries Html 185 htm accessed February 19 2009 18 The main goal of the convention as stated in the preamble is to protect Nations against cybercrime by adopting laws and regulations and fostering co-operation internationally The states that become a party to the Convention on Cyber crime agree to adopt laws that create criminal penalties for committing crimes on the internet The convention outlines several areas that states have agreed to make criminal statutes on issues such as illegal access of computer systems system and data interference and other computer related fraud Nations that are party to the convention also agree to cooperate with investigations to provide mutual assistance concerning cyber crimes and to pursue the collection of evidence The extradition of alleged cyber criminals is also agreed to by parties to the treaty Disagreements between states that have ratified the treaty include direct negotiations settlement in front of the European Committee on Crime Problems CDPC a tribunal for arbitration or adjudication in front of the International Court of Justice The Convention on Cybercrime gave a framework for cooperation among member states for the prosecution of cyber criminals by removing safe havens for the cyber criminals 46 However with Russia not agreeing to the convention agreements protects and prevents its citizens who engage in cyber misconduct from being extradited out of Russia Failing to sign on to the convention agreement also prevents Russia from having any legal standing to prosecute transnational cyber criminals who attack Russia’s IT infrastructure Organization for Security and Co-operation in Europe The Organization for Security and Co-operation in Europe OSCE has a tradition of promoting the security and stability of Europe This tradition of promoting security and stability since 2004 has included cyber security The OSCE’s initial focus on cyber security concerned the 46 Council of Europe Convention on Cybercrime Budapest November 23 2001 http conventions coe int Treaty en Treaties Html 185 htm accessed February 19 2009 19 use of the internet for recruiting fundraising and communication by terrorist organizations In 2006 the OSCE’s efforts began to focus on protecting vital information infrastructures against cyber attacks Debate in the OSCE has not led to great change but has been a forum for further cooperation in cyber security in Europe In June 2008 the Estonian Defense Minister Jaak Aaviksoo in an address to members of the OSCE said there is “an immense amount of work to be done concerning cyber security ” Minister Aavikson used the forum of the OSCE to use his nation’s experience in defending against cyber crime to increase international cooperation in Europe This statement by the Estonian Defense Minister sums up OSCE’s efforts concerning cyber defense they are still in the talking phase and have at least recognized the importance of cyber defense 47 The OSCE will continue to be a forum to publicize grievances for European nations that have had their IT infrastructures attacked by Russian hackers European nations will judge Russia on its cooperation with the OSCE in finding and prosecuting individuals who engage in cyber attacks The European Union Estonia continues to lobby for improved international cooperation in cyber security as it calls on the European Union EU to pass legislation concerning crimes committed on the internet While addressing the European Parliament Toomas Hendrik the Estonian President called upon the EU to pass legislation that make cyber attacks against public and private web sites a criminal act 48 The EU has several initiatives involving different agencies but lacks an overall 47 Paul Cornish Cyber Security and Politically Socially and Religiously Motivated Cyber Attacks Brussels European Parliament February 2 2009 20-21 http www europarl europa eu activities committees studies do language EN accessed February 19 2009 48 Huw Jones Estonia calls for EU law to combat cyber attacks Reuters March 12 2008 http www reuters com articlePrint articleId USL 1164404620080312 accessed February 19 2009 20 cyber security strategy The European Commission has the Information Society and Media Directorate General the European Network and Information Security Agency ENISA and the Contact Network of Spam Authorities that deal with different aspects of cyber security The Information Society and Media Directorate has a program to improve the content of the internet by protecting people from child pornography racism and other harmful online content The ENISA is an agency that was created in 2004 to raise awareness of cyber security issues and to promote best practices by member nations with the EU The Contact Network of SPAM Authorities is an initiative to counter SPAM and share information on best practices between EU member nations 49 The European Parliament has established several standing committees that concern themselves with cyber security issues The Committee on Industry Research and Technology ITRE is concerned with establishing information technology networks within the EU The Committee on Civil Liberties Justice and Home Affairs LIBE is responsible of the protection of personal information on the internet for members of the EU The Committee on Foreign Affairs is responsible for the Security and Security policies of the EU which includes internet security policies 50 The European Police Office EUROPOL is an agency of the Police and Judicial Cooperation PJC that has more of a direct role in EU cyber security in the context of combating terrorism organized crime and financial crime 51 This section illustrates how cyber security is addressed with the EU but also shows that there is no organization within the EU to ensure that there are no contradictions in cyber security policy among all of the various EU agencies 49 Paul Cornish Cyber Security and Politically Socially and Religiously Motivated Cyber Attacks Brussels European Parliament February 2 2009 24-27 http www europarl europa eu activities committees studies do language EN accessed February 19 2009 50 Ibid 26 51 Ibid 25 21 commissions and co-operations The European Parliament commissioned a study on cyber security that was published in February 2009 to examine security challenges concerning the internet for the EU The study recommends that clear roles should be defined for cyber security responses with the many EU organizations including the establishment of the post of cyber security coordinator and the establishment of a common operating vision for cyber security in order to achieve operational consistency across the EU 52 This section has illustrated the framework of the different aspects of cyber security for the EU The EU and Russia work together on different challenges including drug and human trafficking organized crime and counter-terrorism Russia is also the EU’s third largest trading partner 53 The EU’s cyber security organizations can offer a framework for increased cooperation to defeat cyber attacks that originate from or are directed at Russia The United Nations The main purpose of the United Nations UN is to maintain international peace and security among the different nations of the world 54 The focus for cyber security for the UN through the UN Security Council has been on countering terrorism Debates among the UN General Assembly started in 2002 highlighted the growing dependence on IT use Out of discussions came a warning that law enforcement activities would not be sufficient but that more efforts in cyber security need to be made on prevention 55 52 Ibid 31 53 European Commission External Relations Russia http ec europa eu external_relations russia index_en htm accessed April 8 2009 54 United Nations Charter of the United Nations Article 1 San Francisco June 26 1945 http www un org aboutun charter chapter1 shtml accessed February 19 2009 55 Paul Cornish Cyber Security and Politically Socially and Religiously Motivated Cyber Attacks Brussels European Parliament February 2 2009 17 http www europarl europa eu activities committees studies do language EN accessed February 19 2009 22 The International Telecommunication Union ITU is the main organization that is responsible for cyber security within the UN framework The ITU’s goal is to enhance cyber security in order for individuals businesses and nations to have confidence in the use of cyberspace The ITU uses its Global Cyber Security Agenda which began in 2007 to promote its goals of increased cyber security The ITU has not been an agency for the enforcement of legislation and international agreements concerning cyber security but has focused on assisting in building nation’s capabilities for cyber security 56 Former Soviet Satellites can cooperate with the ITU to improve their cyber defenses against cyber criminals from Russia or any other nation The UN will continue to be a forum for Russia to voice grievances or defend themselves