Evron considers much of the traffic analysis from the attacks as too unreliable to conclusively point to a smoking gun. However, he notes that a high degree of prior planning and organisation was apparent on community sites. This analysis contributes to a growing picture of spontaneously evolving but highly effective loose confederations of attackers relying entirely on virtual contact. Such a confederation was identified in the case of the Dark OwneD Mafia cracker network, five of whom were recently arrested in Spain. It might indeed explain why only one person has so far been prosecuted in connection with the Estonian attacks.
- Battling Botnets and Online Mobs (PDF), paper by Gadi Evron.