2007 Estonia Cyber Attacks

Estonia Cyber Attacks 2007

2007 Estonian Cyber-war

This is the information age. In this age, the Internet has smoothened the progress of spectacular increases in global interconnectivity and communication. This form of globalization also yielded benefits for Estonia by improving the standard of living of its people. However, other than benefits, it has also ascended the availability of new weapons of confrontation for groups who have been seeking and opposing certain Estonian political measures and ideologies. The digital activists from the Russian land did the same to Estonia in May 2007 (Herzog, 2011).

More than 340,000 ethnic Russians reside in Estonia which means that the Russians comprise about 25% of the country's populace. Estonia gained independence from the Soviet Union in 1991. Since then, the small country has been experiencing an unsteady and shaky relationship with Moscow (Lake, 2011, p. A11). Thus, Estonia and Russia share an extensive history of conflict and contention in their two-sided relationship. Evidently, the tribulations between these ethnic populations are very old. After the annexation of the Baltic States by Soviet Union in 1940, the Soviet government relocated innumerable ethnic Russians to Estonia. It has been said that this relocation had two purposes. Firstly, the Russian authorities wanted to increase solidity in the Eastern Bloc. Secondly, it had an unyielding desire to "Russify" the culture of Estonia. However, after the conclusion of Cold War and the dissolution of the U.S.S.R., the Estonian government put such policies into operation that aimed to minimize the influences of Russians on Estonian culture (Herzog, 2011).

Cyber Attacks 2007

The Estonian government websites and banks were thwarted with a colossal cyber-attack in late April 2007. This cyber attack is also called a denial of service attack. The Estonian government announced that "the attack originated from the Kremlin and coincided with Estonia's decision to remove the Bronze Soldier of Tallinn, a Soviet-era shrine to Red Army veterans" (Lake, 2011, p. A11). Consequently, the Russian hackers got the revenge from Estonia with constant requests for information. The first response in Estonia was to suppose that the Russian state was responsible for the attacks. However according to Dr. Marsh, "it was very hard to say whether these were state-sponsored or state-condoned or really people who thought that they would act patriotically for whatever cause they were supporting at the time" (as qtd. In "Protecting Europe," 2010).

As Estonian servers were jammed with information, the cyber attacks froze the sites for the duration of this distributed denial of service (DDoS). This attack was predominantly a grave one for Estonia for the reason that the country was intensely dependent on computer networks for government and business. The Estonians were very proud and blew their horns for being a paperless government. They were proud of themselves because even the elections in the country were held electronically. Without a doubt, information technology is a principal strength of Estonia. This is the reason why Estonia was competent enough to block the origins of the responses really quickly. However, the Estonian government was not able to communicate capably and powerfully in the beginning of the events. Attacks on government websites were mixed together with non-availability of correct information and falsified postings. Despite the fact that not every person or the whole lot was under attack, the entire Internet infrastructure of Estonia became so swarmed with traffic and preoccupied with protecting itself that it basically closed down and stopped to function (Liptak, 2009). This whole scenario brought the "corporate banking, access to the media and even day-to-day personal transactions to a halt" (as qtd. In Liptak, 2009).

As discussed, it was the Russian hackers who were accused of attacking the Estonian websites in May 2007 as retaliation against Estonia for putting a Russian war memorial somewhere else. Thus, the 3-week synchronized attack turned out to be a troublesome incident for Estonia which was totally reliant on computer networks for government and business (Liptak, 2009). However, these attacks clearly showed that cyber attacks are not restricted to particular institutions, but can go forward to a level intimidating and menacing to national security. When the event is looked back, it becomes understandable that the Estonian state was not critically influenced as the state functions and critical information infrastructure resources were not broken or troubled to a large extent. Nevertheless, the other nation states were given "a wake-up call on the new threats emerging from cyber space, alongside with new types of opponents" (Czosseck, Ottis & Taliharm).

