Lessons from the Estonian Cyber War

Washington, DC, May 21st, 2008 -- Today's young activists live, think, communicate and dream online, in a virtual world. They have immense computer power, especially with gaming and media machines. It is only natural that eventually they would demonstrate, and support their causes in cyberspace.

The events that occurred last year in the small country of Estonia gave us a blueprint for what we might expect when organized demonstrations move into the realm of cyberspace. Traditionally it is the students on University Campuses who have been at the forefront of demonstrations against oppressive governments, and social injustice, including here in the United States. That same active demographic is the same as the computer savvy, and broadband equipped group, with computer power to mount a disruptive demonstration. I will not use the word "Attack" for they only need to mount a campaign of "Computer Disobedience" to totally screw up the workings of whoever they target.

What we know of the Estonian Incident is that it was not as previously claimed, and "Attack from Russia" , a statement which in an earlier period of history would have unleashed a military response. No it is beginning to appear that it was local young people who were demonstrating about the fate of a war memorial.

The cyber attack was not orchestrated by the Kremlin, but by home grown dissidents angry at a monument being moved.

Let that be a lesson for the whole world, that most terrorism attacks come from within, and need the assistance of local dissidents too. The three weeks of attacks shook up governments around the world, for every one had been looking beyond their borders for the threats. Most cyber security fences employed to protect networks operate on a Perimeter Defense strategy, and if the attack has people inside the perimeter defense then the whole network is laid bare and vulnerable.

One wonders how many "Sleeper Cells" of dissidents are lurking in the computer rooms of major Banks, Corporations and Government Agencies. All major disruptive spies of old had Top Secret clearances, so the new generation of sleeper cells will probably be cleared up the wazoo, ready to quietly press the right key, and probably go undetectable in the ensuing mayhem. How many contractors have access to the nations most critical defense networks, and how many religious and ethnic dissenters have network access. How many more Pollards are there out there, putting their religious affiliations before their national loyalty.

As more and more young people begin to network their computers, and become active in political, tribal and nationalistic causes how soon will it be one of their goals to disrupt ecommerce, email and websites linked to their targets. The war memorial could have been in the United States. It could have been a block of stone inscribed with the Ten Commandments, moved from a courthouse. Or a vote to stop illegal immigration.

The response to the cyber threat has been the creation of multi billion dollar Top Secret closeted cyber centers that are totally isolated from the real threats to the networks, computers and communications that will be the targets of the new generation of cyber activists. Like the totally outdated bloated intelligence community they are chasing an enemy that went south years ago, and has handed the execution, and tactics of the war to their children and grandchildren.

The people who can help companies and governments face the threats don't have security clearances, don't have an Ice Cube in Hell's chance of being employed by these Cyber Gin Palaces, yet hold the key to the security of the networks. The seeds of the next cyber demonstration will probably be found in a game somewhere. I would bet we get more Out of the Box, and real threat scenarios in our Spy Games than the TS/CI people get in their cloistered environment.

A year after the Estonia attack we see the first arrests, and they fit the profile I would expect. Not a Russian Colonel in a secret bunker outside of Moscow, but teenagers with a grudge.

Yet when you stop and look at the events that occurred another thought emerges, "Why did it take 3 weeks to stop the attack?"

It seems that paralysis set in, and those tasked with protecting the population, and integrity of the national networks failed. Just like the Bush Administration in the aftermath of Hurricane Katrina and New Orleans. The question must be that when, and I repeat when there is a major attack internally against some one or another, be they religious, ethnic, or capitalist targets what will the government do. It can sit in an undisclosed location somewhere, surrounded by vast amounts of highly classified garbage and demand more money to fight the war on terror. It could also send the lying press spokesman on to CNN, along with the crooked retired Generals and come out with some crap about the threat from Islamic terrorists, or China. Or it could block the threat. That would be very difficult with the present structure. The Bush Administration has become very good at spying, but totally useless at protecting.

It would be interesting to know how the politicians intend on policing and protecting the lifeline of modern commerce in the years ahead. Building huge bunkers, cyber forts in a modern Maginot Line will not help. The threat is from a new generation of young cyber freedom fighters, or organized crime syndicates that can form, strike, and dissipate as quickly as criminals brought together for a traditional high profile robbery. They know they can reap huge rewards from pulling together teams of cyber criminals, and rob a bank, online financial site, or threaten corporations unless they pay their protection money.

How will governments protect against teenage dissidents, the groundswell of political awareness we have seen in the Obama campaign meetings. If the same drive and passion is channeled into cyberspace the results could be devastating for corporations, and organizations targeted.

But the Department of Homeland Security and Department of Defense will be there, spending like crazy, hiring contractors and layer upon layer of technology to protect the invasion of the homeland, and as Hitler did with the Maginot line the invasion will come from a direction nobody expected, and every government expert thought was safe. The Allies got back by staging D-Day where he didn't expect it, on a day he didn't believe it would happen, and all the massive fortifications along the Calais coast were just wasted money. Sound familiar?

Back to Main Menu