How to Stop Cyber Attack, cyber crime , Estonia case study | Military Stories

Cyber Attack, cybercrime, Estonia case study

Estonia suffered a massive cyberattack more than 10 years ago. The event was a defining moment for the country and the world’s approach toward cybersecurity. And it all started with this statue. From the Wanna try ransomware attack to election meddling, cyberattacks are becoming increasingly common, and costly, around the world. Global spending on information security products and services is expected to reach $124 billion in 2019. But that hasn’t been enough to stop cyberattacks from becoming one of the global economy’s biggest threats. So how can governments keep hackers out?

The short answer is they can’t. But that doesn’t mean they’re not trying. 

One of the leaders in this space has been the country of Estonia, which gained independence from the Soviet Union in 1991. In 2007, the Estonian government decided to move it here to a less prominent location. The move sparked protests and riots from Estonia’s ethnic Russian population that demanded the statue to stay in place. 

Then,  Estonian institutions were crippled by a series of cyberattacks. Parliament, government ministries, banks, and newspapers went offline. And though it hasn’t ever been confirmed, it’s widely believed that Russia was behind the attacks. 

The 2007 attack on Estonia has been called the first cyberwar, which is defined as The cyberattack was an awake-up call for Estonia, which at the time was already one of the world’s most advanced digital societies. The country decided it needed to take steps to protect data online and prevent future cyberattacks. But how? 

How to stop cyber attacks?

The first step was building a strategy that would allow the government to keep systems up and running during a cyberattack. IT experts in the public and private sectors worked together to make systems more resilient against hackers. One part of Estonia’s strategy is a voluntary Cyber Defence League made up of hundreds of civilians, including IT professionals and young people who would mobilize during an attack. Estonia also decided to store copies of its information in a data embassy in Luxembourg, as a backup in case there was a cyberattack on home soil. Which brings us to another key deterrent for cyber threats, international cooperation. NATO, the military alliance between North American and European countries, was a good place to start. In 2008, the 'NATO Cooperative Cyber Defence Center of Excellence' opened here in Tallinn. 

NATO Cooperative Cyber Defence Centre of Excellence

Its goal is to enhance NATO’s cyber defense capabilities. The center conducts large-scale cyber defense drills, sort of like digital military training, though it’s not technically a NATO operational unit. It also put together a guide called the Tallinn Manual, which analyzes how to apply existing international law to cyber operations. In 2016, NATO allies agreed that a cyberattack on a member country could trigger the same military response as an attack in the air, on land, or at sea. EU-wide regulation has also upped the penalties against data breaches. 

The General Data Protection Regulation, or GDPR, that went into effect in 2018, gave EU regulators the power to fine companies that don’t protect user data. And, unlike in the past, the fines can be massive, up to 4% of global annual turnover or €20 million, whichever is bigger. Still, many countries have not taken steps to prepare for cyber threats. The United Nations found half of its member states don't have a cybersecurity strategy in place. The UN ranks Estonia as the European country most committed to cybersecurity and fifth worldwide after Singapore, the United States, Malaysia, and Oman. But even Estonia isn’t hacker-proof. Authorities still responded to more than10,000 cybersecurity incidents in 2017, one third more than the year before. 

Which brings us to one final big step in preventing a cyberattack, getting the public on board. This can be as simple as using two-factor authentication or changing your password from, well, “password.” The research found only one out of every four internet users in Europe changes his or her password regularly because of security and privacy issues. In Estonia, it took an unprecedented cyberattack for the country to become a leader in online security. Other countries might want to take note as the threats of cyberattacks only become bigger and more complex. 

Thank you.

Cyber war | what is cyber warefare| cyberspace

Cyber warfare

Actions by a nation-state actor to attack and attempt to damage another nation's computers or critical infrastructure is known as cyber warefare.

Cyber crime

Somewhere in the South China Sea, a US and European missile cruiser on joint patrol stray too close to one of China's many man-made islands. Illegally built and hardened with military facilities- despite a ruling to their illegality by The Hague in international court- China has warned repeatedly that it will not tolerate any other nation's military presence near the controversial islands. 

