Who launched the Denial of Service (DoS) attack on Estonia, which took down Estonian government sites and banks in May of this year? Few people know for sure, apart from the ones who did it. When it happened, speculation suggested it had been ordered by the Russian FSB (previously known as the KGB) or the Kremlin. At the recent Kaspersky Labs conference I attended, Eugene Kaspersky, CEO of Kaspersky Labs, expressed the belief that the attack was carried out by Russian hackers, rather than some arm of the Russian government. He noted that after the Estonians moved the statues that commemorated Soviet soldiers, many Russian shops ceased to sell Estonian goods. Many Russians were offended.

You are entitled to think, “Well he would say that wouldn’t he?”, but the evidence suggests that “patriotic behavior” by hackers is common. A little bit of “cyber nastiness” broke out in April 2001 between Chinese and American hackers, following the collision of a U.S. military spy plane and Chinese fighter. Both U.S. and Chinese government Web sites were hacked and defaced. There has been a continual low level engagement between the Israelis and the Palestinians since about 1999, which escalates when military action occurs. It mostly involved DoS attacks and web site defacement. When you have groups of collaborating hackers that behave in this way, it is difficult to identify “official” activity. So even if the Russian government wanted to launch a cyber attack on Estonia, why not just let the hackers do it under their own momentum.

The shady world of state-sponsored Cyber attacks was the topic of a late night conversation I had with Peter Warren (award winning IT security journalist) in Moscow. Peter pointed out that the Russian Business Network (RBN), a large organized group of Russian hackers, is known to be for hire, and incidentally, is credited with responsibility for about 60 percent of all cyber crime (for more details on the RBN see Peter’s article The Hunt for Russia’s Web Criminals). The RBN has a quasi-monopoly on Cybercrime and it ought to worry everyone.

Peter thinks that the hack on the Internet in 2002, which slowed or brought down all but 2 of the Internet’s root servers may have been the RBN advertising its capabilities to the world. He also says that it’s possible that the US hires the RBN to hack into Arab Banks in an effort to track the movement of Al Qaeda’s money. (Using a surrogate would distance the US from activities that might upset Arab allies, and as it happens, Al Qaeda is an enemy of Russia’s too).

The Chinese hacking economy is also worthy of comment. As I pointed out in a previous posting, the percentage of Chinese PCs that operate as bots is disproportionately high, which means that the level of virus infection is much higher in China. This may be associated with the fact that the level of software theft in China is very high and the software thieves may now be planting Trojans within copied/stolen software, in order to seed large numbers of PCs.

Whether this is the direct policy of the Chinese government or a natural consequence of its lax approach to software copyright is pretty much irrelevant. Just as it is impossible to imagine that the Russian FSB does not have its fingers in the RBN, the idea that the Chinese government has no connection with its community of hackers is hardly credible.

The latest malware that runs on bot PCs is capable of limiting its use of PC resources so that it is invisible to the average user. Most of the time it is content to sit there, loaded and awaiting instructions. Botnets managed by such software are, in effect, huge resource pools ready to snap into action when required. There can be little doubt that the intelligence arms of many governments (including our own) make use of them.

See also: 10 Reasons Why the Black Hats have us Outgunned.

  Subscribe to HaveMacWillBlog in a reader