By Scott Neil
For an Island as reliant on internet connectivity as Bermuda the advent of deliberate cyberspace attacks of a magnitude that can virtually cripple a country — as experienced by Estonia last month — is worrying.
Whether such an attack could be mounted against Bermuda, either as a terrorist action or deliberate sabotage by another country, is open to question.
But in light of the events in Estonia it is one that appears to require some contemplation.
The mounting of disabling attacks against individual web-sites and companies has been happening for many years, but a country-wide attack is something new.
Bermuda’s international business economy relies heavily on constant and uninterrupted internet and telecommunications links to the rest of the world.
Those links, primarily through three undersea cables between the Island and the US mainland, have been described as “Bermuda’s lifebood” and the reason why Government is tendering to add a fourth submarine telecommunications cable to provide additional security to the physical structure of those links.
How the attack on Estonia was carried out is still being analysed by NATO and others. The finger of blame was initially pointed at sources within neighbouring Russia, after the two countries became involved in a dispute shortly before the cyberspace attack due to Estonia’s relocating of a prominent Soviet-era soldier war statue.
In Estonia the distributed denial of service (DDoS) attacks — more than 120 of them — were targeted at internet protocol (IP) address within the former Soviet Union-controlled state. Government internet sites were the primary targets and some of the attacks lasted up to 10 hours, dealing a crushing blow to the country.
A flood of data from across the internet overwhelmed Government, bank and Estonian newspaper web-sites.
Because of the nature of the attack and its use of remote “hijacked” computers across the world, estimated at around one million computer terminals, it is impossible to tell if the attack was an officially sanctioned assault by a Government or simply the work of a network of computer experts.
Linton Wells, from the Pentagon, said in the International Herald Tribune: “This may well turn out to be a watershed in terms of widespread awareness of the vulnerability of modern society. It has gotten a lot of people’s attention.”
Stephen Davidson, of Bermuda-based technology security QuoVadis, said: “Cyber attacks have been a problem for individual servers or companies. What happened in Estonia, mounting an attack on a country, has taken it to a new level.”
Every country has a set of IP addresses assigned to it. Bermuda’s addresses are governed by the American Registry for Internet Numbers (ARIN).
Mr. Davidson said: “If someone were to attack Bermuda they would find out where the IP address block is and mount an attack. I don’t know how they would go about that because the number of IPs for Bermuda are considerable.
“You could attack the ‘.bm’ domains, which is a much smaller number, and such an attack is conceivable.
“Typically someone would write a Trojan horse virus that would then be used by third party servers as ‘zombies’ to send the attack. Because the attack would be coming from so many distribution points it would be very difficult, if not impossible, to shut down all the servers involved in the attack.”
That is what happened in the Estonia scenario with up to one million computers around the world being commandeered, unbeknown by their owners, to send out data streams to flood the targeted web sites, networks and routers in Estonia.
“Repeated malformed requests sent to a server slows down its operation and eventually shuts it down as it uses up more and more of its capacity trying to shift out the bad stuff. It starts denying access to genuine requests,” explained Mr. Davidson.
The internet’s global “backbone” is 13 master servers for addressing on the internet. There have previously been attacks on some of those servers in failed attempts to bring down the entire internet.
ARIN, which controls the Bermuda IP addresses, is expanding the capacity of its master domain servers to help reduce the likelihood of global attacks succeeding.
“An attack can happen by going after the IP address for a specific country, going after elements of the internet structure or going after the physical structure, such as cables,” said Mr. Davidson.
The threat of an attack against a specific country or jurisdiction — or at least its most significant internet networks — is now a reality.
In February this year the US said if it was attacked through cyberspace it would either launch a counter cyberspace attack or a bomb attack on an identified source.
And Bermuda’s reaction? A Telecommunications Ministry spokesman said: “The Government of Bermuda operates security policies and practices designed to ensure the integrity of its information technology systems.”