against world opinion in matters involving international peace and security including cyber security Relevance of Multilateral Initiatives The Russian government cooperates with Europe and different nations of the world on a variety of economic and security issues Individuals organizations and governments are able to exploit the weaknesses of the international system in order to use the internet for criminal activities without fear of any major reprisals A lot of effort has been made towards cyber security since the cyber attack on Estonia in 2007 but much more needs to be done among nations and international organizations to ensure real cyber security The framework for increasing cyber security exists but it will take the cooperation of nations including Russia to make a difference in cyber security 56 Ibid 17-18 23 VII Implications for the United States The cyber attack on Estonia should be considered a significant wake-up call for the United States Even though the attacks had no direct impact on the U S Estonia is a NATO ally and the attack clearly showed aggressive intent seeking advantage When the attacks occurred the U S sent experts to assist and help Estonia with its cyber defenses Jaak Aaviksoo the Estonian Defense Minister was told by U S officials that Estonia coped better than the U S is prepared for in responding to a cyber attack The Estonian Computer Emergency Response Team CERT was able to concentrate on protecting vital sites by coordinating government and public efforts They were also able to create diversions which caused hackers to attack sites which were already disabled or not very important 57 The cyber attack on Estonia demonstrated the importance of legal obligations for the U S in rendering support to its allies during a cyber attack 58 The cyber attack also showed the vulnerability of an IT system raising the question if it could happen to Estonia could another trans-national cyber attack of this magnitude happen in the U S 59 The convention on cybercrime which the U S is a party to outlines principles for providing mutual assistance regarding cyber crime 60 The convention does not mention cyber 57 Mike Collier Estonia Cyber Superpower BusinessWeek December 17 2007 http www businessweek com globalbiz content dec2007 gb20071217_535635 htm chan globalbiz_europ e index page_top stories accessed August 27 2008 58 Alastair Gee The Dark Art of Cyberwar Foreign Policy November 2008 http www foreignpolicy com story cms php story_id 4553 accessed December 19 2008 59 Brandon Griggs U S at risk of cyber attacks experts say CNN com August 18 2008 http www cnn com 2008 TECH 08 18 cyber warfare index html accessed September 12 2008 60 Council of Europe Convention on Cybercrime Budapest November 23 2001 http conventions coe int Treaty en Treaties Html 185 htm accessed February 19 2009 24 attacks or cyber war but treats such activities as crimes 61 Because only 23 countries have agreed to this treaty its force in the international community is limited 62 Several members of NATO are participating in the Cyber Defense Center of Excellence that was established in Estonia but the U S only agreed to the creation of the cyber defense center as an observer The cyber defense center is working on issues of cyber security that affect NATO along with the U S 63 What will the U S ’s response be if a cyber attack destroys infrastructure and kills citizens in an allied country and then that ally declares war because of the attack The plausibility of such an attack was demonstrated in 2007 when scientists from the Idaho National Laboratory demonstrated how a cyber attack could cause a power plant to overload its system begin to smoke and then break down which caused physical damage to equipment Currently both international law and NATO’s framework lack coherent responses that are legal in the event of such an attack The cyber attackers could limit options for the U S under such a scenario by routing their cyber attack through countries which do not have laws or agreements to cooperate with the U S The cyber attacker could remain completely anonymous if the country where the attack was routed through refused to hand over information identifying the cyber attackers 64 Cyber attacks on the U S government IT infrastructure are not new In March 1998 a cyber attack was launched against computer systems of the U S government private universities and research labs computer systems that lasted for over three years Government investigators 61 Stephen Korns and Joshua Kastenberg Georgia’s Left Hook Parameters VOL XXXVIII No 4 Winter 2008-09 64 62 Alastair Gee The Dark Art of Cyberwar Foreign Policy November 2008 http www foreignpolicy com story cms php story_id 4553 accessed December 19 2008 63 The Associated Press NATO allies sign agreement on cyber defense center International Herald Tribune May 14 2008 http www iht com articles ap 2008 05 14 europe EU-GEN-NATOCyber-Defenses php accessed February 24 2009 64 Alastair Gee The Dark Art of Cyberwar Foreign Policy November 2008 http www foreignpolicy com story cms php story_id 4553 accessed December 19 2008 25 named the attacks “Moonlight Maze ” The cyber attacks targeted gaining access to sensitive but unclassified information 65 John Adams a National Security Agency NSA consultant says that government investigators have identified seven internet addresses involved in the cyber attacks that originated in Russia Dion Stempfley a former Pentagon computer analyst believes that the U S prove that the Russian Federation government is sponsoring the attacks but there is evidence that they are allowing or otherwise permitting the cyber attacks The cyber attacks which resulted in the theft of technical defense information were serious enough that the U S State Department issued a formal complaint to the Russian Federation 66 In Global Trends 2025 a study conducted by the National Intelligence Council states over the next two decades non-military aspects of warfare including cyber will be prominent 67 According to Secure Works a cyber security company in 2008 over 20 million attacks originated from computers within the United States 68 In 2008 the U S Department of Homeland Security created the National Cybersecurity Center to counter these threats 69 The threats to the U S infrastructure and technology are moving at a much faster pace than the creation of government structures to counter the threat Even a casual observer can see that there is a cyber threat to the U S but how is that connected to any Russian involvement in cyber attacks There are three recent examples of how cyber attacks that may have allegedly originated in Russia that demonstrate danger for U S and 65 Elinor Abreu Epic cyberattack reveals cracks in U S defense CNN com May 10 2001 http archives cnn com 2001 TECH internet 05 10 3 year cyberattack idg accessed April 10 2009 66 Vernon Loeb Pentagon Computers Under Assault Washington Post A02 May 7 2001 67 National Intelligence Council Global Trends 2025 A Transformed World U S Government Printing Office November 2008 71 http www dni gov nic NIC_2025_project html accessed February 20 2009 68 Secure Works Press Release Compromised US and Chinese Computers Launch Greatest Number of Cyber Attacks according to SecureWorks’ Data September 22 2008 http www secureworks com media press_releases 20080922-attacks accessed February 19 2009 69 Brandon Griggs U S at risk of cyberattacks experts say CNN com September 12 2008 http www cnn com 2008 TECH 08 18 cyber warfare index html accessed October 24 2008 26 Russian relations These examples show how attacks against an IT structure were used as cyber pressure to influence nations or organizations The first example is when Radio Free Europe’s internet sites in April 2008 in Eastern Europe were shut down because of a denial of service attack The attack lasted two days and coincided with the planned coverage of the anniversary of the 1986 Chernobyl disaster The attacks effectively shut down the websites which stopped the flow of information from Radio Free Europe a U S sponsored program 70 Another example is the malware malware is a term used to identify illegal computer access including computer viruses attack on U S Department of Defense computer systems in November 2008 According to WMD Insights 71 the computer attacks are thought to have originated from Russia The attacks seemed to target military computer systems and affected the U S central command along with computers in Iraq and Afghanistan The attacks led to a ban on the use of external computer flash drives on military computers throughout the world 72 The latest example of an attack that may have originated in Russia is the January 2009 denial of service attack that was directed at the government websites of the Republic of Kyrgyzstan One theory on why the attack was started was because of Kyrgyzstan’s support of the U S in its war on terror in Afghanistan This shows the