2007 cyberattacks on Estonia: Difference between revisions

Cyberattacks on Estonia (a.k.a Estonian Cyberwar) refers to a series of cyber attacks that began April 27, 2007 that swamped websites of Estonian organizations, including Estonian parliament, banks, ministries, newspapers and broadcasters, amid the country's row with Russia about moving a Soviet-era war memorial and digging the war graves in Tallinn. ^[1]

Most of the attacks that had any influence on general public were distributed denial of service type attacks ranging from single individuals using various low-tech methods like ping floods to expensive rentals of botnets usually used for spam distribution. Spamming of bigger news portals commentaries and defacement and posting of a fake press release of the ruling Reform parties website also occurrred.

Some observers reckoned that the onslaught on Estonia was of a sophistication not seen before. The case is studied intensively by many countries and military planners as, at the time it occurred, it may have been the second-largest instance of state-sponsored cyberwarfare, following Titan Rain. ^[2]

September 6, 2007 Estonia's defense minister admitted he had no evidence linking cyber attacks to Russian authorities. "Of course, at the moment, I cannot state for certain that the cyber attacks were managed by the Kremlin, or other Russian government agencies," Jaak Aaviksoo said on Estonian's Kanal 2 TV channel. Aaviksoo compared the cyber attacks with the blockade of Estonia's Embassy in Moscow. "Again, it is not possible to say without doubt that orders (for the blockade) came from the Kremlin, or that, indeed, a wish was expressed for such a thing there," said Aaviksoo. ^[3]

Legalities

On May 2, 2007, a criminal investigation was opened into the attacks under a section of the Estonian Penal Code criminalising computer sabotage and interference with the working of a computer network, felonies punishable by imprisonment of up to three years. As a number of attackers turned out to be within the jurisdiction of the Russian Federation, on May 10, 2007, Estonian State Procurature made a formal investigation assistance request to the Russian Federation's Supreme Procurature under a Mutual Legal Assistance Treaty existing between Estonia and Russia. A Russian State Duma delegation visiting Estonia in early May in regards the situation surrounding the Bronze Soldier of Tallinn had promised that Russia would aid such investigation in every way available.^[4] On June 28, Russian Supreme Procurature refused assistance,^[4] claiming that the proposed investigative processes are not covered by the applicable MLAT.^[5] Piret Seeman, the Estonian State Procurature's PR officer, criticized this decision, pointing out that all the requested processes are actually enumerated in the MLAT. ^[5]

Opinions of experts

According to Linnar Viik, an Estonian Internet guru, particular mission-critical computers, for example the telephone exchanges, were targeted.^{[citation needed]} Although the computer crackers behind the cyberwarfare have not been unveiled, some believed that such efforts exceed the skills of individual activists or even organised crime as they require a co-operation of a state and a large telecom company. ^[2]

Also a well known Russian hacker Sp0Raw believes that the most efficient online attacks on Estonia could not have been carried out without a blessing of the Russian authorities and that the hackers apparently acted under "recommendations" from parties in higher positions. ^{[6] [7]} At the same time he called claims of Estonians regarding direct involvement of Russian government in the attacks ^[8] "empty words, not supported by technical data". ^[7]

Mike Witt, deputy director of the United States Computer Emergency Readiness Team believes that the attacks were DDoS attacks. The attackers used botnets - global networks of compromised computers, often owned by careless individuals. Some of these could be located in the United States. The size of the cyber attack, while it was certainly significant to the Estonian government, from a technical standpoint is not something we would consider significant in scale, Witt said. He thinks that the United States would be able to defend itself easily against attacks on a similar scale. ^[9]

Professor James Hendler, former chief scientist at the Pentagon's Defense Advanced Research Projects Agency characterised the attacks as "more like a cyber riot than a military attack."^[9]

"We don't have directly visible info about sources so we can't confirm or deny that the attacks are coming from the Russian government," Jose Nazario, software and security engineer at Arbor Networks, told internetnews.com. ^[10] Arbor Networks operated ATLAS threat analysis network, which, the company claimed, could "see" 80% of Internet traffic. Nazario suspected that different groups operating separate distributed botnets were involved in attack.