In the European continent, the country which has the highest broadband connectivity is Estonia. During the year 2007, electronic channels were used by ninety-eight percent of all bank transactions in the country and eighty-two percent of the entire tax declarations of Estonia were submitted via the Internet. An e-learning environment is used by just about every school in Estonia. In addition to this, it has become a practice in Estonian public and private sector administrations to use ID cards and digital signatures ("Protecting Europe," 2010). Similarly, when Estonia was targeted by the state-wide cyber attacks in May 2007, it was one of the most advanced and progressive nations in Europe concerning the omnipresent use of ICT in each and every facet of the society. It was and still a routine in Estonia to communicate and transmit on the Internet for carrying out a broad series of business transactions. However, it is natural that "the more a society depends on ICT, the more it becomes vulnerable to cyber attacks" (Czosseck, Ottis & Taliharm).

When the Estonian government moved the statue of a Soviet soldier that was built to commemorate the end of World War II, the Russians in Estonia protested and caused civil turbulence within Estonia. The Russian government also complained for the same ("Protecting Europe," 2010). The decision of Estonian government to relocate that Soviet memorial of the World War II from its earlier site in central Tallinn to a military burial ground generated street riots. The Estonian Ambassador in Moscow was also targeted as a result. Moreover, Russia imposed indirect economic sanctions on Estonia. The revenge did not end here and Russia initiated a campaign of politically-motivated cyber attacks against Estonia. These cyber attacks were authoritatively acknowledged as being more than just accidental illicit operations (Czosseck, Ottis & Taliharm). As far as the case of Estonia is concerned, the cyber-terrorist attacks targeted the European state by using "globally dispersed and virtually unattributable botnets of "zombie" computers" (Herzog, 2011). Many computers, even the personal computers, were hijacked by the hackers to use them in a brimming DDoS line of attack. The websites related to government and banks normally received 1,000 visits a day. After the attacks, these sites collapsed and stopped working after getting 2,000 hits a second (Herzog, 2011).

To cut a long story short, the Bronze Soldier was a symbol of Soviet cruelty and domination to ethnic Estonians. On the other hand, the Russian minorities in Estonia regarded the relocation of the statue as "further marginalization of their ethnic identity" (Herzog, 2011). Therefore, as a settle of scores, the government and private sector sites that included banking institutions and news sites of Estonia were targeted and attacked by online DDoS. These attacks kept developing for a number of weeks and fatigued the Estonian government on May 9 (The Victory Day). Countless parts of the infrastructure were hit by the attacks. Those affected included the websites of the Estonian prime minister, legislative body, nearly all ministries, political parties, and news organizations ("Protecting Europe," 2010).

The Estonian Parliament members worked for 4 entire days without sending or receiving any emails. For a limited phase, the communications networks of the government were condensed to radio. The Estonians had to strictly compromise over fiscal operations. Moreover, the ATMs became crippled. The largest bank in Estonia i.e. The Hansabank, had to force close its operations that were carried out via Internet. At the same time as the attacks were at their pinnacle, the majority of Estonian people found themselves expelled from completing any financial transactions successfully. As a consequence, the Estonian government decided to respond to the attacks by closing huge parts of its system of networks to people residing in other countries. Thus, the Estonians who were living outside Estonia became incapable to use their bank accounts ("Protecting Europe," 2010).

Dr Jose Nazario of Arbor Networks explained that the cyber attacks on Estonia were not large for the most part. However, their effectiveness was due to the reason that Estonia was short of an Information Technology security apparatus of comparable degree (despite the fact that it is one of the most wired countries on the blue planet) ("Protecting Europe," 2010).

Cyber-Attacking -- The Culprits

The methods used by the attackers in this event of cyber attacking Estonia were not really original or innovative. On the other hand, these attacks caused a momentous hazard for Estonia considering its small topography and elevated dependence on information systems. Estonia considered the attacks as cyber crimes by an individual instead of regarding the event as an armed attack. However, the incident promptly drew attention from all over the world. The attacks were labeled as "the first Cyber War" by the worldwide media. This whole situation directed to a general "cyber war hype" that was constantly advanced by media, researchers and policymakers (Czosseck, Ottis & Taliharm).