The United States and the European Union meanwhile have both taken the side of many of the South China Sea's lesser nations, such as Vietnam and the Philippines, who see the military build-up as an incursion into their sovereign water  and an attempt to bully them into submission. Refusing to bow before Chinese aggression,the US and European militaries have routinely engaged in freedom of navigation exercises through the disputed man-made island chains. Yet this patrol is different. The local Chinese commander- acting on his own or perhaps with authority from his chain of command- orders a Chengdu J-20 combat patrol into the air. Armed with anti-ship missiles, the jets super cruise to within a few dozen miles of their targets, but this time instead of warning off the European and American ships, they are ordered to retaliate for the incursion. 

On board the European cruiser, alarms soundas three of the four Chinese aggressors loose a volley of anti-ship missiles. Immediately the ship syncs up with its American counterparts via a wireless communications link, and together the two ship's powerful AEGIS systems track the incoming missiles and fire off countermeasures. One ship protecting the other, supersonic interceptors fire off from the decks of both ships, eight tasked with intercepting the incoming missiles and another eight screaming into the night sky to take out the Chinese jets. The exchange between the two sides lasts just forty five seconds, at the end of which three Chinese planes are fiery wrecks, with one having landed a hit on the European cruiser and killing dozens of sailors.

Military comm networks relay news of the confrontational light speed to commanders around the globe, and within minutes air, sea, and ground forcesacross Asia, Europe, and America are gearing up for World War III. Yet within just seconds of the news of the attack on the European and American ships, a new generation of weapons have already been deployed. Less than a minute after news of two dozendead European sailors and three downed Chinese pilots reach the desks of their respective military commanders, cyberweapons have already gone on the offensive, a digital war sweeping across the internet at the speed of light, and catching the entire world in its wake.

Such a scenario may seem a bit far-fetched,yet it's an eventuality that every day militaries all over the world prepare for. In fact, every single day a digital war takesplace amidst the background chatter of daily internet use, with nations attacking each other's critical infrastructure looking for vulnerabilities. Considered a 'soft war', these attacks aremeant to look for and stockpile potential vulnerabilities in the digital systems that are the lifeblood of modern nations. Energy grids, communications and financial networks are the primary targets, and while no nation is yet launching an offensive to actually cripple these systems, they instead stockpile vulnerabilities so that they can exploits them in a time of war. 

Yet other nations, such as Russia, carry out more overt and hostile attacks such as against a nation's political systems. Best seen in the 2016 US Presidential election,during which Russia hacked the DNC to favor the Donald Trump campaign, Russia has in fact been carrying out cyber attacks against the political systems of NATO and Baltic nations for at least a decade. Russia has regularly used its cyber muscle to favor far-right politicians while attacking centrists and liberal candidates. They use their cyber influence to stoke dissent amongst a country's citizens, and to stoke fear and xenophobia which they can channel towards the far-right, nationalistic candidates that they prefer and can thus manipulate on selected into office.

Russia's reach is indeed far, and while their influence on the 2016 election was significant, their best success to date so far may be Britain's Brexit vote, during which they ran disinformation campaigns online to stoke xenophobia. With Brexit being a widely recognized political and economic disaster for Britain, Russia has found great success in its cyber offensive operations. Yet if cyber warfare is so prevalent and has obviously hostile intent, why don't nations react the way they would to kinetic attacks? That's partly to do with the fact that cyber warfare itself is a very new development, and so the international community is at a loss as to how exactly respond to the cyber offenses of another hostile nation. In Russia's example, NATO could react witha kinetic attack against Russia, but politicians must ask themselves if cyber operations aretruly threatening enough to warrant an all-out kinetic war.

When a hostile nation has so clearly meddled in your politics and perhaps set the course of your nation's political leadership, the question may indeed need to be considered a strong yes- after all, just how sovereigns nation are you really if your elected leader is a tool of the Kremlin, or routinely takes action on the international stage that benefit the very nation that is hostile to you and is attacking you every day? There simply exist no clearly defined boundaries between what constitutes a hostile military attack against a nation, and what is simply cyber crime. Currently cyber attacks by hostile nations are lumped together with espionage, crime, and hactivism, and realistically you wouldn't call for an airstrike against a teenager hacking into Papa John's to get themselves free pizza delivered.

