Estonia cyberattack

In the Spring of 2007, government computer systems in Estonia experienced a sustained cyberattack that has been labeled by various observers as cyberwarfare, or cyberterror, or cybercrime. On April 27, officials in Estonia moved a Soviet-era war memorial commemorating an unknown Russian who died fighting the Nazis. The move stirred emotions, and led to rioting by ethnic Russians, and the blockading of the Estonian Embassy in Moscow. The event also marked the beginning of a series of large and sustained Distributed denial-of-service (DDOS) attacks launched against several Estonian national websites, including government ministries and the prime minister’s Reform Party.

In the early days of the cyberattack, government websites that normally receive around 1,000 visits a day reportedly were receiving 2,000 visits every second. This caused the repeated shut down of some websites for several hours at a time or longer, according to Estonian officials. The attacks, which flooded computers and servers and blocked legitimate users, were described as crippling, owing to Estonia’s high dependence on information technology, but limited resources for managing their infrastructure. Security experts say that the cyberattacks against Estonia were unusual because the rate of the packet attack was very high, and the series of attacks lasted weeks, rather than hour or days, which is more commonly seen for a denial of service attack. Eventually, NATO and the United States sent computer security experts to Estonia to help recover from the attacks, and to analyze the methods used and attempt to determine the source of the attacks.

Initially, the Russian government was blamed by Estonian officials for the cyberattacks, and there were charges of cyberwarfare. Other observers argued that the cyberattack involved collusion between the Russian government and transnational cybercriminals who made their large botnets available for short-term rent, either to individuals or to larger groups. They argue that as the rented time expired, the intensity of the persistent cyberattacks against Estonia also began to fall off. However, not all security experts agree, and it remains unclear whether the cyberattacks were sanctioned or initiated by the Russian government, or if a criminal botnet was actually involved.

After some investigation, network analysts later concluded that the cyberattacks targeting Estonia were not a concerted attack, but instead were the product of spontaneous anger from a loose federation of separate attackers. Technical data showed that sources of the attack were worldwide rather than concentrated in a few locations. The computer code that caused the DDOS attack was posted and shared in many Russian language chat rooms, where the moving of the war memorial was a very emotional topic for discussion. These analysts state that although access to various Estonian government agencies was blocked by the malicious code, there was no apparent attempt to target national critical infrastructure other than internet resources, and no extortion demands were made. Their analysis thus far concluded that there was no Russian government connection to the attacks against Estonia. However, investigation into the incident continues, and officials from the United States view some aspects of the event as a possible model for future cyberwarfare or cyberterrorism directed against a nation state.

In January 2008, a court in Estonia convicted and fined a local man for bringing down a government website, as part of the extended cyberattack in 2007. The 20- year-old, who is apparently an ethnic Russian Estonian, used his home PC to carry out the attack. The investigation continues, and so far, he is the only person convicted for participating in the cyberattack against Estonia.