The cyberspace arms race

Oliver Kund
, reporter
Please note that the article is more than five years old and belongs to our archive. We do not update the content of the archives, so it may be necessary to consult newer sources.

Partly because of a year filled with cyber attacks by ISIS, military cyber units keep popping up in nations of Europe. Estonia not a target thus far, experts see no need to amend local law. 

As announced by the UK two weeks ago, they will near-term hire 1,900 investigation officials, a large part of whom will be working in the national cyber centre. Finance minister George Osborne said the centre will be granted rights to respond to hackers in cyber space as they see fit – no restrictions.

The forceful UK step is in response to intelligence data stating that, through hired crackers and illegal software, ISIS is attempting to attack critical Western infrastructure such as airports and power stations.

Indeed, as declared in October by US homeland security, a number if ISIS cyber attacks have been launched against American power stations. The attacks failed, however, as the organisers thereof were lacking resources and skills. But FBI cyber division head John Rigg says it may only be a matter of time till ISIS acquires the appropriate tools as very up-to-date attack software is available on the black market.

«ISIS has been like a trigger. While they used to talk about cyber attack only, now they are talking about reactive cyber defence i.e. attack,» said cyber expert Jaan Priisalu.

Tallinn-based NATO cyber defence centre research fellow Matthijs Veenendaal says that increasingly nations are adopting the topic. «Not the UK only – Holland was one of the early, ones, France even Czech Republic,» he said.

Raising the effectiveness of cyber intelligence came on the agenda after the attacks in Paris where investigators say jihadists may have communicated via encrypted communication channels like Playstation 4, Telegram and Surespot.

Though it has afterwards been discovered that the terrorists communicated by phone, it equipped intelligence chiefs with a strong argument. Last week, the Finnish government said they have three intelligence-related law amendments in the works, one of which would grant security police and defence forces the right to do cyber spying outside of Finland. There are also discussions if Finnish Security Intelligence Service (Supo) should also be awarded rights to eavesdrop on Internet communications.

Mr Veenendaal said the cyber centres are nothing new as lots of these were being created before the attacks in Paris while the financial support was released now. To begin with, the main aim of the centres wasn’t fighting the terrorists but paid Russian, Iranian and Chinese crackers and espionage. Equally important is spreading counter-messages in the Internet.

Till today, nobody knows for sure how broad the terrorists’ activity is over Internet. According to a survey a year ago, up to 90,000 Twitter accounts were directly in ISIS use or supportive if them. Mainly, the users were located in Northern areas of Syria and Iraq, but also in the Arab nations and Northern Africa. A large percentage of the accounts amplified the spread of the messages by software allowing a vast amount of posts in a brief space of time.

The most sophisticated proven cyber attack by ISIS was organised this January to take over US central military command’s Youtube and Facebook accounts. While the act caused widespread displeasure, State Information Systems Agency (RIA) information protection specialist Klaid Mägi says the so-called face-smearing attacks aren’t overly prioritised.

«Facebook and Twitter accounts of general use are seized daily and this takes no special skills, one individual will do,» specified Mr Mägi, adding that thus far Estonia has not been targeted by ISIS.

As there is always an abundance of poorly protected websites or accounts, Mr Mägi says the West cannot have it as its aim to limit ISIS capability to take over websites. Therefore it is not excluded that some Estonian website may come under attack as well. «As well as there is no direct threat and we are not aware of being a target of cyber attack, we will continue our usual lifestyle with eyes and ears open,» said Mr Mägi.

Estonian Defence League’s Cyber Unit Tallinn  chief Jaan Priisalu says the hands of Estonian cyber defenders aren’t altogether tied, however, should the need arise for counter attack. For instance, a situation may occur where a botnet needs to be taken down, such as is attacking state information systems.

«To prevent major damage, the police has permission to apply certain measures so in a sense we do already have the reactive right,» explained Mr Priisalu. But he does not consider it an option for Estonia, like the major powers, to ever begin to develop cyber counter attack capacity.