significance of a cyber attack not directed against the U S but against one of its allies 73 70 Statement by Ambassador of the U S Mission to the OSCE Julie Finley Statement on Cyberattacks Against Radio Free Europe in Belarus OSCE will defend information-sharing efforts from criminal attacks says Finley transcript on-line Vienna May 8 2008 http www america gov st texttransenglish 2008 May 20080508115033eaifas0 3709833 html accessed February 20 2009 71 WMD Insights is a journal sponsored by the U S Defense Threat Reduction Agency 72 Alexander Melikishvili Recent Events Suggest Cyber Warfare Can Become New Threat WMD Insights December 2008 January 2009 Issue http www wmdinsights com I29 I29_G3_RecentEvents html accessed February 20 2009 73 27 Christopher Rhoads Kyrgyzstan Knocked Offline Wall Street Journal 10 January 28 2009 A senior fellow at the Center for Strategic and International Studies in Washington D C believes there is no adversary that can defeat the U S in cyber space A spokesman for the U S Department of Homeland Security believes that the U S government is able to protect itself from cyber attacks but the U S IT system is not completely impenetrable The director of a nonprofit research institute the United States Cyber Consequences Unit believes that because the U S controls so much internet bandwidth that most of the people that want to harm the U S lack the capabilities to shut down U S servers 74 The U S faces a wide variety of challenges in protecting its own IT structure along with facing the reality of the challenges of its allies’ cyber defenses In the future the U S may face cyber attacks that could cause the deaths of its or its allies’ citizens due to the effects of a cyber attack on an electrical system The U S ’s bilateral agreements with countries that hold a strategic U S interest could be affected by the use of a cyber attack to influence leaders The cyber threats to the U S are real and continued attention by the leaders must focus on this threat 74 Brandon Griggs U S at risk of cyberattacks experts say CNN com September 12 2008 http www cnn com 2008 TECH 08 18 cyber warfare index html accessed February 14 2009 28 VIII The Weakest Link –The Computer User As you read this monograph you could be an accomplice to a cyber criminal without even knowing that your computer is conducting a worldwide distributed denial of service attack The actions or lack of action of computer users have contributed to the ability of hackers in Russia and elsewhere to conduct their attacks in relative anonymity 75 This section will look closely at the vulnerabilities of using the internet and how the individual computer user has contributed to vulnerabilities of private and government IT systems In 1997 the National Security Agency NSA conducted an exercise to find out how vulnerable government IT systems were to external cyber attacks They named the exercise “Eligible Receiver ” Thirty-five IT specialists were given the mission to hack into government systems They could use any software programs that were available on the internet and they were only given a few limitations The IT specialists couldn’t use any classified hacking software that belonged to the NSA and they could not violate U S law The IT specialists were also confined to U S government computer systems 76 What they found out was how easy it was to hack into government systems both classified and unclassified networks With the free software that they downloaded from the internet the NSA specialists were able to conduct distributed denial of service attacks delete or modify sensitive information and shut down or reformat systems Along with the software they used personal contact methods were also used to gain access into the systems The NSA computer specialists would use telephone calls or emails to gain passwords or entry into a system by posing as a supervisor or technician The IT specialists were surprised at how easily 75 Idea based on comments used by Jaak Aaviksoo in 2007 Minister Aaviksoo used this technique to show that some members of the audience may unknowingly be helping cyber-terrorists Jaak Aaviksoo Address by the Minister of Defense of the Republic of Estonia delivered to the Center for Strategic International Studies Washington D C November 28 2007 76 Dan Verton Black Ice The Invisible Threat of Cyber-Terrorism Emeryville CA McGrawHill Osborne 2003 32-33 29 government and military members delivered their passwords without question Even though the exercise was conducted in 1997 and may seem dated it gives us a great example of how a dedicated effort can disrupt any IT system 77 As discussed in Section VII external flash drives were banned from use with military computer systems Authorized users unknowingly passed intrusive malware files from computer to computer infecting IT systems throughout the U S Central Command The ban on flash drives complicated the sharing of information throughout the theatre The malware file was even found on a classified network This is one more example of how an individual can spread malicious software infecting multiple computer systems because of a lack of computer security protocols 78 One vulnerability that is associated with computer users are people that become hackers because they were former employees who have some type of grievance against their former employer They may have a personal grudge against the U S government because they were fired or lost their job due to a reorganization or downsizing Their actions as hackers are usually malicious in nature where they steal or corrupt data deface websites or shut down systems 79 Even more dangerous than an angry former employee is a case of cyber espionage This is where an individual who is motivated by money or ideology sells highly sensitive IT security information One such case involves Herman Simm and his wife Heete Simm from Estonia 80 Mr Simm was arrested in September 2008 for allegedly passing highly classified information on cyber security and missile defense to members of the Russian foreign Intelligence Service SVR 77 Ibid 32-33 78 Alexander Melikishvili Recent Events Suggest Cyber Warfare Can Become New Threat WMD Insights December 2008 January 2009 Issue http www wmdinsights com I29 I29_G3_RecentEvents html accessed February 20 2009 79 Maura Conway Information Warfare Separating Hype from Reality ed Armistead Leigh Washington D C Potomac Books Inc 2007 82 80 Alexander Melikishvili Recent Events Suggest Cyber Warfare Can Become New Threat WMD Insights December 2008 January 2009 Issue http www wmdinsights com I29 I29_G3_RecentEvents html accessed February 20 2009 30 Mr Simm was the head of the State Secret Protection Office where he was responsible for protecting Estonia’s classified information Mrs Simm was a lawyer who was previously employed at the Estonian national police headquarters Mr Simm had access to classified information concerning NATO and allies of Estonia including the operational information of the NATO Cooperative Cyber Defense Center based in Tallinn If the Estonian government had access to a secret so did Mr Simm The amount of classified information that was compromised is unknown but may be quite large Mr Simms allegedly became a Russian spy in the mid-1990s and was paid millions of dollars from the Russian Government Regardless of how secure a country’ IT structure is it is still vulnerable because some people are motivated by greed or retribution and will compromise sensitive cyber security information for personal gain 81 Along with the vulnerabilities that have already been mentioned there are always problems with software products Some software is easy for hackers to take advantage of because of security deficiencies Computers may be infected before the user or software company has identified the problem Then it will take time for the software company to produce a security patch It will take even more time to get the patch to the computer program user and for the security patch to be installed During this time the infected computer program may have already infected other computers in a system or throughout the internet 82 A major vulnerability for any IT system is the computer user Whether the computer user is a military member a government employee or just a computer user sitting in front of their computer at home their practices can cause serious damage to a computer system Normal computer users receive little or no training in best security practices 83 81 Ibid 82 Clay Wilson Cyberterrorism and Computer Attacks ed Brown Lawrence New York Novinka Books 2006 15-16 83 31 Ibid 14 The cost of poor security practices can be high Along with the loss of data or the disruption of service there is also the physical cost associated with malware and viruses For example in 2007 the Federal Bureau of Investigation FBI uncovered a botnet campaign that caused losses of over 20 million dollars 84 One of the botnet hackers