Urmas Paet, the Foreign Minister of Estonia, promptly laid the blame of cyber attacks on Russia. However, the European Commission and NATO technical experts did not find any believable and convincing evidence of the involvement of Kremlin in the DDoS strikes (Herzog, 2011). There was a persistent issue of whom to accuse. Kremlin continuously denied any participation in the penetration of attacks. On the other hand, the IP addresses at the back of the attacks recommended that the computers used for attacking Estonia were from Russian locations. However, Russian officials claimed that the identified IP addresses were cloned. They also said that that the usage of names and contact numbers by the professional hackers was to spoil Estonia-Russia relationship. Thus, the charges were simply denied by the Russian officials (Kampmark, 2007). They proceeded to accuse the European Union "for its 'double-standards' regarding human rights and the matter of the Russian minority" (Kampmark, 2007). The Estonian authorities made a few attempts to arrest some in-country culprits behind the cyber attacks, but they never succeeded in uncovering the main culprits (Herzog, 2011).

The investigations showed that attributing Russia as the culprit was wrong because no Russian government computers were used in launching the attacks. Thus, it was not an easy task to discover and identify who was using the Internet at the other end. Some claimed that botnets (robot networks) were used in the Estonia case. Botnets are used by cyber criminals who acquire remote control of a computer by underhandedly loading software on it. It is, on the other hand, not known to the users of the computers that their systems have been conciliated. Thus, it is also being said that some huge botnets were used to overburden the Estonian servers by sending thousands of messages a minute that consequently caused those servers to crash (Lewis, 2007).

This assumption, however, does not verify that there was no involvement of the Russian government in this whole scenario. There is a possibility that the government agents of Russia could have utilized the chat-room or mailing systems platform to provoke nationalistic Russian hackers and cyber criminals. Those jingoistic hackers were perhaps aggravated to thrash Estonian networks as a penalty for moving the grim bronze statue of a Soviet soldier (Lewis, 2007). The Estonian authorities arrested Dmitri Galushkevich, an ethnic Russian, was arrested as the first person whose involvement was proved in the Estonian cyber war. He was charged of directing a cyber attack due to which the website of the Reform Party of Prime Minister Andrus Ansip was blocked. As the first wrongdoer, he was fined $1,620 dollars (Liptak, 2009).

Cyber Terror -- Multinational Responses

When Estonia went under the cyber-terror attacks, the international community was shocked. They became anxious about the future assaults in which the hackers may intend to control the traffic lights, water supply, power grids, air traffic controls, or even the military weapon systems of a state. The Estonian crisis openly and very clearly indicated that the Internet has turned out to be a great influential "asymmetric tool for transnational groups who view themselves as disenfranchised and seek to intimidate the nation-states and other actors presumably responsible for their grievances" (Herzog, 2011). The nations worldwide became conscious of their national sovereignty and afraid of the hackers who could target their digital networks and critical infrastructure.

Thus, the cyber terrorism on Estonia that was initiated in 2007 was not just an impermanent and short-term nuisance. Instead, the society saw it as a serene edition of a new-fangled structure of digital violence that could stop the progress and operations of the public services, commerce, and government. An obstruction is an appropriate equivalence as cyber-terrorist attacks in the future will possibly interrupt and disturb the water and electricity supplies, telecommunications and national defenses of any country (Herzog, 2011).

The international community rapidly responded after seeing the weightiness of the attacks on Estonia. Estonia was not prepared to counter cyber acts of terrorism. It had always been concentrating on being prepared for facing the traditional acts of terrorism. The normal network operations that had been disrupted after the cyber attacks were restored after the government Computer Emergency Response Team (CERT) was assisted by computer geniuses from Finland, Germany, Israel and Slovenia. They were also facilitated by the expertise of NATO CERTs European Union's European Network and Information Security Agency (ENISA). The crisis brought together the western countries. Therefore, at one hand, the Internet was used as weapon and mobilization tool by the Russian-speaking hackers; on the other hand, Estonia and its allies successfully responded to the attacks by using digital networks (Herzog, 2011).