Experts interviewed by IT security resource SearchSecurity.com "say it's very unlikely this was a case of one government launching a coordinated cyberattack against another": Johannes Ullrich, chief research officer of the Bethesda said "Attributing a distributed denial-of-service attack like this to a government is hard." "It may as well be a group of bot herders showing 'patriotism,' kind of like what we had with Web defacements during the US-China spy-plane crisis [in 2001]." Hillar Aarelaid, chief security officer for Estonia's Computer Emergency Response Team "expressed skepticism that the attacks were from the Russian government, noting that Estonians were also divided on whether it was right to remove the statue". ^[11]

Claiming responsibility for the attacks

The Commissar of the Nashi pro-Kremlin youth movement in Moldova and Transnistria, Konstantin Goloskokov (Goloskov in some sources ^[12]), admitted organizing cyberattacks against Estonian government sites. ^[6] Goloskokov stressed, however, that he was not carrying out an order from Nashi's leadership and said that a lot of his fellow Nashi members criticized his response as being too harsh. ^[7]

Like most countries, Estonia does not recognise Transnistria, a secessionist region of Moldova seeking reintegration with Russian Federation. As an unrecognised nation, Transnistria does not belong to Interpol^[13]. Accordingly, no Mutual Legal Assistance Treaty applies. If residents of Transnistria were responsible, the investigation may be severely hampered, and even if the investigation succeeds finding likely suspects, the legal recourse of Estonian authorities may be limited to issuing all-EU arrest warrants for these suspects. Such an act would be largely symbolic.

Influence on international military doctrines

The attacks triggered a number of military organisations around the world to reconsider the importance of network security to modern military doctrine. On June 14, 2007, defence ministers of NATO members held a meeting in Brussels, issuing a joint communiqué promising immediate action. First public results are estimated to arrive by autumn 2007.^[14]

On June 25, 2007, Estonian president Toomas Hendrik Ilves met with president of USA, George W. Bush.^[15] Among the topics discussed were the attacks on Estonian infrastructure. ^[16] As to the placement of a newly planned NATO Cybernetic Defence Centre, Bush proclaimed the policy of USA as supporting Estonia as this centre's location.^[17]

References

1. The Guardian May 17, 2007: Russia accused of unleashing cyberwar to disable Estonia by Ian Traynor
2. The Economist May 24, 2007: Cyberwarfare is becoming scarier
3. Estonia has no evidence of Kremlin involvement in cyber attacks
4. Postimees July 6, 2007: Venemaa jätab Eesti küberrünnakute uurimisel õigusabita
5. Eesti Päevaleht July 6, 2007: Venemaa keeldus koostööst küberrünnakute uurimisel
6. Swiss Baltic Chamber of Commerce in Lithuania/Baltic News Service June 2, 2007: Commissar of Nashi says he waged cyber attack on Estonian government sites
7. Template:Ru icon Электронная бомба. Кто стоит за кибервойной России с Эстонией
8. Times Online: Urmas Paet, the Estonian Foreign Minister, accused the Kremlin of direct involvement
9. United Press International: Analysis: Who cyber smacked Estonia?
10. Internetnews.com: Estonia Under Russian Cyber Attack?
11. Experts doubt Russian government launched DDoS attacks, by Bill Brenner, 18 May 2007. SearchSecurity.com
12. Monument dispute with Estonia gets dirty
13. Tiraspol Times June 9, 2007: Ministry of Internal Affairs lists PMR's 10 most wanted
14. Eesti Päevaleht June 15, 2007: NATO andis rohelise tule Eesti küberkaitse kavale by Ahto Lobjakas
15. White House May 4, 2007: President Bush to Welcome President Toomas Ilves of Estonia
16. Yahoo/AFP June 25, 2007: Bush, Ilves eye tougher tack on cybercrime
17. Eesti Päevaleht June 28, 2007: USA toetab Eesti küberkaitsekeskust by Krister Paris

External links

• Black Hat 2007: Lessons of the Estonian attacks, by Bill Brenner, 26 Jul 2007.
• Estonia urges firm EU, NATO response to new form of warfare: cyber-attacks
• Massive DDoS attacks target Estonia; Russia accused
• Cyberattack on Estonia stirs fear of 'virtual war'
• Estonia accuses Russia of 'cyberattack'
• Virtual harassment, but for real
• Digital Fears Emerge After Data Siege in Estonia
• EU urged to deepen cooperation after Estonia cyber-attacks
• The cyber pirates hitting Estonia
• Estonia hit by 'Moscow cyber war'
• Analysis: Who cyber smacked Estonia? by Shaun Waterman, UPI
• Hackers take down the most wired country in Europe by Joshua Davis, Wired, 2007-08-21.