Wednesday, October 10, 2007

Taking over

From WIRED magazine, an interesting article on last spring's cyber-attacks on Estonia. The article's author travelled to Moscow, where he interviewed a Russian hacker with knowledge of the background to the events, which have implications for European and Western security as a whole. Excerpt:
We move to a coffee shop so Azizov can plug in his Alienware laptop. It connects to the Internet via cellular card, and he navigates to R2.ee, an Estonian radio station. After a few keystrokes, he smiles and tilts the screen toward me. There is an error message. He has performed what is known as an SQL injection attack. With one more keystroke, he says, he could take over the site entirely.

"Why are you showing me this?" I ask.

He tells me that he has just started a new company that will help system administrators assess the vulnerability of their sites. He will identify weaknesses, as he just has with R2.ee, and offer to fix them — for a price.

"Did you offer to help fix R2.ee?" I ask.

He smiles awkwardly and says that he hasn't. I ask him why anyone would trust him. After all, he seems to have a suspiciously intimate knowledge of the Estonian attacks. "Russian IT specialists are knowledgeable and experienced enough to destroy the key servers of whole states," he says. "They're the best in the world."

The implication: Clearly you want them on your side, so why not hire them? Maybe Estonia was simply an advertising campaign.

No comments: