According to the Second Amendment of the US Constitution, “A well regulated Militia, being necessary to the security of a free State, the right of the people to keep and bear Arms, shall not be infringed.” This is not a story about guns. This is a story about Kali Linux and other hacker tools. This is a story about the weapons that a well regulated militia might need to fight future wars.
This is a story about the gutsy little country of Estonia, a next-door neighbor to the Russian Federation and Vladimir Putin. They have an all-volunteer civilian cyber-militia to protect their country from cyber-warfare attacks. The weapons we are talking abut are computer-based network security defenses, and hacker tools, used to fend off an electronic adversary.
Estonia is one of the three Baltic states, the other two being Latvia, and Lithuania. Not that long ago they were part of the Soviet Union, and part of the Warsaw Pact. They are now part of the NATO Alliance. Estonia is very much an online country. 30% of the country voted online in the last election, and they have digitized the government and medical services.
Estonia was attacked by Russia in 2007, using DDoS attacks to take down Estonia’s banking, government, news, and other websites offline. I covered this story previously a couple times before. The Estonian cyber militia was formally established in 2011. The militia is organized under their National Guard.
Some of the activities this plucky band of cyber defenders is actively engaged in include identifying fake news from Russia that is just propaganda, and reporting it on their website. They conducted forensic analysis of an attack on their military’s computer systems, and identified vulnerabilities in Estonia’s electronic ID cards. They also engage in table-top exercises, and launch educational phishing campaigns, and USB key drops, to test the susceptibility of government and military personnel. An “infected” CD with an image of a Russian porn star on the label proved to be very effective at breaching military computer systems through the ill-advised actions of the recipients. This provides a safe teaching environment where individuals learn how to identify risky emails and other media, while the cyber-militia get a chance to identify individuals who may be more susceptible to social engineering and phishing campaigns, and are a bigger security risk to Estonia.
What is the coolest about this group is that they are exporting their concepts to other countries. France has contacted them for help setting up a French version. Here in the US, the Maryland National Guard and Michigan’s Civilian Cyber Corp have received training from them.
This is a splendid idea, and one I wish would take hold in my native state of Minnesota. I would volunteer for this in a second. I bet there are dozens, if not hundreds or thousands of cyber security professionals and independent hackers who would sign up for something like this. Where else are you going to find a legal place to practice and strengthen your hacker-fu in real world scenarios like this? I think I am going to write my state legislators and maybe some people I know at the Minnesota National Guard. Hey Kelly, you out there? Give me a call.
FYI: From Bruce Schneier – At the end of January, the US Department of Homeland Security issued a warning regarding serious DNS hijacking attempts against US government domains. Brian Krebs wrote an excellent article detailing the attacks and their implications.
And from an article by and interview with Paul Nakasone, Commander of the US Cyber Command:
“We must “defend forward” in cyberspace, as we do in the physical domains. Our naval forces do not defend by staying in port, and our air power does not remain at airfields. They patrol the seas and skies to ensure they are positioned to defend our country before our borders are crossed. The same logic applies in cyberspace. Persistent engagement of our adversaries in cyberspace cannot be successful if our actions are limited to DOD networks. To defend critical military and national interests, our forces must operate against our enemies on their virtual territory as well. Shifting from a response outlook to a persistence force that defends forward moves our cyber capabilities out of their virtual garrisons, adopting a posture that matches the cyberspace operational environment.”
- A History of Cyber Warfare – Part 1
- A Timeline of Russian Cyber-Exploits
- US DNS hijacking