that was caught by the FBI and sentenced to prison used botnets to steal peoples’ identities and bank account information After gaining access to personal information and passwords he made on-line purchases and transferred money from the bank accounts Another cyber attacker used a phishing scheme where he collected information through infected emails 85 This section highlighted how the computer user has made IT structures even more vulnerable and the Simm affair demonstrates how cyber espionage adds to that vulnerability If countries like the U S and Estonia that have highly developed IT infrastructure can be attacked it is not hard to imagine the vulnerabilities less developed former Soviet satellites have in their IT development phase 84 Paul Cornish Cyber Security and Politically Socially and Religiously Motivated Cyber Attacks Brussels European Parliament February 2 2009 9 http www europarl europa eu activities committees studies do language EN accessed February 19 2009 85 Wired Staff Botnet Hacker Gets Four Years Wired Magazine March 5 2009 http blog wired com 27bstroke6 2009 03 botnet-hacker-g html accessed March 24 2009 32 IX The Russian Federation Throughout this study several cyber attacks have been attributed to Russia Regardless of whether the government of Russia is responsible for the attacks or merely sanctioned them for many the perception remains that they were behind the cyber attacks In this section the way ahead for Russia on the cyber warfare against former Soviet satellite states is examined 86 The Russian government views themselves as the victim during the cyber attacks on Estonia in 2007 According to sources in the Kremlin the website of the President of Russia came under a cyber attack The Russians had never had an attack that was as large and it appeared that the servers used to originate the attack was located in the Baltic States The Deputy Press Secretary of the Russian President Dmitry Peskov counters accusations from Estonia with the fact that Russian government websites are under attack every day from all over the world 87 Even when the cyber attacks were occurring against Georgia Russians were saying that they were also under a cyber attack Russia Today 88 a major media source in Russia was shut down because of a denial of service attacks directed towards its websites IT security specialists that work for Russia Today believe that the denial of service attacks originated from Tbilisi the capital of Georgia 89 In the aftermath of the cyber attacks on Estonia Georgia and all of the other attacks mentioned in this study the Russian response has been to deny any involvement in any cyber attack When confronted with evidence that some of the attacks originated from Russian 86 Joshua Davis Hackers Take Down the Most Wired Country in Europe Wired Magazine Issue 15 09 87 The Baltic Times The Kremlin denies involvement in cyber attacks on Estonia from wire reports May 18 2007 http www baltictimes com news articles 17908 accessed December 19 2008 88 Russia Today is a globally broadcast news channel broadcast in the English language and owned by the Russian government news agency RIA-Novosti Similar in programming to CNN and BBC but with a Russian perspective on events in the world news 89 Steve Watson Russian Today Website Targeted In Cyber Attacks Infopass net August 12 2008 http www inforwars net articles august 2008 120808Attacked htm accessed December 19 2008 33 government computers members of the Russian government countered with the fact that computers from all over the world were hijacked and used to attack different computer systems 90 Another fact that Russian officials are quick to point out is that the only person arrested for the 2007 cyber attacks on Estonia was an Estonian Dmitri Galushkevich a 20 year old ethnic Russian was convicted for the cyber attacks Even members of the Estonian government have issued statements doubting the involvement of the Russian government in the cyber attacks 91 With the finger pointing that ensues after a cyber attack it is unclear who was behind the attacks The actions of cyber activist groups or hactivists will be examined using the cyber attacks on Estonia and Georgia Hactivists are individuals that use cyber attacks to take a patriotic or political stand on a political or international issue 92 During the protests in Estonia increased chatter and postings on how to conduct and participate in denial of service attacks were found on Russian internet chat sites 93 Along with the denial of service attacks some of the Estonian government websites were hacked in order to deface the site The sayings on the websites were very pro Russian and very anti Estonian Joshua Davis in Wired Magazine gives credence that the reason for the attacks was nothing more than Russian pride 94 In March of 2009 a member of a Russian pro-Kremlin youth group Konstantin Goloskokov publically took responsibility for creating the 2007 cyber attacks on Estonia 90 The Baltic Times The Kremlin denies involvement in cyber attacks on Estonia from wire reports May 18 2007 http www baltictimes com news articles 17908 accessed December 19 2008 91 Andy Greenberg The State of Cyber Security When Cyber Terrorism Becomes State Censorship Forbes com May 14 2008 http www forbes com 2008 05 14 cyberattacks-terrorismestonia-tech-security08-cx_ag_0514attacks html accessed December 19 2008 92 Alexander Melikishvili Recent Events Suggest Cyber Warfare Can Become New Threat WMD Insights December 2008 January 2009 Issue http www wmdinsights com I29 I29_G3_RecentEvents html accessed February 20 2009 93 Ibid 94 15 09 34 Joshua Davis Hackers Take Down the Most Wired Country in Europe Wired Magazine Issue Goloskokov is a leader of the youth movement Nashi that has routinely conducted cyber attacks and intimidation campaigns on behalf of the Russian government The government of the Russian Federation is able to maintain separation from the youth group because it does not directly fund their activities The youth groups are funded by pro-government business owners who are trying to gain favor from the Russian government 95 Goloskokov believes that his actions were not illegal but were “an act of civil disobedience organized within the confines of virtual space ” 96 The cultural aspects or belief that actions in the cyber world are beyond the law is a consequence for the Russian government and how cyber attacks affect their international relationships An assistant to Sergei Markov a member of Russia’s State Duma lower house has also admitted to using his own initiative to conduct cyber attacks against Estonia 97 Rein Lang the Estonian Justice Minister is contemplating issuing a European Arrest Warrant for individuals who have admitted to taking part in the attack The idea for the warrant is not to send law enforcement officials into Russia but to have the alleged perpetrators arrested whenever they leave the country 98 Aleksandr Gostev director of the Kaspersky Lab’s global Research and Analysis Team explains that hackers who participate in a distributed denial of service attack violate the Russian Criminal Code Article 274 Violation of the Rules Governing the Use of Computers Computer Systems or Networks Thereof and can be imprisoned for four years for 95 Noah Shachtman Kremlin Kids We Launched the Estonian Cyber War the Wired Magazine Blog entry posted March 11 2009 http blog wired com defense 2009 03 pro-kremlin-gro html accessed March 14 2009 96 Ivan Buranov Vladimir Vodo and Seda Yegikyan Pro-Kremlin Activist Admits Attack on Estonian Websites Denies Criminal Wrongdoing Translated by Open Source Center Moscow Konmersant Online March 12 2009 https www opensource gov Document ID CEP20090312021013 accessed April 10 2009 97 Baltic News Service Estonian Minister Lang Says European Arrest Warrant Possible for Cyber Attackers Baltic News Service March 12 2009 https www opensource gov Document ID EUP20090312010002 assessed April 10 2009 98 35 Ibid violating the code he also states that the article is rarely used 99 The examples of Russian citizens admitting to participating in the Estonian cyber attacks are grounds for Russian citizens to be arrested in other parts of Europe if Russia fails to uphold their own laws Similar actions occurred in the Georgian cyber attacks Messages were posted on Russian hacker forums on how to participate in shutting down Georgian websites The website StopGeorgia ru was also established as a private forum to coordinate the denial of service attacks Jeff Carr a network security expert and cyber analyst established an all volunteer group to investigate the cyber attacks Throughout the course of the investigation which they named Project Grey Goose no evidence was found to implicate the Russian government this was just another example of a hactivist movement which had the collective power to conduct a cyber attack against a government 100 The Project Grey Goose investigation