You wouldn't do such a thing because it would've an over-reaction, but also because it's completely unrealistic: nobody wants PapaJohns pizza- even if it's free. On a serious note though, our current lack of political will to classify hostile cyber attacks as military actions only leaves nations even more vulnerable to being further attacked.

Russia, emboldened by their 2016 success in the US election, has for instance been widely reported by intelligence agencies around theworld as gearing up for an ever greater campaign against the American voter in 2020. Yet the US has largely been silent in itsresponse to Russian aggression- despite President Obama's expulsion of several Russian diplomats known to be active spies, and an alleged brief cyber attack against Russian systems that led to some Russian computers overheating and melting down.

 Sadly the Trump administration has shown little willingness to punish Russia for its attacks against the US, and not only is the lack ofthe political will to strike back suspicious, but it is also dangerous for the world at large. If the world continues down the road we areon, cyber attacks will only escalate until ending disastrously in an attack that's finally large enough to warrant a military response, starting a large scale war. Yet such an attack will likely be completely devastating to the victimized nation, resulting in major disruptions to its power grid or financial and communication systems, bringing its economy to a screeching halt. 

Perhaps what would be best instead is if cyberattacks were at last met with a significant response, thus marking a clear line in thesand for just how far cyber warfare can be taken before military retaliation is inevitable. But just how deadly could a cyber war reallybe? The answer to that question is in our ownnot too distant past. In the early 2000s before the Iran nuclear deal, Israel was reaching a political crisis point. For its own continued survival it could notallow Iran to develop nuclear weapons, yet with the expansion of several enrichment facilities iran was poised to do just that in a matter of years.

Many inside of Israel saw a preemptive strikeas the best course of option, yet each time Israeli jets had strayed into Iran, they had brought up the possibility of major retaliation. An all-out war between Israel and Iran would have quickly spilled over into other Arab countries, leading to yet another Jew-Arabwar which would have in turn brought in Israel's American and European allies. For the US this situation was completely unacceptable,as was a nuclear Iran. Not only was there the risk of a nuclear exchange between Iran and Israel, but if Iran was allowed to develop nuclear weapons, Saudi Arabia andJordan both had already stated that they would immediately begin developing their own nuclear weapons as well. 

In short a nuclear iran would lead to a nuclear middle east, the single most volatile region in the entire world. Yet allowing Israel to kick off another majorwar by invading Iran was not a good option either, and with Iran digging its enrichment centrifuges deep underground, simple military strikes would prove fruitless. That's when US and Israeli computer scientistscame forward with a solution. They believed they could infect Iranian computer with a worm that could in turn destroy the Iranian centrifuges, and leave the Iranians one the wiser as to what exactly happened.

 The plan was immediately ok'ed, and working together, US and Israeli engineers developed the Stuxnet virus. However, the centrifuges and the computer network they were linked to were not connected to the internet for obvious security reasons. This means that the virus would have to bebrought in physically and uploaded directly to the secure computer network, and to dothis several Iranian nuclear scientists were singled out and targeted digitally. Eventually the team managed to infect thelaptop of one of the scientists while he was connected to the internet, and when he brought the laptop into the nuclear facility and connected to the network there, the worm hopped inside the secure computer systems and began to wreak havoc.

 Centrifuges began to spin wildly out of control,causing massive destruction and bringing the Iranian nuclear program to its knees. In the end thousands of centrifuges were destroyed,all by the simple click of a button. A modern cyber war could have just as dire,and physical consequences. If infected, the computer systems of nuclear power plants could be shut down, or hijacked completely- hackers could for instance orderthe release of all water in the plant's cooling system, which would lead to a nuclear meltdownof the overheated reactors and regional disasters all across the land. With hundreds of nuclear power plants aroundthe world, this could devastate major portions of most modern nations. 

