2007 cyberattacks on Estonia
Encyclopedia
Cyberattacks on Estonia refers to a series of cyber attacks that began April 27, 2007 and swamped websites of Estonia
n organizations, including Estonian parliament
, banks, ministries, newspapers and broadcasters, amid the country's row with Russia
about the relocation of the Bronze Soldier of Tallinn
, an elaborate Soviet-era grave marker, as well as war graves in Tallinn
.
Most of the attacks that had any influence on the general public
were distributed denial of service type attacks ranging from single individuals using various methods like ping flood
s to expensive rentals of botnet
s usually used for spam
distribution. Spamming of bigger news portals commentaries and defacement
s including that of the Estonian Reform Party
website also occurred.
Some observers reckoned that the onslaught on Estonia was of a sophistication not seen before. The case is studied intensively by many countries and military planners as, at the time it occurred, it may have been the second-largest instance of state-sponsored cyberwarfare, following Titan Rain
.
Estonian Foreign Minister Urmas Paet
accused the Kremlin of direct involvement in the cyberattacks. On September 6, 2007 Estonia's defense minister admitted he had no evidence linking cyber attacks to Russian authorities. "Of course, at the moment, I cannot state for certain that the cyber attacks were managed by the Kremlin
, or other Russian government agencies," Jaak Aaviksoo
said in interview on Estonian's Kanal 2
TV channel. Aaviksoo compared the cyber attacks with the blockade of Estonia's Embassy in Moscow. "Again, it is not possible to say without doubt that orders (for the blockade) came from the Kremlin, or that, indeed, a wish was expressed for such a thing there," said Aaviksoo. Russia called accusations of its involvement "unfounded," and neither NATO nor European Commission
experts were able to find any proof of official Russian government participation.
As of January 2008, one ethnic-Russian
Estonian national has been charged and convicted.
During a panel discussion on cyber warfare, Sergei Markov of the Russian State Duma has stated his unnamed aide was responsible in orchestrating the cyber attacks. Markov alleged the aide acted on his own while residing in an unrecognised republic of the former Soviet Union, possibly Transnistria
. On March 10, 2009 Konstantin Goloskokov, a "commissar" of the Kremlin-backed youth group Nashi, has claimed responsibility for the attack. Experts are critical of these varying claims of responsibility.
punishable by imprisonment of up to three years. As a number of attackers turned out to be within the jurisdiction of the Russian Federation, on May 10, 2007, Estonian Public Prosecutor's Office made a formal investigation assistance request to the Russian Federation's Supreme Procurature under a Mutual Legal Assistance Treaty
(MLAT) existing between Estonia and Russia. A Russian State Duma
delegation visiting Estonia in early May in regards the situation surrounding the Bronze Soldier of Tallinn had promised that Russia would aid such investigation in every way available. On June 28, Russian Supreme Procurature refused assistance, claiming that the proposed investigative processes are not covered by the applicable MLAT. Piret Seeman, the Estonian Public Prosecutor's Office's PR
officer, criticized this decision, pointing out that all the requested processes are actually enumerated in the MLAT.
On 24 January 2008, Dmitri Galushkevich, a student living in Tallinn, was found guilty of participating in the attacks. He was fined 17,500 kroons (approximately US$1,640) for attacking the website of the Estonian Reform Party
.
As of 13 December 2008, Russian authorities have been consistently denying Estonian law enforcement any investigative cooperation, thus effectively eliminating chances that those of the perpetrators that fall within Russian jurisdiction will be brought to trial.
behind the cyberwarfare have been unveiled, some experts believed that such efforts exceed the skills of individual activists or even organised crime as they require a co-operation of a state and a large telecom company.
A well known Russian hacker Sp0Raw believes that the most efficient online attacks on Estonia could not have been carried out without a blessing of the Russian authorities and that the hackers apparently acted under "recommendations" from parties in higher positions.
At the same time he called claims of Estonians regarding direct involvement of Russian government in the attacks "empty words, not supported by technical data".
Mike Witt, deputy director of the United States Computer Emergency Readiness Team
(CERT) believes that the attacks were DDoS attacks. The attackers used botnet
s - global networks of compromised computers, often owned by careless individuals. "The size of the cyber attack, while it was certainly significant to the Estonian government, from a technical standpoint is not something we would consider significant in scale," Witt said.
Professor James Hendler
, former chief scientist at The Pentagon
's Defense Advanced Research Projects Agency
(DARPA) characterised the attacks as "more like a cyber riot than a military attack."
"We don't have directly visible info about sources so we can't confirm or deny that the attacks are coming from the Russian government," Jose Nazario, software and security engineer at Arbor Networks, told internetnews.com. Arbor Networks operated ATLAS threat analysis network, which, the company claimed, could "see" 80% of Internet traffic. Nazario suspected that different groups operating separate distributed botnets were involved in attack.
Experts interviewed by IT security resource SearchSecurity.com "say it's very unlikely this was a case of one government launching a coordinated cyberattack against another": Johannes Ullrich
, chief research officer of the Bethesda said "Attributing a distributed denial-of-service attack like this to a government is hard." "It may as well be a group of bot herders showing 'patriotism,' kind of like what we had with Web defacements during the US-China spy-plane crisis [in 2001]." Hillar Aarelaid
, manager of Estonia's Computer Emergency Response Team "expressed skepticism that the attacks were from the Russian government, noting that Estonians were also divided on whether it was right to remove the statue".
Clarke and Knake report that upon the Estonian authorities informing Russian officials they had traced systems controlling the attack to Russia, there was some indication in response that incensed patriotic Russians might have acted on their own. Regardless of conjectures over official involvement, the decision of Russian authorities not to pursue individuals responsiblea treaty obligationtogether with expert opinion that Russian security services could readily track down the culprits should they so desire, leads Russia observers to conclude the attacks served Russian interests.
and Transnistria
, Konstantin Goloskokov (Goloskov in some sources ), admitted organizing cyberattacks against Estonian government sites.
Goloskokov stressed, however, that he was not carrying out an order from Nashi's leadership and said that a lot of his fellow Nashi members criticized his response as being too harsh.
Like most countries, Estonia does not recognise Transnistria
, a secessionist region of Moldova. As an unrecognised nation, Transnistria does not belong to Interpol
. Accordingly, no Mutual Legal Assistance Treaty
applies. If residents of Transnistria were responsible, the investigation may be severely hampered, and even if the investigation succeeds finding likely suspects, the legal recourse
of Estonian authorities may be limited to issuing all-EU arrest warrants for these suspects. Such an act would be largely symbolic.
Head of Russian Military Forecasting Center, Colonel Anatoly Tsyganok confirmed Russia's ability to conduct such an attack when he stated: "These attacks have been quite successful, and today the alliance had nothing to oppose Russia's virtual attacks", additionally noting that these attacks did not violate any international agreement.
, issuing a joint communiqué
promising immediate action. First public results were estimated to arrive by autumn 2007.
On June 25, 2007, Estonian president Toomas Hendrik Ilves
met with the president of USA, George W. Bush
. Among the topics discussed were the attacks on Estonian infrastructure.
NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE
) operates out of Tallinn, Estonia, since August 2008
The events have been reflected in a NATO Department of Public Diplomacy short movie War in Cyberspace.
Estonia
Estonia , officially the Republic of Estonia , is a state in the Baltic region of Northern Europe. It is bordered to the north by the Gulf of Finland, to the west by the Baltic Sea, to the south by Latvia , and to the east by Lake Peipsi and the Russian Federation . Across the Baltic Sea lies...
n organizations, including Estonian parliament
Riigikogu
The Riigikogu is the unicameral parliament of Estonia. All important state-related questions pass through the Riigikogu...
, banks, ministries, newspapers and broadcasters, amid the country's row with Russia
Russia
Russia or , officially known as both Russia and the Russian Federation , is a country in northern Eurasia. It is a federal semi-presidential republic, comprising 83 federal subjects...
about the relocation of the Bronze Soldier of Tallinn
Bronze Soldier of Tallinn
The Bronze Soldier is the informal name of a controversial Soviet World War II war memorial in Tallinn, Estonia, built at the site of several war graves, which were relocated to the nearby Tallinn Military Cemetery in 2007...
, an elaborate Soviet-era grave marker, as well as war graves in Tallinn
Tallinn
Tallinn is the capital and largest city of Estonia. It occupies an area of with a population of 414,940. It is situated on the northern coast of the country, on the banks of the Gulf of Finland, south of Helsinki, east of Stockholm and west of Saint Petersburg. Tallinn's Old Town is in the list...
.
Most of the attacks that had any influence on the general public
General Public
General Public were a band formed by The Beat vocalists, Dave Wakeling and Ranking Roger, and which included former members of Dexy's Midnight Runners, The Specials and The Clash...
were distributed denial of service type attacks ranging from single individuals using various methods like ping flood
Ping flood
A ping flood is a simple denial-of-service attack where the attacker/s overwhelms the victim with ICMP Echo Request packets. It is most successful if the attacker has more bandwidth than the victim...
s to expensive rentals of botnet
Botnet
A botnet is a collection of compromised computers connected to the Internet. Termed "bots," they are generally used for malicious purposes. When a computer becomes compromised, it becomes a part of a botnet...
s usually used for spam
Spam (electronic)
Spam is the use of electronic messaging systems to send unsolicited bulk messages indiscriminately...
distribution. Spamming of bigger news portals commentaries and defacement
Defacement (vandalism)
In common usage, to deface something refers to marking or removing the part of an object designed to hold the viewers' attention. Example acts of defacement could include scoring a book cover with a blade, splashing paint over a painting in a gallery, or smashing the nose of a sculpted bust...
s including that of the Estonian Reform Party
Estonian Reform Party
The Estonian Reform Party is a centre-right, free market liberal party in Estonia. It is led by Estonian Prime Minister Andrus Ansip, and has 33 members in the 101-member Riigikogu, making it the largest party in the legislature...
website also occurred.
Some observers reckoned that the onslaught on Estonia was of a sophistication not seen before. The case is studied intensively by many countries and military planners as, at the time it occurred, it may have been the second-largest instance of state-sponsored cyberwarfare, following Titan Rain
Titan Rain
Titan Rain was the designation given by the federal government of the United States to a series of coordinated attacks on American computer systems since 2003...
.
Estonian Foreign Minister Urmas Paet
Urmas Paet
Urmas Paet is an Estonian politician who has been Minister of Foreign Affairs of Estonia since 2005. He is a member of the Estonian Reform Party. As of September 2010, Paet has been the longest serving minister since the re-establishment of Estonian independence.-Biography:Paet was born in Tallinn...
accused the Kremlin of direct involvement in the cyberattacks. On September 6, 2007 Estonia's defense minister admitted he had no evidence linking cyber attacks to Russian authorities. "Of course, at the moment, I cannot state for certain that the cyber attacks were managed by the Kremlin
Kremlin
A kremlin , same root as in kremen is a major fortified central complex found in historic Russian cities. This word is often used to refer to the best-known one, the Moscow Kremlin, or metonymically to the government that is based there...
, or other Russian government agencies," Jaak Aaviksoo
Jaak Aaviksoo
Jaak Aaviksoo, born 11 January 1954 in Tartu, Estonia is an Estonian politician and current Estonian Minister of Education and Research. He is a member of liberal conservative Union of Pro Patria and Res Publica.- Education and career in science :...
said in interview on Estonian's Kanal 2
Kanal 2
Kanal 2 is a privately owned Estonian television channel. Its literal name in English is "Channel 2".First broadcasts were aired on October 1, 1993.- Television series :Daytime* Victoria * Julia – Wege zum Glück ...
TV channel. Aaviksoo compared the cyber attacks with the blockade of Estonia's Embassy in Moscow. "Again, it is not possible to say without doubt that orders (for the blockade) came from the Kremlin, or that, indeed, a wish was expressed for such a thing there," said Aaviksoo. Russia called accusations of its involvement "unfounded," and neither NATO nor European Commission
European Commission
The European Commission is the executive body of the European Union. The body is responsible for proposing legislation, implementing decisions, upholding the Union's treaties and the general day-to-day running of the Union....
experts were able to find any proof of official Russian government participation.
As of January 2008, one ethnic-Russian
Russians
The Russian people are an East Slavic ethnic group native to Russia, speaking the Russian language and primarily living in Russia and neighboring countries....
Estonian national has been charged and convicted.