has looked at hactivists and how they can independently conduct cyber attacks It also focused on a criminal gang known as the Russian Business Network R B N The R B N is based in St Petersburg and engages in criminal cyber activities According to Don Jackson the director of threat intelligence at Secure Works some of the cyber attacks used against Georgian websites originated from computers under the control of the R B N As is the case with any cyber attacks it is very difficult to establish who is completely responsible or if there is any Russian government sanctioned involvement 101 99 Ivan Buranov Vladimir Vodo and Seda Yegikyan Pro-Kremlin Activist Admits Attack on Estonian Websites Denies Criminal Wrongdoing Translated by Open Source Center Moscow Konmersant Online March 12 2009 https www opensource gov Document ID CEP20090312021013 accessed April 10 2009 100 Alexander Melikishvili Recent Events Suggest Cyber Warfare Can Become New Threat WMD Insights December 2008 January 2009 Issue http www wmdinsights com I29 I29_G3_RecentEvents html accessed February 20 2009 101 36 John Markoff Before The Gunfire Cyberattacks New York Times August 13 2008 A1 This study made a point that there are other groups involved with cyber attacks against former Soviet satellites There is some evidence of Russian government involvement which will now be investigated 102 Some statements made by Russian government officials do suggest Russian government involvement in cyber attacks Prior to the cyber attacks in Estonia the Russian government protested the movement of the Russian memorial the Bronze Soldier to the Estonian government The Russian government warned how disastrous the move would be to Estonia What followed were the protests and the cyber attacks 103 The head of the Russian Army Centre for Military Forecast Colonel Anatoly Tsyganok made comments to the Russian news outlet Gazeta about the cyber attacks on Estonia He believes that there was nothing wrong with the attacks because there are no international agreements established Colonel Tsyganok also believes that NATO couldn’t do anything to stop the attacks and that they were highly successful 104 The most telling example of Russian government involvement in cyber warfare was with Herman Simm selling IT secrets to the Russian Foreign Intelligence Service that was discussed in Section VIII of this monograph This case showed that the government of the Russian Federation is actively seeking information on cyber defenses and is willing to pay large sums of money Mr Simm is accused of selling cyber security secrets for millions of dollars to receive information on cyber security 105 102 Joshua Davis Hackers Take Down the Most Wired Country in Europe Wired Magazine Issue 103 Ibid 15 09 104 Information from a Russian and English language blog that discusses issues concerning Russia Ivan vs Jaan Russian Army Analyst to the World You are defenseless against a cyber attack prygi blogspot com February 8 2008 http prygi blogspot com accessed December 20 2008 105 Alexander Melikishvili Recent Events Suggest Cyber Warfare Can Become New Threat WMD Insights December 2008 January 2009 Issue http www wmdinsights com I29 I29_G3_RecentEvents html accessed February 20 2009 37 There are also cases where cyber attacks were used against people who are in opposition to the Russian government One such example is with Gary Kasparov Russian opposition party leader had his website shut down for two weeks due to denial of service attacks during the Russian presidential campaign John Palfrey a researcher at Harvard Law School believes that several organizations in Russia who plan to protest or be in opposition to the Russian government are subjected to cyber attacks in an attempt to control the information that is getting to the public 106 Another example of Russian government complicity is the lack of assistance or desire to track down those responsible for the cyber attacks against governments of former Soviet satellites 107 The evidence of government involvement remains circumstantial but certain facts are clear concerning cyber security and former Soviet Satellites If there is opposition to Russian Federation policy than that country that is in opposition is likely to be subject to a cyber attack and that the Russian Federation is actively collecting information on the countrys’ cyber defenses 106 Andy Greenberg The State of Cyber Security When Cyber Terrorism Becomes State Censorship Forbes com May 14 2008 http www forbes com 2008 05 14 cyberattacks-terrorismestonia-tech-security08-cx_ag_0514attacks html accessed December 19 2008 107 15 09 38 Joshua Davis Hackers Take Down the Most Wired Country in Europe Wired Magazine Issue X The Future of Russian Cyber Warfare The perception exists among different nations some of those nations have been discussed in earlier sections of this study that the government of the Russian Federation has been involved in cyber attacks This section will examine future trends concerning the use of cyber attacks by or sanctioned by the Russian Federation government The cyber attacks against Estonia and Georgia have forced Russia to evaluate its future cyber strategy By examining the Russian focus on improving its cyber strategy conclusions can be made about the future of Russian cyber warfare 108 As with many countries that have an advanced IT system a sub-culture of hacking has developed Even though the state sponsored university in St Petersburg produces computer programmers that are highly regarded it is believed that most of the hackers are young and not educated at the university level The reason behind the growth of Russian computer hackers is the prestige and monetary reward that hacking garners in a growing IT infrastructure 109 The criminal organization R B N has been able to conduct their cyber activities with little interference from the Russian Federation government The R B N is very difficult to track on the internet as they are able to locate their activities from several different locations The group has been involved in several different types of criminal cyber activities such as the use of malware identity theft and child pornography Without any concerted effort to stop the R B N 108 Igor Panarin The Information Warfare System the Mechanism for Foreign Propaganda Requires Renewal Translated by Open Source Center Moscow Voyenno-Promyshlennyy Kuryer October 15 2008 https www opensource gov Document ID CEP20081016548020 accessed October 22 2008 109 John Varoli In Bleak Russia a Young Man’s thoughts turn to Hacking The New York Times on the web June 29 2000 http www ssl stu neva ru psw misc 29hack html accessed December 20 2008 39 and their ability to operate anywhere R B N is an organization that is positioned in Russian cyber activities now and in the future 110 One example of latitude and scope created by Russian indifference a group identified by a computer security firm as a Russian gang conducted a botnet based computer operation operating in Wisconsin The Russian gang was controlling as many as 100 000 computers in an effort to steal passwords and information As soon as the system was shut down the Russian gang moved its host computer system to a site in the Ukraine This shows how resilient these gangs are when they can relocate their operating systems to countries that are out of reach of law enforcement of the country that they are targeting 111 The Russian responses to the recent cyber attacks are a guide to how they will react in the future Valery Yashenko vice director of the Institute of Information Security Issues at Lomonosov Moscow State University advises the Russian government on the issues of cyber terrorism Yashenko believes that there should be greater international cooperation concerning cyber security but didn’t think that the cyber attack on Estonia was of any real consequence Yashenko indicates that the Russian Federation government is only concerned with cyber security matters that affect his own government 112 Not surprisingly the Russian Federal Security Service F S B is believed to employ its own hackers 113 The manner of recruiting is a little different than normal ways of looking for employees When an IT specialist or hacker is caught committing a cyber crime they may receive an offer to work for the F S B or face criminal charges According to a Russian computer 110 John Markoff Before The Gunfire Cyberattacks New York Times August 13 2008 A1 111 John Markoff Russian Gang Hijacking PCs in Vast Scheme New York Times August 6 2008 C6 112 Joshua Davis Hackers Take Down the Most Wired Country in Europe Wired Magazine Issue 15 09 113 John Varoli In Bleak Russia a Young Man’s thoughts turn to Hacking The New York Times on the web June 29 2000 http www ssl stu neva ru psw misc 29hack html accessed December 20 2008 40 security specialist hackers that were working for the F S B attacked pro-Chechen web sites According to the same