After the Russians cyber attack

Even conventional power systems could be affected theough with the physical infrastructure overloaded to the point of causing significant structural damage across a nation's power grid. Such a disaster would take weeks, or monthsto repair, and if it happened during winter could lead to the deaths of hundreds of thousands of the most vulnerable segments of a population. Dams could be hijacked as well, and emergency slices meant to help deal with rising water levels during heavy rains could be forced to remain closed, leading to a collapse of the entire damn. 

This would bring untold devastation as hundreds of millions of gallons of water rushed downstream to overtake the communities living in theshadows of large dams such as the three gorges dam or the Hoover dam. Luckily for us, no nation has yet dared to launch any such attack against the other- save for some cases of tampering of Ukraine's energy grid by Russia. Yet the reality is that in the case of another major war, these types of attacks would be the first to be launched by a hostile power.

 The option is especially attractive for nations such as Russia and China, who find themselves at a considerable military disadvantage against Europe and its American ally, and in the case of war, it's a certainty that some degree of major attack against a nation's digital infrastructure would take place. The unknown question to many though is justhow severe an attack will take place, and how well could a nation weather such an attack. Even more troubling is the fact that many of these attacks could result in the deaths of hundreds of thousands, if not millions,and yet these cyber weapons are not yet considered weapons of mass destruction.

 If caught unawares and the US is crippled by a cyber attack that leads to millions of incidental deaths, are the leaders of Russia and China confident that American leadership won't consider this an attack by a weapon of mass destruction and retaliate with a nuclear attack? That is the question that haunts many of theworld's premier cyber experts, and sadly, one that we might just have to blunder into in order to find the answer out. The Cyber War will and already is happening and the people who are going to suffer the most are normal users like you. 

The military has whole teams fighting this,what do you have? You don’t need to have the resources of an army to protect yourself. Let us know in the comments, and as always if you enjoyed this article don't forget to Like, Share, and Subscribe for more great content! 

Top cybersecurity threats in 2020

What is Budapest convention?

The Budapest Convention on Cybercrime is the first international treaty for Internet and computer crime by harmonizing national laws, improving investigative techniques, and increasing cooperation among nations. It was open for signature in 2001 and came intoforce in 2004.As of September 2019, 64 states have ratified the convention.
The European Commission adopted a provision that requires all members of theEuropean Union all activities defined as “attack through interference with information systems” to be punishable as terrorist act, if their goal is “serious alteration or destruction of political, economic or social structures”.

Main cyber threats to any person or organisation

1. Phishing: Phishing is the act of attempting to acquire information, such as  username, passwords and credit card details  by masquerading as a trustworthy entity in an electronic communication. Phishing email may contain links to websites that are infected with malware. Phishing typically carried out by email spoofing or instant messaging.
   

   
   
                               Phishing mail
2. Vishing (Voice Phishing): The term is a combination of 'voice and 'phishing'. When phishing is done with the help of telephonic system, it is called vishing.
   

   
   
                                Vishing scam
3. Whaling: Several recent phishing attacks have been directed specifically at senior executives and other high profile targets within businesses, and the term whaling has been coined for these kinds of attacks.
   

   
   
                         How whaling work
4. Tabnabbing: Tabnabbing is one of the latest phishing technologies. It takes advantage of tabbed browsing(which uses multiple open tabs) that a user uses and silently redirects the user to the affected site. This technique operates in reverse to most phishing techniques as it does not directly take the user to the fraudulent site, but, instead, phishers load their fake page in one of the open tabs.
5. Spoofing: A spoofing attack is a situation in which one person or programme successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage. A spoofing attack involves one programme, system or website successfully masquerading as another by falsifying data and thereby being treated as a trusted system by a user or another programme. The purpose of this is usually to fool programmes, systems or users into revealing confidential information, such as user names and passwords, to the attacker.
6. Zombies: A zombie is a computer connected to the internet that has been compromised by a hacker, computer virus or trojan horse. It can be used to perform malicious tasks under remote direction. Botnets of zombie computers are often used to spread email spam and launch denial-of- service attacks. Most owners of zombie computers are unaware that their system is being used in this way. Because the owner tends to be unaware, these computers are metaphorically compared to zombies.
   