During a panel discussion on cyber warfare, Sergei Markov of the Russian State Duma has stated his unnamed aide was responsible in orchestrating the cyber attacks. Markov alleged the aide acted on his own while residing in an unrecognised republic of the former Soviet Union, possibly Transnistria
Transnistria
Transnistria is a breakaway territory located mostly on a strip of land between the Dniester River and the eastern Moldovan border to Ukraine...
. On March 10, 2009 Konstantin Goloskokov, a "commissar" of the Kremlin-backed youth group Nashi, has claimed responsibility for the attack. Experts are critical of these varying claims of responsibility.
Legalities
On May 2, 2007, a criminal investigation was opened into the attacks under a section of the Estonian Penal Code criminalising computer sabotage and interference with the working of a computer network, feloniesFelony
A felony is a serious crime in the common law countries. The term originates from English common law where felonies were originally crimes which involved the confiscation of a convicted person's land and goods; other crimes were called misdemeanors...
punishable by imprisonment of up to three years. As a number of attackers turned out to be within the jurisdiction of the Russian Federation, on May 10, 2007, Estonian Public Prosecutor's Office made a formal investigation assistance request to the Russian Federation's Supreme Procurature under a Mutual Legal Assistance Treaty
Mutual Legal Assistance Treaty
A mutual legal assistance treaty is an agreement between two countries for the purpose of gathering and exchanging information in an effort to enforce public laws or criminal laws...
(MLAT) existing between Estonia and Russia. A Russian State Duma
State Duma
The State Duma , common abbreviation: Госду́ма ) in the Russian Federation is the lower house of the Federal Assembly of Russia , the upper house being the Federation Council of Russia. The Duma headquarters is located in central Moscow, a few steps from Manege Square. Its members are referred to...
delegation visiting Estonia in early May in regards the situation surrounding the Bronze Soldier of Tallinn had promised that Russia would aid such investigation in every way available. On June 28, Russian Supreme Procurature refused assistance, claiming that the proposed investigative processes are not covered by the applicable MLAT. Piret Seeman, the Estonian Public Prosecutor's Office's PR
Public relations
Public relations is the actions of a corporation, store, government, individual, etc., in promoting goodwill between itself and the public, the community, employees, customers, etc....
officer, criticized this decision, pointing out that all the requested processes are actually enumerated in the MLAT.
On 24 January 2008, Dmitri Galushkevich, a student living in Tallinn, was found guilty of participating in the attacks. He was fined 17,500 kroons (approximately US$1,640) for attacking the website of the Estonian Reform Party
Estonian Reform Party
The Estonian Reform Party is a centre-right, free market liberal party in Estonia. It is led by Estonian Prime Minister Andrus Ansip, and has 33 members in the 101-member Riigikogu, making it the largest party in the legislature...
.
As of 13 December 2008, Russian authorities have been consistently denying Estonian law enforcement any investigative cooperation, thus effectively eliminating chances that those of the perpetrators that fall within Russian jurisdiction will be brought to trial.
Opinions of experts
Critical systems whose network addressed would not be generally known were targeted, including those serving telephony and financial transaction processing. Although not all of the computer crackersBlack hat
A black hat is the villain or bad guy, especially in a western movie in which such a character would stereotypically wear a black hat in contrast to the hero's white hat, especially in black and white movies....
behind the cyberwarfare have been unveiled, some experts believed that such efforts exceed the skills of individual activists or even organised crime as they require a co-operation of a state and a large telecom company.
A well known Russian hacker Sp0Raw believes that the most efficient online attacks on Estonia could not have been carried out without a blessing of the Russian authorities and that the hackers apparently acted under "recommendations" from parties in higher positions.
At the same time he called claims of Estonians regarding direct involvement of Russian government in the attacks "empty words, not supported by technical data".
Mike Witt, deputy director of the United States Computer Emergency Readiness Team
United States Computer Emergency Readiness Team
The United States Computer Emergency Readiness Team is part of the National Cyber Security Division of the United States' Department of Homeland Security....
(CERT) believes that the attacks were DDoS attacks. The attackers used botnet
Botnet
A botnet is a collection of compromised computers connected to the Internet. Termed "bots," they are generally used for malicious purposes. When a computer becomes compromised, it becomes a part of a botnet...
s - global networks of compromised computers, often owned by careless individuals. "The size of the cyber attack, while it was certainly significant to the Estonian government, from a technical standpoint is not something we would consider significant in scale," Witt said.