computer security specialist the F S B hackers have hacked into opposition newspapers in order to control information about the Russian Federation government and its leaders The recruitment of hackers for offensive cyber attacks vice cyber defenses is an indication of the future Russian Federation government cyber strategy 114 The Russian Federation government has shown the capability for law enforcement in cyber space Laws exist in Russia that make crimes committed on the internet punishable under the law Russia has even established a computer crime unit which it called Department “K ” which operates under the Ministry of Internal Affairs of the Russian Federation MVD Department “K” is responsible for the detection prevention suppression and solving crimes involving information technology In 2008 Department “K” was able to identify 158 computer crimes and shut down seven illegal internet operations The MVD is currently conducting Project “Clean Network” aimed a combating illegal uses of the internet 115 It remains to be seen whether the efforts of Department “K” will have any negative impact on the R B N or the cyber gangs that support the Russian government The Russian Federation Public Chamber 116 organized a discussion on Russian information warfare in September 2008 and Just Russia 117 political party hosted an international 114 Ibid 115 Ministry of Internal Affairs of the Russian Federation Clean Network Translated by Open Source Center Moscow Ministry of Internal affairs of the Russian Federation https www opensource gov Document ID CEP20090406546003 accessed April 9 2009 116 The Russian Federation Public Chamber is an organization created in 2005 to oversee all aspects of government and to act as a consultant to the heads of the Russian government The Russian Federation Public Chamber Website About the House On the Public Chamber of Russian Federation http translate google ru translate hl en langpair ru en u http www oprf ru accessed April 10 2009 117 A Just Russia is a Russian political party created as an opposition party but still supports the power of the Russian executive branch Nabi Abdullaev New ‘Just Russia’ Party Says Putin Knows Best St Petersburg Times October 31 2006 http www times spb ru index php action_id 2 story_id 19303 accessed April 10 2009 41 conference on information warfare in October 2008 The conclusions of the meeting were that Russia has grossly underestimated the role of information warfare and failed to ‘champion’ their goals and interests in the world media 118 Dr Igor Panarin the Dean of the Faculty of International Relations of the Ministry of Foreign Affairs Diplomatic Academy in Moscow used the information warfare discussions to make several recommendations to the Russian government concerning information and cyber warfare Dr Panarin proposes that Russia develop specialized management and analytical structures to counter information threats Dr Panarin proposes a system that has eight key components 119 The first component is the creation of a Council for Public Diplomacy that will develop a single point of view for both the Russian government and Russian businesses Government and business leaders are to be included on the council in order to ensure that all activities concerning foreign political media are coordinated The second component is to create an advisor to the President of Russia for Information and Propaganda Activities in order to coordinate the foreign political information activities of the administration of the President the government different ministries and the Russian Security Council 120 The third and fourth components are to create state holding companies one for foreign media affairs and one for the internet The holding companies would be combined between business and government to see that Russian political positions were broadcast to the world The 118 Igor Panarin The Information Warfare System the Mechanism for Foreign Propaganda Requires Renewal Translated by Open Source Center Moscow Voyenno-Promyshlennyy Kuryer October 15 2008 https www opensource gov Document ID CEP20081016548020 accessed October 22 2008 42 119 Ibid 120 Ibid information would not just be focused towards ethnic Russians but would be focused globally towards economic partners future partners adversaries and overall world opinion 121 The fifth component would be the creation of an information crisis action center in order to ensure that Russia maintains the initiative when delivering the state message to the world The information crisis action center would be responsible for developing talking points and themes that would support the government in any crisis 122 The sixth component would create an information countermeasures system that would counter enemy information operations The information countermeasures system would include assets from business and the government The seventh component focuses on a system on nongovernmental organizations that would operate throughout the world 123 The final component would consist of a system for training information warfare specialists This system would use existing educational institutions and academies to train specialists that would be able to operate at the diplomatic management or individual level The training system would also include the creation of an Information Special Forces that are highly trained to for conducting information operations in a crisis 124 Along with the creation of the information warfare system Dr Panarin believes that financing for information warfare needs to be increased by both the Russian government and by Russian businesses The increased attention on information warfare is designed to increase Russia’s image throughout the world and ensure that Russia is prepared for future conflict in the cyber and information arenas 125 43 121 Ibid 122 Ibid 123 Ibid 124 Ibid 125 Ibid Statements by Russian government officials have been very similar to Dr Panarin’s position which makes the future of cyber warfare in Russia offensively poised Colonel Aleksandr Drobyshevskiy head of the Russian Federation Ministry of Defense Directorate for Press Service and Information stated that Georgia won the information war during the conflict in south Ossetia and there is a need for the development of information and telecommunications technologies within the Ministry of Defense Colonel Drobyshevskiy further advocates the creation of an information warfare system 126 Another clue to the future of Russian cyber warfare is the development of a new information warfare defensive strategy by the Russian Armed Forces General Staff ColonelGeneral Anatoliy Nogovitsyn Deputy Chief of the General Staff stated that leading world powers will be able to conduct full-scale information warfare and that Russia must be prepared 127 General Nogovitsyn believes that Russia will be involved in a large-scale information war within two to three years that will be fought in the cyber world 128 The existence of hackers that support the Russian government and information specialists within the Russian government have created an asset that will be used during future cyber conflicts The Russian government’s emphasis on developing cyber strategies will enable Russia to be prepared for future cyber conflict 126 Svobodnaya Pressa Ministry of Defense Planning Information Warfare Translated by Open Source Center Moscow Svobodnaya Pressa March 17 2009 https www opensource gov Document ID CEP20090318358009 accessed April 5 2009 127 Dmitriy Usov Russia is Preparing for the Wars of the Future Translated by Open Source Center Moscow Vzglyad February 25 2009 https www opensource gov Document ID CEP2090227358005 accessed March 7 2009 128 Dmitriy Litovkin The General Staff is Preparing for a Cyber War Translated by Open Source Center Moscow Izvestiya February 27 2009 https www opensource gov Document ID CEP20090302358005 accessed March 7 2009 44 XI Countermeasures This monograph has examined several examples of cyber crimes and the vulnerability of IT structures this section will examine what can be done to counter cyber crimes and protect a nation’s IT structure The first part of this section will focus on cyber countermeasures at the international level followed by cyber defenses at the national level and ending with actions that an individual computer user can make to improve cyber defenses The International Telecommunication Union ITU the organization within the UN that is responsible for the international oversight of the world’s telephone system is developing a system for oversight of the internet The ITU is working towards a convention against cybercrime that will provide international cooperation on issues concerning internet communications 129 Members of the international community will need to work together in order to track and prosecute cyber criminals that operate outside of the country that is being attacked Nations will also have to work together to