           zombie attack on computer system
7. Botnets: A botnet is a collection of internet connected programmes communicating with other similar programmes in order to perform tasks.Botnets sometimes compromise computers whose security defences have been breached and control conceded to a third party. Each such compromised device, known as a 'bot', is created when a computer is penetrated by software from a malware (malicious software) distribution.
8. Pharming: It is an attack to redirect a website's traffic to a different, fake website, where the individual's information is then compromised.
9. Drive-by: These are opportunistic attacks against specific weaknesses  within a system.
10. Spam: The unsolicited sending of bulk email for commercial purposes, is unlawful in some jurisdictions. While anti-spam laws are relatively new, limits on unsolicited electronic communications have existed for some time.

Top 12 Biggest Cyber Attacks in The World

Here is the list of top Cyber Attacks that happened in the world.

1.In 1988, a cyber attack had happened on embassies of Sri Lanka with 800 emails a day. The message which was appearing was “We are the Internet Black Tigers and we are doing this to disrupt your communications.” Department of Intelligence characterizes the attack as a terrorist attack on government computer systems.

2.On 3 June 1998, the "mealworm" hacking group attacked Web site of the Indian Bhabha Atomic Research Centre and stole e-mails from the same center. The three anonymous saboteurs through online interviews claimed that.

3.In July 1997, the leader of the Chinese hacker group claimed that temporarily disallowed Chinese satellite and announced that hackers set up a new global organization to protest and prevent investment by Western countries in China.

Red hacker alliance

                

      

4.In 1998, at the time of parliamentary elections in Sweden, Anonymous attacked the Web site of the political party pornographic sites. The same month, saboteurs attacked the website of the Mexican government in protest against government corruption and censorship. 

Romanian hackers on one occasion managed to intrude into the computer systems controlling the life support systems at an Antarctic research station, endangering the 58 scientists involved. Fortunately, their activity is stopped before any accident occurred. 

5.During the Kosovo conflict, Belgrade hackers conducted a denial of service attack (DoS) on the NATO servers. They typically used for diagnostic or control purposes or generated in response to errors in IP operations. 

6.During the Palestinian-Israeli cyberwar in 2000, ProPalestinian hackers used DoS tools to attack Israel’s ISP, Netvision managed to resist subsequent attacks by increasing its safety. 

ProPalestinian hackers attack Israel's ISP

7.In late 2008, when a  group of hackers called the “Greek Security Team”, “intrude” into CERN computer systems (European Center for Nuclear Research) so deep, that they were very close to taking control of one of the detectors at LHC (Large Hadron Collider), whose aim was to defame the experts responsible for the computer system, calling them “a group of students.” 

8.In April 2007,  the “Associated Press” reported that cyber attacks on critical information infrastructure on Estonia  DoS attacks carried out by different locations around the world (U.S., Canada, Brazil, Vietnam, and other locations). Of course, the locations of the computers involved in the attack do not always show the location of the direct participants in the attack. It is actually the location of the so-called “zombie” machines that act as intermediaries during the attack, without their knowledge or without any knowledge of the direct attackers. The attack completely put out the function of the Web sites of many governmental, media, and Þ financial institutions and leads to diplomatic talks which were a reason to examine the possibility of creating a NATO-supported research center capable of identifying the source of cyberattacks. In August 2008, a similar attack was conducted against Georgia. It is assumed that the attack was perpetrated by Russian hackers.

                    Estonia cyber-attack 2007
9.In 2007, hackers attacked the Ukrainian President Viktor Yushchenko's website. The attack was carried out by the radical Russian nationalist youth group, the Eurasian Youth Movement.

An analyst from the U.S. Central Intelligence Agency (CIA) publicly revealed that in January 2008, hackers successfully stopped power supply networks in several U.S. cities. 

In November 2008, the Pentagon had a problem with cyber attacks carried out by computer virus, prompting the Department of Defense (DoD) to take the unprecedented step of banning the use of external hardware devices, such as flash memory devices and DVDs.Officially, the U.S. never felt a cyber-terrorist attack.