Professor James Hendler
James Hendler
James Hendler is an artificial intelligence researcher at Rensselaer Polytechnic Institute, USA, and one of the originators of the Semantic Web.-Background and research:...
, former chief scientist at The Pentagon
The Pentagon
The Pentagon is the headquarters of the United States Department of Defense, located in Arlington County, Virginia. As a symbol of the U.S. military, "the Pentagon" is often used metonymically to refer to the Department of Defense rather than the building itself.Designed by the American architect...
's Defense Advanced Research Projects Agency
Defense Advanced Research Projects Agency
The Defense Advanced Research Projects Agency is an agency of the United States Department of Defense responsible for the development of new technology for use by the military...
(DARPA) characterised the attacks as "more like a cyber riot than a military attack."
"We don't have directly visible info about sources so we can't confirm or deny that the attacks are coming from the Russian government," Jose Nazario, software and security engineer at Arbor Networks, told internetnews.com. Arbor Networks operated ATLAS threat analysis network, which, the company claimed, could "see" 80% of Internet traffic. Nazario suspected that different groups operating separate distributed botnets were involved in attack.
Experts interviewed by IT security resource SearchSecurity.com "say it's very unlikely this was a case of one government launching a coordinated cyberattack against another": Johannes Ullrich
Johannes Ullrich
Johannes Ullrich is the founder of DShield. DShield is now part of the SANS Internet Storm Center which he leads since it was created from Incidents.org and DShield back in 2001. In 2005, he was named one of the 50 most powerful people in Networking by Network World Magazine...
, chief research officer of the Bethesda said "Attributing a distributed denial-of-service attack like this to a government is hard." "It may as well be a group of bot herders showing 'patriotism,' kind of like what we had with Web defacements during the US-China spy-plane crisis [in 2001]." Hillar Aarelaid
Hillar Aarelaid
Hillar Aarelaid is the chief security officer for Estonia's Computer Emergency Response Team .Aarelaid was one of the central officials in charge of responding to the computer attacks on Estonia after the Bronze Soldier of Tallinn controversy.American expert Bill Woodcock and other observers...
, manager of Estonia's Computer Emergency Response Team "expressed skepticism that the attacks were from the Russian government, noting that Estonians were also divided on whether it was right to remove the statue".
Clarke and Knake report that upon the Estonian authorities informing Russian officials they had traced systems controlling the attack to Russia, there was some indication in response that incensed patriotic Russians might have acted on their own. Regardless of conjectures over official involvement, the decision of Russian authorities not to pursue individuals responsiblea treaty obligationtogether with expert opinion that Russian security services could readily track down the culprits should they so desire, leads Russia observers to conclude the attacks served Russian interests.
Claiming responsibility for the attacks
A Commissar of the Nashi pro-Kremlin youth movement in MoldovaMoldova
Moldova , officially the Republic of Moldova is a landlocked state in Eastern Europe, located between Romania to the West and Ukraine to the North, East and South. It declared itself an independent state with the same boundaries as the preceding Moldavian Soviet Socialist Republic in 1991, as part...
and Transnistria
Transnistria
Transnistria is a breakaway territory located mostly on a strip of land between the Dniester River and the eastern Moldovan border to Ukraine...
, Konstantin Goloskokov (Goloskov in some sources ), admitted organizing cyberattacks against Estonian government sites.
Goloskokov stressed, however, that he was not carrying out an order from Nashi's leadership and said that a lot of his fellow Nashi members criticized his response as being too harsh.
Like most countries, Estonia does not recognise Transnistria
Transnistria
Transnistria is a breakaway territory located mostly on a strip of land between the Dniester River and the eastern Moldovan border to Ukraine...
, a secessionist region of Moldova. As an unrecognised nation, Transnistria does not belong to Interpol
Interpol
Interpol, whose full name is the International Criminal Police Organization – INTERPOL, is an organization facilitating international police cooperation...