share technical data to maintain cyber defenses to keep up with the newest and ever changing cyber attacks Hackers routinely share information on new techniques that can penetrate IT defense structures Nations need to do the same to protect their own IT infrastructure the same IT structure that affects the entire globe 130 Individual countries can improve their cyber defenses within their own boundaries which would also improve the cyber security of the international IT system Countries can make laws making cyber crimes illegal with punishments and programs that will deter potential cyber criminals Governments can create a system that increases co-operation between the government businesses and academic institutions in order to improve their cyber defenses This co-operation 129 Peter Schrank Cyberwarfare Newly nasty Economist com May 24 2007 http www economist com world international PrinterFriendly cfm story_id 9228757 accessed August 8 2008 130 Howard Lipson Tracking and Tracing Cyber-Attacks Technical Challenges and Global Policy Issues Pittsburgh PA 2002 47-48 45 could lead to an IT infrastructure that is resilient and able to withstand and recover from a cyber attack with little or no permanent damage to a country’s IT structure 131 In Section VIII the computer user was identified as the weakest link in an IT system Some individual countermeasures are easy to accomplish for any computer user Actions like keeping antivirus and antispyware software up to date along with updating your web browser and operating system can greatly enhance your own computer security Even following safe computer practices of not opening unknown attachments on emails that may carry viruses or malware are very instrumental in making the cyber environment more secure 132 The U S Department of Homeland Security DHS has tips for computer users posted on their website to increase internet security The main points of the DHS website are to promote personal responsibility for increasing cyber security and to promote best practices for safe computer usage The best practices that DHS advertises are to make cyber security a habit by following three core practices The three core practices are to “install anti-virus and anti-spyware programs and keep them up to date install a firewall and keep it properly configured and to regularly install updates on your computer’s operating system ” 133 Computer users are the first line of defense in cyber security and their actions can help protect the cyber infrastructure that is used by all 131 Peter Schrank Cyberwarfare Newly nasty Economist com May 24 2007 http www economist com world international PrinterFriendly cfm story_id 9228757 accessed August 8 2008 132 Secure Works Press Release Compromised US and Chinese Computers Launch Greatest Number of Cyber Attacks according to SecureWorks’ Data September 22 2008 http www secureworks com media press_releases 20080922-attacks accessed February 19 2009 133 Homeland Security Cybersecurity Make it a Habit http www dhs gov zxprevprot programs gc_1202746448575 shtm accessed March 11 2009 46 XII Conclusion This monograph has examined the Russian Federation’s use of a cyber strategy toward former Soviet satellites and how the Russian Federation interacts with the world concerning cyber security The research has shown that the international system is lacking in its ability to effectively manage issues of cyber security The Russian Federation is perceived by the international community as a country that engages in or supports groups that are involved in cyber crime International and regional organizations along with countries that interact with the Russian Federation have to deal with a reality that they may be the target of a cyber attack if they are in opposition to the government of the Russian Federation The issue of cyber security is continuous and here to stay As more of the former Soviet satellites become more developed with an advanced IT structure they will have to face the realities of cyber attacks Regardless of whether the government of the Russia Federation has been involved in any cyber attacks or will be in the future the reality remains that nations groups or individuals that are in opposition to Russia may face a cyber attack The cyber attacks will be used to influence public opinion or to influence government leaders through the use of cyber pressure Future conflicts that involve the use of force will also see cyber attacks in conjunction with combat operations Currently international agreements and laws are inadequate which allows cyber attackers to take advantage of the lack of such laws and can conduct acts of civil disobedience on the internet The conflict in Georgia has been a motivator for military reform which includes reform in the cyber arena The Russian government and the Russian military will continue to develop systems to improve both their offensive and defensive cyber capabilities Russia will continue to capitalize on their diaspora present throughout the world to support their political positions but will have to realize that some of that diaspora will be in opposition to them and provide private support to organizations and nations that have received cyber attacks Russia’s active collection 47 of cyber defense secrets will also be a combat multiplier for them in future conflicts either alone in the cyber world or as part of a ground conflict Organizations and nations will be best served by creating a resilient defense in depth while educating users and managers of IT systems in best practices to counter the threat of a cyber attack This defense in depth includes technical responses to counter the threats while ensuring that their IT systems are resilient and become effective after an attack President Bush remarked in 2001 that “It’s time to work together to address the new security threats that we all face And those threats just aren’t missiles or weapons of mass destruction in the hands of untrustworthy countries Cyber-terrorism is a threat and we need to work on that together ” 134 134 Dan Verton Black Ice The Invisible threat of Cyber-Terrorism Emeryville CA McGrawHill Osborne 2003 248 48 XIII BIBLIOGRAPHY Aaviksoo Jaak Address by the Minister of Defense of the Republic of Estonia delivered to the Center for Strategic International Studies Washington D C November 28 2007 Abdullaev Nabi New ‘Just Russia’ Party Says Putin Knows Best St Petersburg Times October 31 2006 http www times spb ru index php action_id 2 story_id 19303 accessed April 10 2009 Abreu Elinor Epic cyberattack reveals cracks in U S defense CNN com May 10 2001 http archives cnn com 2001 TECH internet 05 10 3 year cyberattack idg accessed April 10 2009 Associated Press NATO allies sign agreement on cyber defense center International Herald Tribune May 14 2008 http www iht com articles ap 2008 05 14 europe EU-GENNATO-Cyber-Defenses php accessed February 24 2009 Baltic News Service Estonian Minister Lang Says European Arrest Warrant Possible for Cyber Attackers Baltic News Service March 12 2009 https www opensource gov Document ID EUP20090312010002 assessed April 10 2009 Baltic Times The Kremlin denies involvement in cyber attacks on Estonia from wire reports May 18 2007 http www baltictimes com news articles 17908 accessed December 19 2008 ----- From wire reports Estonian PM justice minister insist that cyber attacks came from Kremlin computers The Baltic Times June 8 2007 http www baltictimes com news articles 18038 accessed December 19 2008 ----- From wire reports Kremlin denies involvement in cyber attacks on Estonia The Baltic Times May 18 2007 http www baltictimes com news articles 17908 accessed December 19 2008 Bradbury Danny The fog of cyberwar The Guardian February 5 2009 http www guardian co uk technology 2009 feb 05 kyrgyzstan-cyberattack-internetacess accessed March 22 2009 Buranov Ivan Vodo Vladimir and Yegikyan Seda Pro-Kremlin Activist Admits Attack on Estonian Websites Denies Criminal Wrongdoing Translated by Open Source Center Moscow Konmersant Online March 12 2009 https www opensource gov Document ID CEP20090312021013 accessed April 10 2009 Central Intelligence Agency The World Fact Book Estonia page updated as of December 4 2008 https www cia gov library publications the-world-factbook geos en html accessed December 13 2008 Collier Mike Estonia Cyber Superpower Business Week 2007 http www businessweek com globalbiz content dec2007 gb20071217_535635 htm chan globalbiz_europe index page_top stories accessed August 27 2008 Conway Maura Information Warfare Separating Hype from Reality ed Armistead Leigh Washington D C Potomac Books Inc 2007 Cornish Paul Cyber Security and Politically Socially and Religiously Motivated Cyber Attacks Brussels European Parliament February 2 2009 http www europarl europa eu activities committees studies do language EN accessed February 19 2009 49 Council of Europe Convention on Cybercrime Budapest November 23 2001 http