. Accordingly, no Mutual Legal Assistance Treaty
Mutual Legal Assistance Treaty
A mutual legal assistance treaty is an agreement between two countries for the purpose of gathering and exchanging information in an effort to enforce public laws or criminal laws...
applies. If residents of Transnistria were responsible, the investigation may be severely hampered, and even if the investigation succeeds finding likely suspects, the legal recourse
Legal recourse
A legal recourse is an action that can be taken by an individual or a corporation to attempt to remedy a legal difficulty.* A lawsuit if the issue is a matter of civil law* Many contracts require mediation or arbitration before a dispute can go to court...
of Estonian authorities may be limited to issuing all-EU arrest warrants for these suspects. Such an act would be largely symbolic.
Head of Russian Military Forecasting Center, Colonel Anatoly Tsyganok confirmed Russia's ability to conduct such an attack when he stated: "These attacks have been quite successful, and today the alliance had nothing to oppose Russia's virtual attacks", additionally noting that these attacks did not violate any international agreement.
Influence on international military doctrines
The attacks triggered a number of military organisations around the world to reconsider the importance of network security to modern military doctrine. On June 14, 2007, defence ministers of NATO members held a meeting in BrusselsBrussels
Brussels , officially the Brussels Region or Brussels-Capital Region , is the capital of Belgium and the de facto capital of the European Union...
, issuing a joint communiqué
Communique
A communiqué is a brief report or statement released by a public agency.Communiqué may also refer to:* Communiqué , a rock band* Communiqué , 1979* Communiqué , 1987...
promising immediate action. First public results were estimated to arrive by autumn 2007.
On June 25, 2007, Estonian president Toomas Hendrik Ilves
Toomas Hendrik Ilves
Toomas Hendrik Ilves is the fourth and current President of Estonia. He is a former diplomat and journalist, was the leader of the Social Democratic Party in the 1990s and later a member of the European Parliament...
met with the president of USA, George W. Bush
George W. Bush
George Walker Bush is an American politician who served as the 43rd President of the United States, from 2001 to 2009. Before that, he was the 46th Governor of Texas, having served from 1995 to 2000....
. Among the topics discussed were the attacks on Estonian infrastructure.
NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE
CCDCOE
CCDCOE, officially the Cooperative Cyber Defence Centre of Excellence is one of NATO Centres of Excellence, located in Tallinn, Estonia.The CCDCOE was established in the wake of the 2007 cyberattacks on Estonia and the Bronze Night events.-History:...
) operates out of Tallinn, Estonia, since August 2008
The events have been reflected in a NATO Department of Public Diplomacy short movie War in Cyberspace.
See also
- Russian influence operations in EstoniaRussian influence operations in EstoniaAccording to the Estonian Security Police, Russian influence operations in Estonia form a complex system of financial, political, economic and espionage activities in Republic of Estonia for the purposes of influencing Estonia's political and economic decisions in ways considered favourable to...
- Cyberattacks during the 2008 South Ossetia warCyberattacks during the 2008 South Ossetia warDuring the 2008 South Ossetia war a series of cyberattacks swamped and disabled websites of numerous South Ossetian, Russian, Georgian, and Azerbaijani organisations.- Details :...
- Fatal System ErrorFatal System ErrorFatal System Error is a nonfiction work written by Joseph Menn that exposes a story of espionage that penetrates the network of international mobsters and hackers who use the Internet to extort money from businesses, steal from tens of millions of consumers, and attack government networks.Its main...
External links
- Black Hat 2007: Lessons of the Estonian attacks, by Bill Brenner, 26 Jul 2007.
- Estonia urges firm EU, NATO response to new form of warfare: cyber-attacks
- Massive DDoS attacks target Estonia; Russia accused
- Cyberattack on Estonia stirs fear of 'virtual war'
- Estonia accuses Russia of 'cyberattack'
- Virtual harassment, but for real
- Digital Fears Emerge After Data Siege in Estonia
- EU urged to deepen cooperation after Estonia cyber-attacks
- The cyber pirates hitting Estonia
- Estonia hit by 'Moscow cyber war'
- Analysis: Who cyber smacked Estonia? by Shaun Waterman, UPI
- Hackers take down the most wired country in Europe by Joshua Davis, Wired, 2007-08-21.
- Georgetown Journal of International Affairs report - Battling Botnets and Online Mobs by Gadi Evron who wrote the postmortem analysis of the attacks for the Estonian CERT