conventions coe int Treaty en Treaties Html 185 htm accessed February 19 2009 ----- Convention on Cybercrime Chart of signatures and ratifications http conventions coe int Treaty Commun ChercheSig asp NT 185 CM DF CL ENG accessed February 19 2009 ----- Convention on Cybercrime Summary of the treaty http conventions coe int Treaty en Summaries Html 185 htm accessed February 19 2009 Davis Joshua Hackers Take Down the Most Wired Country in Europe Wired Magazine Issue 15 09 DPA Estonia sends experts to Georgia to help combat cyber attacks The Earth Times August 11 2008 http www earthtimes org articles show 224942 Estonia-sends-experts-togeorgia-to-help-combat-cyber-attacks html accessed August 27 2008 Economist A Cyber-Riot Economist May 12 2007 55 http lumen cgsccarl com login url http search ebscohost com login aspx direct true db a9h AN 25048355 site ehost-live accessed December 19 2008 Estonian Ministry of Defense Cyber Security Strategy Tallinn May 2008 EU News Policy Positions EU Actors online NATO agrees common approach to cyber defence article on-line EurActiv com 28 Feb 2009 assessed 18 Feb 2009 available from http www euractiv com en infosociety nato-agrees-common-approach-cyberdefence article-171377 Internet European Commission External Relations Russia http ec europa eu external_relations russia index_en htm accessed April 8 2009 Finley Julie Statement on Cyber-attacks Against Radio Free Europe in Belarus OSCE will defend information-sharing efforts from criminal attacks says Finley transcript on-line Vienna May 8 2008 http www america gov st texttrans-english 2008 May 20080508115033eaifas0 3709833 html accessed February 20 2009 Gee Alastair The Dark Art of Cyberwar Foreign Policy November 2008 http www foreignpolicy com story cms php story_id 4553 accessed December 19 2008 Greenberg Andy The State of Cyber Security When Cyber Terrorism Becomes State Censorship Forbes com May 14 2008 http www forbes com 2008 05 14 cyberattacks-terrorismestonia-tech-security08-cx_ag_0514attacks html accessed December 19 2008 Griggs Brandon U S at risk of cyber attacks experts say CNN com August 18 2008 http www cnn com 2008 TECH 08 18 cyber warfare index html accessed September 12 2008 Homeland Security Cybersecurity Make it a Habit http www dhs gov zxprevprot programs gc_1202746448575 shtm accessed March 11 2009 Jones Huw Estonia calls for EU law to combat cyber attacks Reuters March 12 2008 http www reuters com articlePrint articleId USL 1164404620080312 accessed February 19 2009 50 Kampmark Binoy Cyber Warfare Between Estonia And Russia Contemporary Review Autumn 2003 Korns Stephen and Kastenberg Joshua Georgia’s Left Hook Parameters VOL XXXVIII No 4 Winter 2008-09 64 Lipson Howard Tracking and Tracing Cyber-Attacks Technical Challenges and Global Policy Issues Pittsburgh PA 2002 47-48 Litovkin Dmitriy The General Staff is Preparing for a Cyber War Translated by Open Source Center Moscow Izvestiya February 27 2009 https www opensource gov Document ID CEP20090302358005 accessed March 7 2009 Loeb Vernon Pentagon Computers Under Assault Washington Post A02 May 7 2001 Markoff John Before The Gunfire Cyberattacks New York Times August 13 2008 A1 ----- Russian Gang Hijacking PCs in Vast Scheme New York Times August 6 2008 C6 McLaughlin Daniel Lithuania accuses Russian hackers of cyber assault after collapse of over 300 websites Irish Times July 2 2008 10 http lumen cgsccarl com login url http proquest umi com pqdweb did 1503762091 sid 2 Fmt 3 clientld 5094 RQT 309 VName PQD accessed February 20 2009 Melikishvili Alexander Recent Events Suggest Cyber Warfare Can Become New Threat WMD Insights December 2008 January 2009 Issue http www wmdinsights com I29 I29_G3_RecentEvents htm accessed February 19 2009 Ministry of Internal Affairs of the Russian Federation Clean Network Translated by Open Source Center Moscow Ministry of Internal affairs of the Russian Federation https www opensource gov Document ID CEP20090406546003 accessed April 9 2009 National Intelligence Council Global Trends 2025 A Transformed World U S Government Printing Office November 2008 71 http www dni gov nic NIC_2025_project html accessed February 20 2009 Nikiforov IIya Hot Fellows in Saakashvili’s Service Tallinn Exports Specialists in Intelligence and Democracy trans Open Source Center Moscow Nezavisimaya Gazeta September 29 2008 https www opensource gov Document ID CEP20080929021009 accessed December 18 2008 North Atlantic Treaty Washington D C April 1949 http www nato int docu basictxt treaty htm accessed February 17 2009 North Atlantic Treaty Organization Bucharest Summit Declaration Bucharest April 3 2008 Item 47 accessed February 18 2009 ----- Defending against cyber attacks NATO Topics undated http www nato int issues cyber_defence practice html accessed February 18 2009 ----- NATO opens new centre of excellence on cyber defence NATO News May 14 2008 http www nato int docu update 2008 05-may e0514a html accessed February 18 2009 ----- Official website of the Cooperative Cyber Defence Centre of Excellence http transnet act nato int WISE TNCC CentresofE CCD accessed 18 Feb 2009 51 Organization for Security and Co-Operation in Europe OSCE can play important role in cyber security says Estonian Defence Minister on-line press release Vienna June 4 2008 http www osce org pc item_1_31483 html accessed February 19 2009 Panarin Igor The Information Warfare System the Mechanism for Foreign Propaganda Requires Renewal Translated by Open Source Center Moscow VoyennoPromyshlennyy Kuryer October 15 2008 https www opensource gov Document ID CEP20081016548020 accessed October 22 2008 Prygi blogspot com Russian Army Analyst to the World You are defenseless against a cyber attack prygi blogspot com February 8 2008 http prygi blogspot com accessed December 20 2008 Rhoads Christopher Kyrgyzstan Knocked Offline Wall Street Journal January 28 2009 10 Russian Federation Public Chamber Website About the House On the Public Chamber of Russian Federation http translate google ru translate hl en langpair ru en u http www oprf ru accessed April 10 2009 Schrank Peter Cyberwarfare Newly nasty Economist com May 24 2007 http www economist com world international PrinterFriendly cfm story_id 9228757 accessed August 8 2008 Secure Works Press Release Compromised US and Chinese Computers Launch Greatest Number of Cyber Attacks according to SecureWorks’ Data September 22 2008 http www secureworks com media press_releases 20080922-attacks accessed February 19 2009 ----- Compromised US and Chinese Computers Launch Greatest Number of Cyber Attacks according to SecureWorks’ Data September 22 2008 http www secureworks com media press_releases 20080922-attacks accessed February 19 2009 Shachtman Noah Kremlin Kids We Launched the Estonian Cyber War the Wired Magazine Blog entry posted March 11 2009 http blog wired com defense 2009 03 pro-kremlingro html accessed March 14 2009 Socor Vladimir NATO Creates Cyber Defense Center In Estonia Eurasia Daily Monitor May 15 2008 http www jamestown org single no_cache 1 tx_ttnews tt_news 33636 accessed December 18 2008 Svobodnaya Pressa Ministry of Defense Planning Information Warfare Translated by Open Source Center Moscow Svobodnaya Pressa March 17 2009 https www opensource gov Document ID CEP20090318358009 accessed April 5 2009 Tanner Jari and Peach Gary NATO allies sign agreement on cyber defense center International Herald Tribune May 14 2008 www iht com articles ap 2008 05 14 europe EU-GENNATO-Cyber-Defenses php accessed February 24 2009 Thomas Timothy The Bear Went Through the Mountain Russia Appraises its Five-Day War in South Ossetia Journal of Slavic Military Studies Taylor Francis Group LLC 2009 Turabian Kate L A Manual for Writers of Research Papers Theses and Dissertations 7th ed Chicago University of Chicago Press 2007 52 United Nations Charter of the United Nations Article 1 San Francisco June 26 1945 http www un org aboutun charter chapter1 shtml accessed February 19 2009 Usov Dmitriy Russia is Preparing for the Wars of the Future Translated by Open Source Center Moscow Vzglyad February 25 2009 https www opensource gov Document ID CEP2090227358005 accessed March 7 2009 Varoli John In Bleak Russia a Young Man’s thoughts turn to Hacking The New York Times on the web June 29 2000 http www ssl stu neva ru psw misc 29hack html accessed December 20 2008 Verton Dan Black Ice The Invisible Threat of Cyber-Terrorism Emeryville CA McGrawHill Osborne 2003 Vesilind Priit The Singing Revolution Tallinn Varrak Publishers Ltd 2008 Watson Steve Russian Today Website Targeted In Cyber Attacks Infopass net August 12 2008 http www inforwars net articles august 2008 120808Attacked htm accessed December 19 2008 Wilson Clay Cyberterrorism and Computer Attacks ed Brown Lawrence New York Novinka Books 2006 Wired Staff Botnet Hacker Gets Four Years Wired Magazine March 5 2009 http blog wired com 27bstroke6 2009 03 botnet-hacker-g html accessed March 24 2009 53